Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
bZRL0uttVu.exe

Overview

General Information

Sample name:bZRL0uttVu.exe
renamed because original name is a hash value
Original sample name:22a164ed481ba88df26ce7e819f2240d7fafa5b6ee2cd2993cb5fae3d566be7f.exe
Analysis ID:1542685
MD5:a7be144ff0b871ddd45e1e0bef06faa6
SHA1:811797d3e0ce7c5ed76ff656156a2c066f306032
SHA256:22a164ed481ba88df26ce7e819f2240d7fafa5b6ee2cd2993cb5fae3d566be7f
Tags:BlackMatterexeuser-JAMESWT_MHT
Infos:

Detection

LockBit ransomware, TrojanRansom
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected LockBit ransomware
Yara detected TrojanRansom
AI detected suspicious sample
Changes the wallpaper picture
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Deletes itself after installation
Found Tor onion address
Found potential ransomware demand text
Hides threads from debuggers
Machine Learning detection for sample
May modify the system service descriptor table (often done to hook functions)
Modifies existing user documents (likely ransomware behavior)
Overwrites Mozilla Firefox settings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Writes many files with high entropy
Writes to foreign memory regions
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Enables debug privileges
Enables security privileges
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Potentially Suspicious Desktop Background Change Via Registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • bZRL0uttVu.exe (PID: 6356 cmdline: "C:\Users\user\Desktop\bZRL0uttVu.exe" MD5: A7BE144FF0B871DDD45E1E0BEF06FAA6)
    • splwow64.exe (PID: 6960 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
    • B0BE.tmp (PID: 4144 cmdline: "C:\ProgramData\B0BE.tmp" MD5: 294E9F64CB1642DD89229FFF0592856B)
      • cmd.exe (PID: 6688 cmdline: "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B0BE.tmp >> NUL MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • ONENOTE.EXE (PID: 5088 cmdline: /insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{F24807AC-C25F-4B66-96E7-E0E93A319590}.xps" 133743940273530000 MD5: 0061760D72416BCF5F2D9FA6564F0BEA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
bZRL0uttVu.exeJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
    bZRL0uttVu.exeWindows_Ransomware_Lockbit_369e1e94unknownunknown
    • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
    • 0x4bc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
      00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
      • 0x1841d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
      • 0xbc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
      00000000.00000000.1860540154.00000000005A1000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
        00000000.00000000.1860540154.00000000005A1000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
        • 0x1841d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
        • 0xbc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
        00000000.00000002.2533339573.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
          Click to see the 2 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.bZRL0uttVu.exe.5a0000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
            0.0.bZRL0uttVu.exe.5a0000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
            • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
            • 0x4bc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
            0.2.bZRL0uttVu.exe.5a0000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
              0.2.bZRL0uttVu.exe.5a0000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
              • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
              • 0x4bc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Potentially Suspicious Desktop Background Change Via Registry
              Source: Registry Key setAuthor: Nasreddine Bencherchali (Nextron Systems), Stephen Lincoln @slincoln-aiq (AttackIQ): Data: Details: C:\ProgramData\OC9oMrMV8.bmp, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\bZRL0uttVu.exe, ProcessId: 6356, TargetObject: HKEY_CURRENT_USER\Control Panel\Desktop\WallPaper

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: bZRL0uttVu.exeAvira: detected
              Multi AV Scanner detection for submitted file
              Source: bZRL0uttVu.exeReversingLabs: Detection: 89%
              Source: bZRL0uttVu.exeVirustotal: Detection: 88%Perma Link
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
              Machine Learning detection for sample
              Source: bZRL0uttVu.exeJoe Sandbox ML: detected
              Source: bZRL0uttVu.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Videos\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Searches\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Saved Games\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Recent\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Pictures\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Pictures\Saved Pictures\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Pictures\Camera Roll\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\OneDrive\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Music\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Links\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Favorites\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Favorites\Links\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Downloads\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\ZTGJILHXQB\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\ZGGKNSUKOP\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\WKXEWIOTXI\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\VAMYDFPUND\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\SUAVTZKNFL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\SQRKHNBNYN\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\SFPUSAFIOL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\QCFWYSKMHA\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\NVWZAPQSQL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\KLIZUSIQEN\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\IPKGELNTQY\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\ZTGJILHXQB\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\ZGGKNSUKOP\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\WKXEWIOTXI\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\VAMYDFPUND\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\SUAVTZKNFL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\SQRKHNBNYN\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\SFPUSAFIOL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\QCFWYSKMHA\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\NVWZAPQSQL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\KLIZUSIQEN\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\IPKGELNTQY\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\BJZFPPWAPT\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Contacts\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Skype\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Skype\RootTools\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\d1702bdf-c0c8-42c3-b6d9-e52fd0a57b16\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\VirtualStore\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Low\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{97b27011-f8cc-4ac9-9531-d6ee8ce92324}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e65614a4-2986-4163-aa7c-1a44d47f3a43}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{59b571a3-bca9-49e1-9e72-2d4acd92de8f}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: bZRL0uttVu.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\* source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\OC9oMrMV8.README.txt source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931328290.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbt source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931101345.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931328290.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorf source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1941775019.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: bZRL0uttVu.exe, 00000000.00000003.1931101345.000000000102D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbDfm source: bZRL0uttVu.exe, 00000000.00000003.2036295728.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2165324053.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2033607403.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: bZRL0uttVu.exe, 00000000.00000003.1948145687.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946286107.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946947383.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1944750528.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946723113.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1947379445.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1948665557.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1945621591.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1943279731.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1941775019.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1945389844.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1945168816.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1948893367.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1944518697.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946071110.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1944256581.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1948377867.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1944959541.0000000001053000.00000004.0
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\ source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.OC9oMrMV8] source: bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.OC9oMrMV8> source: bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ownload.error source: bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1941775019.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mi_exe_stub.pdb source: bZRL0uttVu.exe, 00000000.00000003.1930302255.000000000106F000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1930390191.0000000001082000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.OC9oMrMV8xxt2 source: bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1941775019.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorQ source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: bZRL0uttVu.exe, 00000000.00000003.1948145687.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1965963769.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1966198899.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946286107.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1963497816.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1964883022.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946947383.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1956942295.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1949637001.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1966472682.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1951470561.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1962219875.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1944750528.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1963268673.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1964076160.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946723113.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1965449997.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1947379445.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1962483111.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1962751919.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1964368306.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1949856514.0000000001053000.00000004.0
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.OC9oMrMV8 source: bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\OC9oMrMV8.README.txt source: bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A5C24 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_005A5C24
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AA094 FindFirstFileExW,FindClose,0_2_005AA094
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A74BC FindFirstFileExW,FindNextFileW,0_2_005A74BC
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A7590 FindFirstFileExW,FindClose,0_2_005A7590
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A766C FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_005A766C
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AF308 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_005AF308
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_0040227C FindFirstFileExW,8_2_0040227C
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,8_2_0040152C
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AA470 GetLogicalDriveStringsW,0_2_005AA470
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Jump to behavior

              Networking

              barindex
              Found Tor onion address
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionalq
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionicd
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionl
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onione
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.oniond
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion?
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion"
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion]U
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion]x
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionk
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.oniong
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionic
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionl
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion)
              Source: bZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: O^partitionKey=%28https%2Cmozilla.org%29,:https://www.mozilla.org/media/protocol/img/icons/social/twitter/white.79fc9d8867ed.svg equals www.twitter.com (Twitter)
              Source: bZRL0uttVu.exe, 00000000.00000003.2230202222.00000000010A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: content-security-policy: script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-4.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com js.stripe.com; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline' app.convert.com; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; font-src 'self'; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org data: mozilla.org www.googletagmanager.com www.google-analytics.com creativecommons.org cdn-4.convertexperiments.com logs.convertexperiments.com images.ctfassets.net; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com region1.google-analytics.com logs.convertexperiments.com 1003350.metrics.convertexperiments.com 1003343.metrics.convertexperiments.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com equals www.youtube.com (Youtube)
              Source: bZRL0uttVu.exe, 00000000.00000003.1927235172.00000000010E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
              Source: bZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt.uz
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onione
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionk
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionl
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionalq
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.oniond
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionl
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion)
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion?
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.oniong
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionic
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionicd
              Source: bZRL0uttVu.exe, 00000000.00000003.2230202222.00000000010A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
              Source: bZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/
              Source: bZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/
              Source: bZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Kinto/kinto-attachment/
              Source: bZRL0uttVu.exe, 00000000.00000003.2230202222.00000000010A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/7036968e-77d6-472d-
              Source: bZRL0uttVu.exe, 00000000.00000003.2230202222.00000000010DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/96c8e907-df38-40d6-
              Source: bZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-settings.readthedocs.io
              Source: bZRL0uttVu.exe, 00000000.00000003.1888082038.0000000001142000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1888082038.000000000113A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
              Source: bZRL0uttVu.exe, 00000000.00000003.1888082038.000000000114A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: bZRL0uttVu.exe, 00000000.00000003.1888082038.000000000114A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
              Source: bZRL0uttVu.exe, 00000000.00000003.2014616809.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1990004282.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2038133809.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1994046077.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1997058469.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1889529864.000000000100A000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1909998935.0000000001049000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1991308060.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2036295728.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2017764250.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2016922272.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1988141036.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1880162807.0000000001049000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2012826885.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1984324725.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2017462800.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2025219888.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1999965556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1891109106.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1981397782.0000000001053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tox.chat/
              Source: bZRL0uttVu.exe, 00000000.00000003.1888082038.0000000001142000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1888082038.000000000113A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
              Source: bZRL0uttVu.exe, 00000000.00000003.1888082038.000000000114A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: bZRL0uttVu.exe, 00000000.00000003.1888082038.000000000114A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: bZRL0uttVu.exe, 00000000.00000003.2230202222.00000000010A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
              Source: bZRL0uttVu.exe, 00000000.00000003.1888082038.000000000114A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: bZRL0uttVu.exe, 00000000.00000003.1888082038.000000000114A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: bZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/icons/social/twitter/white.79fc9d8867ed.svg
              Source: bZRL0uttVu.exe, 00000000.00000003.1888082038.000000000114A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

              Spam, unwanted Advertisements and Ransom Demands

              barindex
              Found ransom note / readme
              Source: C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\OC9oMrMV8.README.txtDropped file: YOUR FILES ARE ENCRYPTED!The only way to decrypt them is to buy our decryptor.Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor.Download TOX messenger: https://tox.chat/Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7Jump to dropped file
              Yara detected LockBit ransomware
              Source: Yara matchFile source: bZRL0uttVu.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.bZRL0uttVu.exe.5a0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.bZRL0uttVu.exe.5a0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000000.1860540154.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2533339573.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: bZRL0uttVu.exe PID: 6356, type: MEMORYSTR
              Yara detected TrojanRansom
              Source: Yara matchFile source: Process Memory Space: bZRL0uttVu.exe PID: 6356, type: MEMORYSTR
              Changes the wallpaper picture
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeKey value created or modified: HKEY_CURRENT_USER\Control Panel\Desktop WallPaper C:\ProgramData\OC9oMrMV8.bmpJump to behavior
              Found potential ransomware demand text
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptedlk
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptede
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted?
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptede)
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted#
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptedl{
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptedeu
              Source: bZRL0uttVu.exe, 00000000.00000003.2531176819.0000000001065000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : All your important files are stolen and encrypted!
              Source: bZRL0uttVu.exe, 00000000.00000003.2521006970.0000000001065000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : All your important files are stolen and encrypted!
              Source: bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : All your important files are stolen and encrypted!
              Modifies existing user documents (likely ransomware behavior)
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile moved: C:\Users\user\Desktop\IPKGELNTQY.jpgJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile moved: C:\Users\user\Desktop\NEBFQQYWPS.pdfJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile moved: C:\Users\user\Desktop\ZTGJILHXQB.docxJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile moved: C:\Users\user\Desktop\SQRKHNBNYN.jpgJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile moved: C:\Users\user\Desktop\WKXEWIOTXI\VAMYDFPUND.pdfJump to behavior
              Writes many files with high entropy
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\0.0.filtertrie.intermediate.txt.OC9oMrMV8 entropy: 7.99912656433Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\appsglobals.txt.OC9oMrMV8 entropy: 7.9995518737Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\appssynonyms.txt.OC9oMrMV8 entropy: 7.99914387546Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingsglobals.txt.OC9oMrMV8 entropy: 7.99532386514Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingsconversions.txt.OC9oMrMV8 entropy: 7.99739426231Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{59b571a3-bca9-49e1-9e72-2d4acd92de8f}\0.0.filtertrie.intermediate.txt.OC9oMrMV8 entropy: 7.99506176889Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e65614a4-2986-4163-aa7c-1a44d47f3a43}\Apps.ft.OC9oMrMV8 entropy: 7.9962193171Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e65614a4-2986-4163-aa7c-1a44d47f3a43}\0.0.filtertrie.intermediate.txt.OC9oMrMV8 entropy: 7.99493816686Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingssynonyms.txt.OC9oMrMV8 entropy: 7.99798686082Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome.OC9oMrMV8 entropy: 7.99471813182Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB.OC9oMrMV8 entropy: 7.99487377039Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\0.0.filtertrie.intermediate.txt.OC9oMrMV8 entropy: 7.99451236023Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\Apps.ft.OC9oMrMV8 entropy: 7.99674508614Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\wctEA40.tmp.OC9oMrMV8 entropy: 7.99742974266Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{59b571a3-bca9-49e1-9e72-2d4acd92de8f}\Apps.ft.OC9oMrMV8 entropy: 7.99654041454Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{116229A7-9A3B-2078-DB5F-B5A20811242C}.OC9oMrMV8 entropy: 7.99624242568Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help.OC9oMrMV8 entropy: 7.99531870829Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_mpnpojknpmnjdcgaaiekajbnjb.OC9oMrMV8 entropy: 7.99544867552Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_kefjledonknomlcbpllchaibag.OC9oMrMV8 entropy: 7.9955740984Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_.OC9oMrMV8 entropy: 7.9943175515Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_fmgjjmmmlfcabfkddbjimcfncm.OC9oMrMV8 entropy: 7.99535637045Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_fhihpiojkboajapmgkhlnakfjf.OC9oMrMV8 entropy: 7.99470950097Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_agimnkijcamfeangaknmldooml.OC9oMrMV8 entropy: 7.99429083023Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_aghbiahbpaeidepookljebhfak.OC9oMrMV8 entropy: 7.99510663893Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB;PrivateBrowsingAUMID.OC9oMrMV8 entropy: 7.99548856778Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log.OC9oMrMV8 entropy: 7.99278326191Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{E7A33582-E908-3379-5368-5999454DCD83}.OC9oMrMV8 entropy: 7.99488080193Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{DAA168DE-4306-C8BC-8C11-B596240BDDED}.OC9oMrMV8 entropy: 7.99605595773Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C804BBA7-FA5F-CBF7-8B55-2096E5F972CB}.OC9oMrMV8 entropy: 7.99459011449Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C1C6F8AC-40A3-0F5C-146F-65A9DC70BBB4}.OC9oMrMV8 entropy: 7.99552480026Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BD3F924E-55FB-A1BA-9DE6-B50F9F2460AC}.OC9oMrMV8 entropy: 7.99475176072Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BB044BFD-25B7-2FAA-22A8-6371A93E0456}.OC9oMrMV8 entropy: 7.99505083741Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334923056622400_BD966DD2-7850-423A-B1D8-7882CE1A6D15.log.OC9oMrMV8 entropy: 7.99913714297Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{923DD477-5846-686B-A659-0FCCD73851A8}.OC9oMrMV8 entropy: 7.99558847163Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417072488237400_C12D9B44-3468-47BC-9418-BF0A674A2B2F.log.OC9oMrMV8 entropy: 7.99920863424Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5}.OC9oMrMV8 entropy: 7.99487437031Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}.OC9oMrMV8 entropy: 7.99490051157Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417101742322600_290EFEE9-C25A-4857-9F32-D7E6D51B7C09.log.OC9oMrMV8 entropy: 7.99901725983Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{16988324-21C9-05B2-CA60-9B4EC72739D8}.OC9oMrMV8 entropy: 7.99561321128Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417118050662300_8475A8C9-2447-4BC4-8E46-350AA0582B94.log.OC9oMrMV8 entropy: 7.99876793799Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App_1696413198165042300_AA3FCB9C-CF1A-4407-8A94-A7D6C220021F.log.OC9oMrMV8 entropy: 7.99873801459Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_InternetExplorer_Default.OC9oMrMV8 entropy: 7.99541357321Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt.OC9oMrMV8 entropy: 7.99254551989Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{F1118828-A0CC-5FEB-85C9-DBFFDF98434A}.OC9oMrMV8 entropy: 7.99537022363Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{E8B84CFB-B069-BC13-F88F-170904F645E5}.OC9oMrMV8 entropy: 7.99511295064Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_OUTLOOK_EXE_15.OC9oMrMV8 entropy: 7.99522130385Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_OcPubMgr_exe_15.OC9oMrMV8 entropy: 7.99520004402Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSPUB_EXE_15.OC9oMrMV8 entropy: 7.99509715855Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msoev_exe_15.OC9oMrMV8 entropy: 7.99488016586Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSACCESS_EXE_15.OC9oMrMV8 entropy: 7.99425397813Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSOUC_EXE_15.OC9oMrMV8 entropy: 7.99452972471Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_DATABASECOMPARE_EXE_15.OC9oMrMV8 entropy: 7.99531811039Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_lync_exe_15.OC9oMrMV8 entropy: 7.99576505598Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_EXCEL_EXE_15.OC9oMrMV8 entropy: 7.99483326982Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15.OC9oMrMV8 entropy: 7.99478616014Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App.OC9oMrMV8 entropy: 7.99520092524Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsAlarms_8wekyb3d8bbwe!App.OC9oMrMV8 entropy: 7.99512707143Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_SkyDrive_Desktop.OC9oMrMV8 entropy: 7.99448335461Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_WINWORD_EXE_15.OC9oMrMV8 entropy: 7.99485047762Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15.OC9oMrMV8 entropy: 7.99534499039Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_ONENOTE_EXE_15.OC9oMrMV8 entropy: 7.99540440007Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_POWERPNT_EXE_15.OC9oMrMV8 entropy: 7.99514032318Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer.OC9oMrMV8 entropy: 7.99483869267Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel.OC9oMrMV8 entropy: 7.99464122879Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Computer.OC9oMrMV8 entropy: 7.9955267973Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_AdministrativeTools.OC9oMrMV8 entropy: 7.99502067285Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsStore_8wekyb3d8bbwe!App.OC9oMrMV8 entropy: 7.99452262781Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsSoundRecorder_8wekyb3d8bbwe!App.OC9oMrMV8 entropy: 7.99497083553Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite.OC9oMrMV8 entropy: 7.99807714245Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm.OC9oMrMV8 entropy: 7.99504788361Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.OC9oMrMV8 entropy: 7.9950658478Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm.OC9oMrMV8 entropy: 7.99473631412Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite.OC9oMrMV8 entropy: 7.99806453866Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db.OC9oMrMV8 entropy: 7.99919799704Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite.OC9oMrMV8 entropy: 7.9993705965Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm.OC9oMrMV8 entropy: 7.9927526174Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db.OC9oMrMV8 entropy: 7.99935275233Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite.OC9oMrMV8 entropy: 7.99683241004Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite-shm.OC9oMrMV8 entropy: 7.99448483119Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite.OC9oMrMV8 entropy: 7.99816367511Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqlite.OC9oMrMV8 entropy: 7.99870250172Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.OC9oMrMV8 entropy: 7.99621515681Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.OC9oMrMV8 entropy: 7.99433820516Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.OC9oMrMV8 entropy: 7.99643763107Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm.OC9oMrMV8 entropy: 7.99489076629Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.OC9oMrMV8 entropy: 7.99583421469Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm.OC9oMrMV8 entropy: 7.99491878093Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.OC9oMrMV8 entropy: 7.99610310896Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm.OC9oMrMV8 entropy: 7.99481731385Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.OC9oMrMV8 entropy: 7.99653352811Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm.OC9oMrMV8 entropy: 7.99468038286Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm.OC9oMrMV8 entropy: 7.99428048009Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598\13723.OC9oMrMV8 entropy: 7.99563313831Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\2B8DB5289EFF0A466C21F47412A322A36CEB5044.OC9oMrMV8 entropy: 7.99811477243Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\289DBE90018D682BDBFD59A3CAACE9EE538234FD.OC9oMrMV8 entropy: 7.99165459867Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\252CE8AC445A184A1F4A1C6C6D4ADB8AE41B7776.OC9oMrMV8 entropy: 7.99767184116Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\22F59957B7E08CD6CCFED6AF2A1DF26FE157DF40.OC9oMrMV8 entropy: 7.99843722198Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\7278f154-e8f4-4235-84c5-c5c1c6af0084.OC9oMrMV8 entropy: 7.99775184481Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\3C9B2D192D535C347CDA9FB12BFC88FD40CF0382.OC9oMrMV8 entropy: 7.99776070406Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\62FC1E8DCE1991EEB55DE9EFADF47EA578A22AB5.OC9oMrMV8 entropy: 7.99282159695Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\44230749A38B6989F56217B435A03E84CCADE62D.OC9oMrMV8 entropy: 7.99461510967Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\BDE5E55BCB4604200C70FB908FA76903C94590D3.OC9oMrMV8 entropy: 7.99868036277Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829744.7278f154-e8f4-4235-84c5-c5c1c6af0084.main.jsonlz4.OC9oMrMV8 entropy: 7.9907903547Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829746.67aa4432-87f8-463e-b422-f6679add9971.first-shutdown.jsonlz4.OC9oMrMV8 entropy: 7.99115774953Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F.OC9oMrMV8 entropy: 7.99571070822Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\E707EC8A256322E87908664A49F800B7B48E0961.OC9oMrMV8 entropy: 7.99195916667Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3.OC9oMrMV8 entropy: 7.99059935199Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db.OC9oMrMV8 entropy: 7.99634918987Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\11719.OC9oMrMV8 entropy: 7.99588905251Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.OC9oMrMV8 entropy: 7.99681956776Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1.OC9oMrMV8 entropy: 7.99931344264Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\index.OC9oMrMV8 entropy: 7.99925958264Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MSEdge.OC9oMrMV8 entropy: 7.99480357027Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Shell_RunDialog.OC9oMrMV8 entropy: 7.99503981378Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop.OC9oMrMV8 entropy: 7.99536572094Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Photos_8wekyb3d8bbwe!App.OC9oMrMV8 entropy: 7.99452737083Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32.OC9oMrMV8 entropy: 7.99513779072Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe.OC9oMrMV8 entropy: 7.99477234171Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe.OC9oMrMV8 entropy: 7.99556101921Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe.OC9oMrMV8 entropy: 7.9950559715Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_magnify_exe.OC9oMrMV8 entropy: 7.99535256868Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe.OC9oMrMV8 entropy: 7.99538660461Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.OC9oMrMV8 entropy: 7.99534989297Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe.OC9oMrMV8 entropy: 7.99485589932Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe.OC9oMrMV8 entropy: 7.99546161278Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe.OC9oMrMV8 entropy: 7.99495657888Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe.OC9oMrMV8 entropy: 7.99486168059Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe.OC9oMrMV8 entropy: 7.99524114227Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc.OC9oMrMV8 entropy: 7.99549516281Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe.OC9oMrMV8 entropy: 7.99489388348Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe.OC9oMrMV8 entropy: 7.99435249535Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe.OC9oMrMV8 entropy: 7.99552303766Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc.OC9oMrMV8 entropy: 7.994607419Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_osk_exe.OC9oMrMV8 entropy: 7.99415246773Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe.OC9oMrMV8 entropy: 7.99552885462Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe.OC9oMrMV8 entropy: 7.99525078598Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_narrator_exe.OC9oMrMV8 entropy: 7.99503611562Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe.OC9oMrMV8 entropy: 7.9944049954Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_exe.OC9oMrMV8 entropy: 7.99399121986Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Windows NT_Accessories_wordpad_exe.OC9oMrMV8 entropy: 7.99522237916Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe.OC9oMrMV8 entropy: 7.99447381218Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Adobe_Acrobat DC_Acrobat_Acrobat_exe.OC9oMrMV8 entropy: 7.99543993921Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe.OC9oMrMV8 entropy: 7.99535917535Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm.OC9oMrMV8 entropy: 7.99462093048Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe.OC9oMrMV8 entropy: 7.99484664042Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_powershell_exe.OC9oMrMV8 entropy: 7.99584909161Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc.OC9oMrMV8 entropy: 7.9956306959Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe.OC9oMrMV8 entropy: 7.99450083058Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Extras.OC9oMrMV8 entropy: 7.99415966317Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Examples.OC9oMrMV8 entropy: 7.99481441811Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt_chm.OC9oMrMV8 entropy: 7.99552244759Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoItX_AutoItX_chm.OC9oMrMV8 entropy: 7.99551607482Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_x64_exe.OC9oMrMV8 entropy: 7.99493245026Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_exe.OC9oMrMV8 entropy: 7.99491662985Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt v3 Website_url.OC9oMrMV8 entropy: 7.99532132613Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_x64_exe.OC9oMrMV8 entropy: 7.9948793669Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_exe.OC9oMrMV8 entropy: 7.9951096218Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_x64_exe.OC9oMrMV8 entropy: 7.99469241868Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb.log.OC9oMrMV8 entropy: 7.99958086409Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\index.OC9oMrMV8 entropy: 7.99938813923Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{F38BF404-1D43-42F2-9305-67DE0B28FC23}_regedit_exe.OC9oMrMV8 entropy: 7.99492664548Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.OC9oMrMV8 entropy: 7.99938246025Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_PowerShell_ISE_exe.OC9oMrMV8 entropy: 7.99490878641Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_powershell_exe.OC9oMrMV8 entropy: 7.99504274318Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_odbcad32_exe.OC9oMrMV8 entropy: 7.99503175671Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Java_jre-1_8_bin_javacpl_exe.OC9oMrMV8 entropy: 7.99456245972Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_SciTE_SciTE_exe.OC9oMrMV8 entropy: 7.9950961803Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\index.OC9oMrMV8 entropy: 7.99927478906Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.OC9oMrMV8 entropy: 7.99959069475Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.OC9oMrMV8 entropy: 7.99964042513Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb00001.log.OC9oMrMV8 entropy: 7.99965802211Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm.OC9oMrMV8 entropy: 7.99076622028Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.OC9oMrMV8 entropy: 7.9996644968Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1.OC9oMrMV8 entropy: 7.99931767633Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-shm.OC9oMrMV8 entropy: 7.99452117536Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.OC9oMrMV8 entropy: 7.99449099093Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.OC9oMrMV8 entropy: 7.99263194958Jump to dropped file
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl.OC9oMrMV8 entropy: 7.99691812023Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\bZRL0uttVu.exe entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\AAAAAAAAAAAAAA (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\BBBBBBBBBBBBBB (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\CCCCCCCCCCCCCC (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\DDDDDDDDDDDDDD (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\EEEEEEEEEEEEEE (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\FFFFFFFFFFFFFF (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\GGGGGGGGGGGGGG (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\HHHHHHHHHHHHHH (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\IIIIIIIIIIIIII (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\JJJJJJJJJJJJJJ (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\KKKKKKKKKKKKKK (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\LLLLLLLLLLLLLL (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\MMMMMMMMMMMMMM (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\NNNNNNNNNNNNNN (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\OOOOOOOOOOOOOO (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\PPPPPPPPPPPPPP (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\QQQQQQQQQQQQQQ (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\RRRRRRRRRRRRRR (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\SSSSSSSSSSSSSS (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\TTTTTTTTTTTTTT (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\UUUUUUUUUUUUUU (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\VVVVVVVVVVVVVV (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\WWWWWWWWWWWWWW (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy) entropy: 7.99729666549Jump to dropped file
              Source: C:\ProgramData\B0BE.tmpFile created: C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy) entropy: 7.99729666549Jump to dropped file

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: bZRL0uttVu.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 0.0.bZRL0uttVu.exe.5a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 0.2.bZRL0uttVu.exe.5a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 00000000.00000000.1860540154.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AB444 NtSetInformationThread,0_2_005AB444
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AB470 NtProtectVirtualMemory,0_2_005AB470
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005ADC60 NtTerminateProcess,0_2_005ADC60
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005B7034 CreateThread,CreateThread,CreateThread,CreateThread,NtTerminateThread,CreateThread,CreateThread,0_2_005B7034
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A6C98 NtQueryInformationToken,0_2_005A6C98
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A9880 NtClose,0_2_005A9880
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005B04B4 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_005B04B4
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AE1E8 CreateThread,NtClose,0_2_005AE1E8
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A7E58 NtQuerySystemInformation,Sleep,0_2_005A7E58
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005ADE78 SetThreadPriority,ReadFile,WriteFile,WriteFile,NtClose,0_2_005ADE78
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AB674 NtQueryInformationToken,0_2_005AB674
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A6668 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,0_2_005A6668
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A8F68 RtlAdjustPrivilege,NtSetInformationThread,0_2_005A8F68
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AB734 NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,0_2_005AB734
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A97D8 NtQuerySystemInformation,0_2_005A97D8
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AB3C0 NtSetInformationThread,NtClose,0_2_005AB3C0
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AC3F8 CreateFileW,WriteFile,RegCreateKeyExW,RegSetValueExW,RegCreateKeyExW,RegSetValueExW,SHChangeNotify,NtClose,0_2_005AC3F8
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A9811 NtQuerySystemInformation,0_2_005A9811
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A982A NtQuerySystemInformation,0_2_005A982A
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A7E8A NtQuerySystemInformation,Sleep,0_2_005A7E8A
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A7EA3 NtQuerySystemInformation,Sleep,0_2_005A7EA3
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A8F66 RtlAdjustPrivilege,NtSetInformationThread,0_2_005A8F66
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_00402760 CreateFileW,ReadFile,NtClose,8_2_00402760
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_0040286C NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,8_2_0040286C
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_00402F18 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,8_2_00402F18
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_00401DC2 NtProtectVirtualMemory,8_2_00401DC2
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_00401D94 NtSetInformationThread,8_2_00401D94
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_004016B4 NtAllocateVirtualMemory,NtAllocateVirtualMemory,8_2_004016B4
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AA68C: GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,0_2_005AA68C
              Source: C:\Windows\splwow64.exeFile created: C:\Windows\system32\spool\PRINTERS\00002.SPL
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A80B80_2_005A80B8
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A20AC0_2_005A20AC
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A4D080_2_005A4D08
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A4D030_2_005A4D03
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A52180_2_005A5218
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess token adjusted: Security
              Source: bZRL0uttVu.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: bZRL0uttVu.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 0.0.bZRL0uttVu.exe.5a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 0.2.bZRL0uttVu.exe.5a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 00000000.00000000.1860540154.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: classification engineClassification label: mal100.rans.phis.spyw.evad.winEXE@9/1664@0/0
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeMutant created: \Sessions\1\BaseNamedObjects\Global\94a657af28168e38ae2672c03e3cba29
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2848:120:WilError_03
              Source: C:\ProgramData\B0BE.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{649F4E29-16CB-DD42-8922-9FFF0592856B}
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Windows\splwow64.exeFile read: C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\SendToOneNote-manifest.ini
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: bZRL0uttVu.exeReversingLabs: Detection: 89%
              Source: bZRL0uttVu.exeVirustotal: Detection: 88%
              Source: unknownProcess created: C:\Users\user\Desktop\bZRL0uttVu.exe "C:\Users\user\Desktop\bZRL0uttVu.exe"
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess created: C:\ProgramData\B0BE.tmp "C:\ProgramData\B0BE.tmp"
              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE /insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{F24807AC-C25F-4B66-96E7-E0E93A319590}.xps" 133743940273530000
              Source: C:\ProgramData\B0BE.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B0BE.tmp >> NUL
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess created: C:\ProgramData\B0BE.tmp "C:\ProgramData\B0BE.tmp"
              Source: C:\ProgramData\B0BE.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B0BE.tmp >> NUL
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: logoncli.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: gpedit.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: dssec.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: dsuiext.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: dsrole.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: ntdsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: authz.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: adsldp.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: mscms.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: coloradapterclient.dllJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\ProgramData\B0BE.tmpSection loaded: apphelp.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: rstrtmgr.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: ncrypt.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: ntasn1.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: windows.storage.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: wldp.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: kernel.appcore.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: uxtheme.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: propsys.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: profapi.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: edputil.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: urlmon.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: iertutil.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: srvcli.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: netutils.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: windows.staterepositoryps.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: sspicli.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: wintypes.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: appresolver.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: bcp47langs.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: slc.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: userenv.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: sppc.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: onecorecommonproxystub.dll
              Source: C:\ProgramData\B0BE.tmpSection loaded: onecoreuapcommonproxystub.dll
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.iniJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
              Source: bZRL0uttVu.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: bZRL0uttVu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\* source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\OC9oMrMV8.README.txt source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931328290.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbt source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931101345.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931328290.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorf source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1941775019.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: bZRL0uttVu.exe, 00000000.00000003.1931101345.000000000102D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbDfm source: bZRL0uttVu.exe, 00000000.00000003.2036295728.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2165324053.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2033607403.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: bZRL0uttVu.exe, 00000000.00000003.1948145687.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946286107.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946947383.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1944750528.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946723113.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1947379445.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1948665557.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1945621591.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1943279731.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1941775019.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1945389844.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1945168816.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1948893367.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1944518697.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946071110.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1944256581.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1948377867.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1944959541.0000000001053000.00000004.0
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\ source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.OC9oMrMV8] source: bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.OC9oMrMV8> source: bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ownload.error source: bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1941775019.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mi_exe_stub.pdb source: bZRL0uttVu.exe, 00000000.00000003.1930302255.000000000106F000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1930390191.0000000001082000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.OC9oMrMV8xxt2 source: bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1941775019.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorQ source: bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937966648.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936502164.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1937077054.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: bZRL0uttVu.exe, 00000000.00000003.1948145687.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931976210.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1965963769.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1966198899.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946286107.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1963497816.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1964883022.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946947383.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1956942295.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1949637001.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1966472682.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1936006544.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1951470561.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1962219875.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1944750528.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1963268673.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1939350381.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1964076160.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1946723113.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1931672595.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1965449997.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1947379445.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1938621556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1962483111.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1962751919.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1964368306.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1949856514.0000000001053000.00000004.0
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.OC9oMrMV8 source: bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\OC9oMrMV8.README.txt source: bZRL0uttVu.exe, 00000000.00000003.1933453204.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1932990902.0000000001053000.00000004.00000020.00020000.00000000.sdmp
              Source: bZRL0uttVu.exeStatic PE information: real checksum: 0x31af1 should be: 0x2fdd7
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A356B push 0000006Ah; retf 0_2_005A3644
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A35D3 push 0000006Ah; retf 0_2_005A3644
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A35D5 push 0000006Ah; retf 0_2_005A3644
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A61EE push esp; retf 0_2_005A61F6
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Videos\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Searches\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Saved Games\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Recent\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Pictures\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Pictures\Saved Pictures\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Pictures\Camera Roll\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\OneDrive\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Music\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Links\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Favorites\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Favorites\Links\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Downloads\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\ZTGJILHXQB\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\ZGGKNSUKOP\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\WKXEWIOTXI\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\VAMYDFPUND\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\SUAVTZKNFL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\SQRKHNBNYN\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\SFPUSAFIOL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\QCFWYSKMHA\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\NVWZAPQSQL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\KLIZUSIQEN\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\IPKGELNTQY\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\ZTGJILHXQB\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\ZGGKNSUKOP\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\WKXEWIOTXI\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\VAMYDFPUND\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\SUAVTZKNFL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\SQRKHNBNYN\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\SFPUSAFIOL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\QCFWYSKMHA\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\NVWZAPQSQL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\KLIZUSIQEN\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\IPKGELNTQY\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Desktop\BJZFPPWAPT\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\Contacts\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Skype\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Skype\RootTools\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\d1702bdf-c0c8-42c3-b6d9-e52fd0a57b16\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\VirtualStore\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Low\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{97b27011-f8cc-4ac9-9531-d6ee8ce92324}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e65614a4-2986-4163-aa7c-1a44d47f3a43}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{59b571a3-bca9-49e1-9e72-2d4acd92de8f}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txtJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Deletes itself after installation
              Source: C:\ProgramData\B0BE.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B0BE.tmp >> NUL
              Source: C:\ProgramData\B0BE.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B0BE.tmp >> NUL
              May modify the system service descriptor table (often done to hook functions)
              Source: download.error.OC9oMrMV80.0.drBinary or memory string: KeServiceDescriptorTable
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A91C8 RegCreateKeyExW,RegEnumKeyW,RegCreateKeyExW,RegSetValueExW,RegSetValueExW,OpenEventLogW,ClearEventLogW,RegCreateKeyExW,RegEnumKeyW,OpenEventLogW,ClearEventLogW,0_2_005A91C8
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\B0BE.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Contains functionality to detect hardware virtualization (CPUID execution measurement)
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A10BC 0_2_005A10BC
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_00401E28 8_2_00401E28
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: bZRL0uttVu.exe, 00000000.00000003.2041263022.0000000001082000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\WINDOWS KITS\10\DEBUGGERS\X86\WINDBG.EXE12392
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A10BC rdtsc 0_2_005A10BC
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A5C24 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_005A5C24
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AA094 FindFirstFileExW,FindClose,0_2_005AA094
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A74BC FindFirstFileExW,FindNextFileW,0_2_005A74BC
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A7590 FindFirstFileExW,FindClose,0_2_005A7590
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A766C FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_005A766C
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AF308 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_005AF308
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_0040227C FindFirstFileExW,8_2_0040227C
              Source: C:\ProgramData\B0BE.tmpCode function: 8_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,8_2_0040152C
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005AA470 GetLogicalDriveStringsW,0_2_005AA470
              Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Jump to behavior
              Source: bZRL0uttVu.exe, 00000000.00000003.2042301083.000000000105F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *|turn windows features on or off*|hyper-v:wux:hyper-v4937
              Source: bZRL0uttVu.exe, 00000000.00000003.2289460471.00000000010EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/l>
              Source: B0BE.tmp, 00000008.00000002.2543370445.0000000000654000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: bZRL0uttVu.exe, 00000000.00000003.2252997941.000000000118B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,1
              Source: bZRL0uttVu.exe, 00000000.00000003.1927235172.00000000010E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 10/04/2023 11:57:12.660OFFICECL (0x648)0x1fe0Telemetry EventbiyhqMediumSendEvent {"EventName": "Office.System.SystemHealthMetadataDeviceConsolidated", "Flags": 33777031581908737, "InternalSequenceNumber": 20, "Time": "2023-10-04T10:57:11Z", "Rule": "120600.4", "AriaTenantToken": "cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521", "Contract": "Office.Legacy.Metadata", "Data.ProcTypeText": "x64", "Data.ProcessorCount": 2, "Data.NumProcShareSingleCore": 1, "Data.NumProcShareSingleCache": 1, "Data.NumProcPhysCores": 2, "Data.ProcSpeedMHz": 2000, "Data.IsLaptop": false, "Data.IsTablet": false, "Data.RamMB": 4096, "Data.PowerPlatformRole": 1, "Data.SysVolSizeMB": 50000, "Data.DeviceManufacturer": "VMWare, Inc.", "Data.DeviceModel": "VMware20,1", "Data.DigitizerInfo": 0, "Data.SusClientId": "097C77FB-5D5D-4868-860B-09F4E5B50A53", "Data.WindowsSqmMachineId": "92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A", "Data.ComputerSystemProductUuidHash": "rC2kkStHpWGLvfAgmQZRz4w5ixE=", "Data.DeviceProcessorModel": "Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Data.HasSpectreFix": true, "Data.BootDiskType": "SSD"}
              Source: bZRL0uttVu.exe, 00000000.00000003.2041263022.0000000001082000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware.View.Client12451
              Source: bZRL0uttVu.exe, 00000000.00000003.2530988283.00000000010EB000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2530360391.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2520549903.00000000010EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess information queried: ProcessInformation

              Anti Debugging

              barindex
              Hides threads from debuggers
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeThread information set: HideFromDebugger
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeThread information set: HideFromDebugger
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeThread information set: HideFromDebugger
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeThread information set: HideFromDebugger
              Source: C:\ProgramData\B0BE.tmpThread information set: HideFromDebugger
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A10BC rdtsc 0_2_005A10BC
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A5A20 LdrLoadDll,0_2_005A5A20
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess token adjusted: Debug

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeMemory written: C:\ProgramData\B0BE.tmp base: 401000
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeProcess created: C:\ProgramData\B0BE.tmp "C:\ProgramData\B0BE.tmp"
              Source: C:\ProgramData\B0BE.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B0BE.tmp >> NUL
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005A10BC cpuid 0_2_005A10BC
              Source: C:\ProgramData\B0BE.tmpCode function: EntryPoint,ExitProcess,GetModuleHandleW,GetCommandLineW,GetModuleHandleA,GetCommandLineW,GetLocaleInfoW,GetLastError,FreeLibrary,FreeLibrary,GetProcAddress,CreateWindowExW,DefWindowProcW,GetWindowTextW,LoadMenuW,LoadMenuW,DefWindowProcW,SetTextColor,GetTextCharset,TextOutW,SetTextColor,GetTextColor,CreateFontW,GetTextColor,CreateDIBitmap,SelectObject,GetTextColor,CreateFontW,8_2_00403983
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeCode function: 0_2_005B04B4 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_005B04B4

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Overwrites Mozilla Firefox settings
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\OC9oMrMV8.README.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\OC9oMrMV8.README.txtJump to behavior

              Stealing of Sensitive Information

              barindex
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\times.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857833.45e26519-596d-41a5-b290-e547b44111fd.health.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\1d5599c8-3f43-42cc-8163-9a43c60a06d1.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829702.cde8135c-88c3-4c34-8670-7ef017742548.new-profile.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834580.6fc53411-ad83-4cf6-a5f6-905f0f3f52e8.health.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\background-updateJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834608.65054280-9d54-477d-a3ea-afcb1f88e001.health.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\shield-preference-experiments.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834620.c7889da7-33f0-4599-8452-58d47c58437b.main.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\events.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829744.7278f154-e8f4-4235-84c5-c5c1c6af0084.main.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834620.c7889da7-33f0-4599-8452-58d47c58437b.main.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\1435a377-bbaf-4c9c-8706-0811a779fa3fJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\.metadata-v2Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\808127e8-e7ed-4078-b3f3-7f09061a011fJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\times.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\6fc53411-ad83-4cf6-a5f6-905f0f3f52e8.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\.metadata-v2.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\808127e8-e7ed-4078-b3f3-7f09061a011f.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834606.011115ff-9301-40fc-805e-ba07b7fdfce4.event.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857860.81ddb4cc-1d49-45f2-961f-e24ea6db2be5.health.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.ini.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\Telemetry.FailedProfileLocks.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\12f997af-c065-4562-b9f6-11000bb95c9bJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extension-preferences.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\277ffbb3-8e94-4f3f-acac-7a401d130160.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\1d5599c8-3f43-42cc-8163-9a43c60a06d1Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834580.6fc53411-ad83-4cf6-a5f6-905f0f3f52e8.health.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.iniJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\a5d6ec76-765c-4778-afd2-1e05a1554d8e.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\7278f154-e8f4-4235-84c5-c5c1c6af0084.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829744.7278f154-e8f4-4235-84c5-c5c1c6af0084.main.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\78267ebf-1fb3-4b11-82e9-903e54a2a54eJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\state.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\45e26519-596d-41a5-b290-e547b44111fd.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829702.cde8135c-88c3-4c34-8670-7ef017742548.new-profile.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\3a40aaf9-3f8b-43a2-85e8-88e3ffc7666f.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\times.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\6fc53411-ad83-4cf6-a5f6-905f0f3f52e8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829746.67aa4432-87f8-463e-b422-f6679add9971.first-shutdown.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\7278f154-e8f4-4235-84c5-c5c1c6af0084Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\05d02ac8-b2f1-4670-8541-db8ec2bbf427.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\1435a377-bbaf-4c9c-8706-0811a779fa3f.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\45e26519-596d-41a5-b290-e547b44111fdJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\handlers.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\78267ebf-1fb3-4b11-82e9-903e54a2a54e.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\a5d6ec76-765c-4778-afd2-1e05a1554d8eJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\handlers.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\session-state.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857869.95af30ae-acac-4802-b983-233d7fd3cf34.main.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\7d12ac42-15c3-4db9-abfe-259bc8d249acJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\containers.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829746.67aa4432-87f8-463e-b422-f6679add9971.first-shutdown.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857860.a73949a2-5a70-4025-8008-88156c16bb4a.event.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\12f997af-c065-4562-b9f6-11000bb95c9b.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\shield-preference-experiments.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\15f01145-7764-450b-9ad5-323693350a9cJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\previous.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857833.45e26519-596d-41a5-b290-e547b44111fd.health.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\state.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857860.a73949a2-5a70-4025-8008-88156c16bb4a.event.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\a7174184-f177-48c4-876a-8a51c2ed8fbcJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\SiteSecurityServiceState.txt.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829737.9f7a5e7a-2be0-4ff7-b132-b1f6e59a8e58.event.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\7d12ac42-15c3-4db9-abfe-259bc8d249ac.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\previous.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857860.81ddb4cc-1d49-45f2-961f-e24ea6db2be5.health.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834608.65054280-9d54-477d-a3ea-afcb1f88e001.health.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\containers.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\eventsJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\times.json.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\session-state.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\05d02ac8-b2f1-4670-8541-db8ec2bbf427Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857869.95af30ae-acac-4802-b983-233d7fd3cf34.main.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txt.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extension-preferences.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AlternateServices.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\Telemetry.FailedProfileLocks.txt.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\3a40aaf9-3f8b-43a2-85e8-88e3ffc7666fJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\background-update.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite-shm.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\SiteSecurityServiceState.txtJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.jsonJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AlternateServices.txt.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829737.9f7a5e7a-2be0-4ff7-b132-b1f6e59a8e58.event.jsonlz4.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\15f01145-7764-450b-9ad5-323693350a9c.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\a7174184-f177-48c4-876a-8a51c2ed8fbc.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\277ffbb3-8e94-4f3f-acac-7a401d130160Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite.OC9oMrMV8Jump to behavior
              Source: C:\Users\user\Desktop\bZRL0uttVu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834606.011115ff-9301-40fc-805e-ba07b7fdfce4.event.jsonlz4Jump to behavior

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		112
              Process Injection              		11
              Masquerading              		1
              OS Credential Dumping              		311
              Security Software Discovery              		Remote Services1
              Credential API Hooking              		1
              Encrypted Channel              		Exfiltration Over Other Network Medium1
              Data Encrypted for Impact
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              DLL Side-Loading              		11
              Virtualization/Sandbox Evasion              		1
              Credential API Hooking              		1
              Process Discovery              		Remote Desktop Protocol1
              Archive Collected Data              		1
              Proxy              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)112
              Process Injection              		Security Account Manager11
              Virtualization/Sandbox Evasion              		SMB/Windows Admin Shares1
              Browser Session Hijacking              		SteganographyAutomated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Obfuscated Files or Information              		NTDS5
              File and Directory Discovery              		Distributed Component Object Model1
              Data from Local System              		Protocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Indicator Removal              		LSA Secrets122
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              File Deletion              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1542685 Sample: bZRL0uttVu.exe Startdate: 26/10/2024 Architecture: WINDOWS Score: 100 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus / Scanner detection for submitted sample 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 6 other signatures 2->46 8 bZRL0uttVu.exe 32 1002 2->8         started        12 ONENOTE.EXE 2->12         started        process3 file4 24 {1AC14E77-02E7-4E5...7}_WF_msc.OC9oMrMV8, DOS 8->24 dropped 26 C:\...\Microsoft_Windows_Explorer.OC9oMrMV8, DOS 8->26 dropped 28 C:\Users\user\...\times.json.OC9oMrMV8, data 8->28 dropped 30 256 other files (252 malicious) 8->30 dropped 48 Found potential ransomware demand text 8->48 50 Found Tor onion address 8->50 52 Contains functionality to detect hardware virtualization (CPUID execution measurement) 8->52 54 8 other signatures 8->54 14 B0BE.tmp 8->14         started        18 splwow64.exe 8->18         started        signatures5 process6 file7 32 C:\Users\user\Desktop\bZRL0uttVu.exe, SysEx 14->32 dropped 34 C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy), SysEx 14->34 dropped 36 C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy), SysEx 14->36 dropped 38 24 other malicious files 14->38 dropped 56 Contains functionality to detect hardware virtualization (CPUID execution measurement) 14->56 58 Writes many files with high entropy 14->58 60 Hides threads from debuggers 14->60 62 Deletes itself after installation 14->62 20 cmd.exe 14->20         started        signatures8 process9 process10 22 conhost.exe 20->22         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              bZRL0uttVu.exe89%ReversingLabsWin32.Ransomware.Lockbit
              bZRL0uttVu.exe89%VirustotalBrowse
              bZRL0uttVu.exe100%AviraBDS/ZeroAccess.Gen7
              bZRL0uttVu.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF0%URL Reputationsafe
              https://accounts.firefox.com/0%URL Reputationsafe
              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
              https://support.mozilla.org0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              No contacted domains info

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionlbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                		unknown
                https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFbZRL0uttVu.exe, 00000000.00000003.1888082038.000000000114A000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://tox.chat/bZRL0uttVu.exe, 00000000.00000003.2014616809.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1990004282.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000002.2533339573.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2038133809.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1994046077.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1997058469.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1889529864.000000000100A000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1909998935.0000000001049000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1991308060.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2036295728.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2017764250.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2016922272.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1988141036.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1880162807.0000000001049000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2012826885.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1984324725.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2017462800.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.2025219888.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1999965556.0000000001053000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1891109106.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1981397782.0000000001053000.00000004.00000020.00020000.00000000.sdmptrue
                  		unknown
                  http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionalqbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                    		unknown
                    https://accounts.firefox.com/bZRL0uttVu.exe, 00000000.00000003.2230202222.00000000010A5000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.oniondbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                      		unknown
                      http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                        		unknown
                        https://firefox.settings.services.mozilla.com/v1/bZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001053000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changesbZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001053000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion)bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                              		unknown
                              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.oniongbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                                		unknown
                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brbZRL0uttVu.exe, 00000000.00000003.1888082038.000000000114A000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://lockbitapt.uzbZRL0uttVu.exe, 00000000.00000002.2533339573.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionicbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                                    		unknown
                                    https://github.com/Kinto/kinto-attachment/bZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001053000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion?bZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                                        		unknown
                                        http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                                          		unknown
                                          http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionicdbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                                            		unknown
                                            https://firefox-settings-attachments.cdn.mozilla.net/bZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001053000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionebZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                                                		unknown
                                                https://remote-settings.readthedocs.iobZRL0uttVu.exe, 00000000.00000003.2235149700.0000000001053000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://support.mozilla.orgbZRL0uttVu.exe, 00000000.00000003.1888082038.0000000001142000.00000004.00000020.00020000.00000000.sdmp, bZRL0uttVu.exe, 00000000.00000003.1888082038.000000000113A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionkbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                                                    		unknown
                                                    http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                                                      		unknown
                                                      http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionlbZRL0uttVu.exe, 00000000.00000002.2533339573.000000000100A000.00000004.00000020.00020000.00000000.sdmptrue
                                                        		unknown

                                                        World Map of Contacted IPs

                                                        No contacted IP infos

                                                        General Information

                                                        Joe Sandbox version:41.0.0 Charoite
                                                        Analysis ID:1542685
                                                        Start date and time:2024-10-26 07:25:06 +02:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 8m 1s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:17
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:bZRL0uttVu.exe
                                                        renamed because original name is a hash value
                                                        Original Sample Name:22a164ed481ba88df26ce7e819f2240d7fafa5b6ee2cd2993cb5fae3d566be7f.exe
                                                        Detection:MAL
                                                        Classification:mal100.rans.phis.spyw.evad.winEXE@9/1664@0/0
                                                        EGA Information:
                                                        • Successful, ratio: 100%
                                                        HCA Information:
                                                        • Successful, ratio: 100%
                                                        • Number of executed functions: 86
                                                        • Number of non-executed functions: 6
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, printfilterpipelinesvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.109.28.47, 52.113.194.132, 40.126.31.67, 20.190.159.75, 40.126.31.69, 20.190.159.0, 20.190.159.64, 40.126.31.71, 20.190.159.73, 20.190.159.68, 184.28.90.27, 52.182.143.211
                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, www.tm.v4.a.prd.aadg.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, s-0005-office.config.skype.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.roaming.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, onedscolprdcus13.centralus.cloudapp.azur
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                        • Report size getting too big, too many NtReadFile calls found.
                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                        • Report size getting too big, too many NtWriteFile calls found.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        01:26:51API Interceptor6x Sleep call for process: bZRL0uttVu.exe modified
                                                        01:27:07API Interceptor141x Sleep call for process: splwow64.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        No context

                                                        Domains

                                                        No context

                                                        ASNs

                                                        No context

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\AAAAAAAAAAA (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\BBBBBBBBBBB (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\CCCCCCCCCCC (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\DDDDDDDDDDD (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\EEEEEEEEEEE (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\FFFFFFFFFFF (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\GGGGGGGGGGG (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\HHHHHHHHHHH (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\IIIIIIIIIII (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\JJJJJJJJJJJ (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\KKKKKKKKKKK (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\LLLLLLLLLLL (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\MMMMMMMMMMM (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\NNNNNNNNNNN (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\OOOOOOOOOOO (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\PPPPPPPPPPP (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\QQQQQQQQQQQ (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\RRRRRRRRRRR (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\SSSSSSSSSSS (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\TTTTTTTTTTT (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\UUUUUUUUUUU (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\VVVVVVVVVVV (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\WWWWWWWWWWW (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\XXXXXXXXXXX (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\YYYYYYYYYYY (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\ZZZZZZZZZZZ (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.525729654779131
                                                        Encrypted:false
                                                        SSDEEP:3:JkP//yCxDxS9C99Ufd7SxApA/x3QTKXQ26XQiEFuETv8EQB60fedpUcn:JS3XDU9+ifdDpA5A+2t5EQB6me0c
                                                        MD5:AE113EA3CA7339CC3C628D5DD17EB455
                                                        SHA1:58448715407CC03FCB5ACAAB9711292EE39741FC
                                                        SHA-256:1BE8C6A1DA02579283BD0630E9B99F1EB2B708E444A8DC5B3C80C7B26F985355
                                                        SHA-512:E7E82815DE9954274C910374BF40406ABEA0DAA332FA25F49156650AAF2CF2F0306D72A8DB400FCB8C1484C0AB8A5C8A7470A31A622653E91972BEC17994D9F4
                                                        Malicious:false
                                                        Preview:...A...#...).Tn<._.%.w.gXw...T.Q1....D..t#RR..e.V.en8...j.h..&6....S_e|...us.JU..%..##K#.{.....z.$i.q,.*+4"Bd..;.)..oT..

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\AAAAAAAAAAA (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\BBBBBBBBBBB (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\CCCCCCCCCCC (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\DDDDDDDDDDD (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\EEEEEEEEEEE (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\FFFFFFFFFFF (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\GGGGGGGGGGG (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\HHHHHHHHHHH (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\IIIIIIIIIII (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\JJJJJJJJJJJ (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\KKKKKKKKKKK (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\LLLLLLLLLLL (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\MMMMMMMMMMM (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\NNNNNNNNNNN (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\OOOOOOOOOOO (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\PPPPPPPPPPP (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\QQQQQQQQQQQ (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\RRRRRRRRRRR (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\SSSSSSSSSSS (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\TTTTTTTTTTT (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\UUUUUUUUUUU (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\VVVVVVVVVVV (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\WWWWWWWWWWW (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\XXXXXXXXXXX (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\YYYYYYYYYYY (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\ZZZZZZZZZZZ (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.528555453047353
                                                        Encrypted:false
                                                        SSDEEP:3:OFYgvpDHUSUIslVanrAR12/SPaKLsZwnMVgIKEXcAlgB:uHUSUrlVarAR12/SPTLpnogqJli
                                                        MD5:6B262954E968B2FA3EE63DB09BE21873
                                                        SHA1:8902AAD1D8FA6F6CF806F75919E022A3E26534DA
                                                        SHA-256:50F96B45D38A299F03101D4CB8A342C715396047DDE7A252D3F856525F201ACD
                                                        SHA-512:03DEAEC374C576088A2C9A50ADD2E9AC2F71FC4B66E07220C8FB78DEB9839202161499A76ED95D88211131F5F093EEA94844531DC1540D43FEB905D1711FF922
                                                        Malicious:false
                                                        Preview:B.*.+......[zN...A..G.w#..F7.<..C......v...B.%...........3.7.e..X.xD.nL....y..;.....N.o..G..sz...0.gt.C...0g.fd...fE..K.G.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\AAAAAAAAAAA (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\BBBBBBBBBBB (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\CCCCCCCCCCC (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\DDDDDDDDDDD (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\EEEEEEEEEEE (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\FFFFFFFFFFF (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\GGGGGGGGGGG (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\HHHHHHHHHHH (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\IIIIIIIIIII (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\JJJJJJJJJJJ (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\KKKKKKKKKKK (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\LLLLLLLLLLL (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\MMMMMMMMMMM (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\NNNNNNNNNNN (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\OOOOOOOOOOO (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\PPPPPPPPPPP (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\QQQQQQQQQQQ (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\RRRRRRRRRRR (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\SSSSSSSSSSS (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\TTTTTTTTTTT (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\UUUUUUUUUUU (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\VVVVVVVVVVV (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\WWWWWWWWWWW (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\XXXXXXXXXXX (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\YYYYYYYYYYY (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\ZZZZZZZZZZZ (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):129
                                                        Entropy (8bit):6.563363398750243
                                                        Encrypted:false
                                                        SSDEEP:3:ctlDfMyesn11li784P4Ou6hcoLoz9ZpyRZktSUR57X:U2yew11li7h+NhfQRqgIt
                                                        MD5:FADB6F8B1BED8E7704A223781BA9647C
                                                        SHA1:83717CDCAC4D4EBAC7600273C66F1F4023B8B79E
                                                        SHA-256:A1FDA9D61D102916D82BF5FA32E276B41DAEF634645A99FDE245F1085DB54D6A
                                                        SHA-512:324F289D9BB3DCBB43753353B4387891A52B6BD866647B9BEED77B7C7CFFAEE8B36D23407224DA31667D4E9F82ADBF4338DB70ADD712C87DE4D6D0EE985FAE43
                                                        Malicious:false
                                                        Preview:.|.,H..GB2~i.&`.W.x=N,.<.8&.....'....M.h...I.....H.X...../....P.]......:.'.!p.\.......f..b.....a0h0w...8.3.<.%..s....4o..:A(.

                                                        C:\$WinREAgent\Scratch\OC9oMrMV8.README.txt (copy)

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\ProgramData\OC9oMrMV8.ico

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                        Category:dropped
                                                        Size (bytes):15086
                                                        Entropy (8bit):4.262047636092361
                                                        Encrypted:false
                                                        SSDEEP:192:jpBaAlHSa2vU9G/8MMBD7O1lXFMB8VMJP7:jpjmkMYD7IFMRx7
                                                        MD5:88D9337C4C9CFE2D9AFF8A2C718EC76B
                                                        SHA1:CE9F87183A1148816A1F777BA60A08EF5CA0D203
                                                        SHA-256:95E059EF72686460884B9AEA5C292C22917F75D56FE737D43BE440F82034F438
                                                        SHA-512:ABAFEA8CA4E85F47BEFB5AA3EFEE9EEE699EA87786FAFF39EE712AE498438D19A06BB31289643B620CB8203555EA4E2B546EF2F10D3F0087733BC0CEACCBEAFD
                                                        Malicious:false
                                                        Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\.curlrc.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):239
                                                        Entropy (8bit):7.046565278672281
                                                        Encrypted:false
                                                        SSDEEP:6:/c12lOrj/mIvOGs2Ecr0z/Q7f61aBDE6txWw+DdP9l49aUSnW:01cOrj/oAGCf61a+6KxPlu6nW
                                                        MD5:74A50B515F9B50537CB0FC2878EE78F3
                                                        SHA1:44B98D19C34038E406EAE241F2BEB8421364BED0
                                                        SHA-256:123F94FDC5E7E0F1F8F7C2CA5A8B1879D9A26C58693411FC481545CEFACDFA74
                                                        SHA-512:FB4316B9E1455B12F033E87029E57F488ADC26B8C4B67D36BB539C1423EF1CFBD34AE830A8B525862E78397815851097B2B11B4D61989BBFC0D137242DBA0332
                                                        Malicious:false
                                                        Preview:..%...2...&eE...\.NB....x.k.^)L....n.0...a^........:........5F....Rygo..p..f/^.iq9.....&.n.>=...?..Fa....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):248
                                                        Entropy (8bit):7.206015362718997
                                                        Encrypted:false
                                                        SSDEEP:6:UTEc0Cv+32ZcZtQQqaMf61aBDE6txWw+DdP9l49aUSnW:UhRG322XQQUf61a+6KxPlu6nW
                                                        MD5:FA9EB2F2D4879C8829F94D0E9951CDC0
                                                        SHA1:55C8FFFA20A0FAF73AB645E5ABFC181259FE2E4F
                                                        SHA-256:C13BF1257A2C5E8E5F460C5324CB2B1D04CD22E62A826AD93E240A60C0B17148
                                                        SHA-512:F6BCDB59A169CD6B5475E4C6C859181A70CE21A91F8EBB7D67891F0F1944E59116B12BBE6BCD29C1F0467C4D5AD21128D0CA808E6C7067952123F0C68A8DA246
                                                        Malicious:false
                                                        Preview:i0hd...$. ..L......&Bko.h..9....x.9.^)L...n.3...uy.L.m~.z..|.}.....y..(..f......p......Y...|......._?....V+b....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):458
                                                        Entropy (8bit):7.576254289585315
                                                        Encrypted:false
                                                        SSDEEP:12:H850hLuxOQqXnSUFw3XGv7vyS8PRq/l6f61a+6KxPlu6nW:O2iOwq7avPRqN6f6bxPlS
                                                        MD5:C46B0D2A7CA4C232049E049D92956CDA
                                                        SHA1:B817B8A0EE5F8BB8F9283B4558A2708F9D895CAB
                                                        SHA-256:BD8D3F05332F85F41526C4D30246AF9083FAF35DC6907BFF851E90D1B19023BB
                                                        SHA-512:A328A4FC4D04C881E56DF20B8ED57F15C49C7DB298AACA1DEDDCEF0F64FCC6FCBF4857FD9A8FBDE39D624BDB810FAEC0F39313F0E943D8BA7575818B36D67563
                                                        Malicious:false
                                                        Preview:K7>.a...Me...}g.TZ.F......&M.0..9...{;.,.p.x.A.{`..mY."...]...d.K...l1#..UH..b..m....pc....s...B.....o..7.].?D$~*...1.v'...M.$k...=.....@.'....^......MV.?L./1......).*..._q.d.....Q..s.rpn..i....`...&#E^._g../..v...M......2..../eK"._..2.6..l..d#!.f.T..Jb.`.i&l..D...a.-.....IeI.y...a....u...Z1..........s....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\076dd576a8178299_0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):466
                                                        Entropy (8bit):7.5100775558304695
                                                        Encrypted:false
                                                        SSDEEP:12:/AmXjxZBDihpAuQg61wyYSDS2LvfiiNjf61a+6KxPlu6nW:4gjf1ihpAuQb1n7Ljf6bxPlS
                                                        MD5:2B29BD41343F6837537BF2147429AB79
                                                        SHA1:ACF723286F679694843B0EFCCD51933801E7720B
                                                        SHA-256:BF8641FA229B93BD85EC24C456D30F471761C0C9F20518337C5F9614F5C4D8EA
                                                        SHA-512:D601C41AD8E4B8E74E8E71C1A91CEFE2528A4DDC18E24E534FAE8ED24BC63EBDECB0F36D549CBF2B6BB08D2A440B6EEE825780E1DAA9DA63C71BB0716D17725B
                                                        Malicious:false
                                                        Preview:..m}...{..]....zs...s....n.=\n.<..B...(...;[....u%..Z....e.O....>.-,.^...F.T6"..F^sx5&..ga.GZs.,~"%.L.I..D..dUga..v..Y"E.....4}..Ob$...[...t..u.R/......D^.&-`}..2...V,......@.aw_......_..".xR=y....{n~.z.....O..&&E.7c...C........g,<....n.....B/e.".\..1.6.|.v..N..^~..Rp......I.@....i.o-..i...G..).s...:..xk...*W+.....jp....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):420
                                                        Entropy (8bit):7.561759871193492
                                                        Encrypted:false
                                                        SSDEEP:6:YEVcxcKngRgZ9w+gUixUPQUBLpxCR+fsn+SfL8+Cf61aBDE6txWw+DdP9l49aUSW:gxcIHgXo8+Sfqf61a+6KxPlu6nW
                                                        MD5:6688B77214F11B6E0FCA07F9C4872756
                                                        SHA1:3DA2265E1CC3826D5509BCD500071271833EA526
                                                        SHA-256:151004DE149D431E73A9931C563B9F7CA93465265FE9372FBE2DC1921A304F02
                                                        SHA-512:9CED8A23767682731B0A99571DD659B57AE14C8A612976B2080A3A3FC9348F8132AC1BC20D76EB6F6BCA322533CA640CB07F876F72870514DB66070235A75B5B
                                                        Malicious:false
                                                        Preview:.Ic...<.<.-...#.3.J...Rt...j.."...W.c.".&e.....A]...=?..5n..{.....P6fC.v...jA`......IO.s.T.EU..n9...sw...|.=j.#...g=..c...[.}!..6|.+@r...1-...W.1m.{...4p.=.k.[...X;..&(E\...NA...h6....N...n.b..../f.".\..1I..d....|....z..zG...'..q..Y.i@g.+....}..8Y.....2.a....k.....W.l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):498
                                                        Entropy (8bit):7.541373658148871
                                                        Encrypted:false
                                                        SSDEEP:12:QWSOm9iCOnLEbw6LDnF5URtorftaof61a+6KxPlu6nW:PIhY8w615UQdf6bxPlS
                                                        MD5:78AAE072B916EF273C07748ED3735FF0
                                                        SHA1:5E3575E703AA031131E1742B1DEC9DC896BFF0D2
                                                        SHA-256:D78E76DCFD9291E1691FB0DFEFD2504E14A29D1D0001B1F7F0D84619370744C6
                                                        SHA-512:044CEEC6D19B4229A49D89B13E997AB025F7F165D9F544464F948B0E13C034842C7D022E55156C183B236F073A08C565494283CC5219DF8E46DE6C0489B9F8C2
                                                        Malicious:false
                                                        Preview:......K&.\.....Z.*._.m...>.....->..@L].7.%h..B.Wu.*.em.....g.u.U...Y....6.........'{..x..'MR..D..Z#........RV.Z@_..v&Y.x.Fj....W.J.o.N.W.$r.....4..+.i...`..........t{.$._}w.k.E....f...V.6.932g..,Y&..Q.((..oC}_C^....(}.{V...%.O!+YoL...+......d.h.i..._t...f.t....*..7../7."._..1.6.|l.gw..".h.u..*..)...h2...0..\.g..q@-.`n.Iuf.....x...hu!3.gc..5r....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0a71ed411241f66a_0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):445
                                                        Entropy (8bit):7.475359251862492
                                                        Encrypted:false
                                                        SSDEEP:12:AdTfLKx8xwUCSFO+iwhDZyyzPGdCUQf61a+6KxPlu6nW:AWoJCSFuw1T8CUQf6bxPlS
                                                        MD5:1DE8867B14085D74100901058E882C9D
                                                        SHA1:655500C93BA52F52B881DC5EAF04C42295EAB0E3
                                                        SHA-256:A18182D8B3B89F92672B021FC0E6702162E77A3EDEA5D09A176EADFD9B95BA97
                                                        SHA-512:F0E5A82C0089065612256B28FA526FF8C6DF78ADBE62D47AE1F26283E9F35D6FA78E5D36DBADB3C7ED7588B9E214634BFAB4FAF29163D147F2A8A37B6BCD499E
                                                        Malicious:false
                                                        Preview:<.Y..)...G........qWKO..`y_...XgM.P|^5Pa.l$a......>V5y..o...q...1..'~....!...,......6.?.X...}..KX....).40vv...T/.../.0.p'Nf.s..&;.Jm.[.\hRxD4.<....^....n...'d.=.z.3...7*....=...y...H.,.5.......&'E[..g..c...+._1hNI.....0....}e."._..1.5.|l.J..H.+;..e......q}..=E.\o=.'.o@..QS..j54.?f.Y.=.(8k.b...'q....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0b05805acd0d1882_0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):442
                                                        Entropy (8bit):7.546255587953541
                                                        Encrypted:false
                                                        SSDEEP:12:M0CimGk9/yzAeIkpniN/jtltDEhkf61a+6KxPlu6nW:lDS9/uAeIaYjbtDBf6bxPlS
                                                        MD5:196E0889485852D7492F647EBFE19B7C
                                                        SHA1:554F215809C0A23B655B385F0EE9C6D564692B91
                                                        SHA-256:005DDC92F282D41A04A68D4E4941450902FCECE253C6FF9C756213160279A8F9
                                                        SHA-512:47E42E5440FA02D52AD0A6D052A26390FAB9789861DE45C9D3BE2A9644E5BEF1D5808DE4F334AF99F75E617EA2408075D5B7B121BD3C8023D69E87249AA893E0
                                                        Malicious:false
                                                        Preview:.....JP~......`..{....A|.......))q..d....E$...~..S...$&........V.mW Yj.P'....J.....t......mC..R;.0.....$.{..{.%...R...Z.-y6..$_.q......Y.T.......Z.>3...~l...q.>).....:..uKeg.a........6...'.._.^..;...p...Z......n.....B/e.".\..1.6.|U.Q...3.]1.-...\:!.7.Jf..a{F)..Z..f.......3t....~.1cIt.1.KA.p....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):461
                                                        Entropy (8bit):7.501924155353378
                                                        Encrypted:false
                                                        SSDEEP:12:dhLApTl9pT3X9vxyK2HAC+Pso/xHgtf61a+6KxPlu6nW:jLApTl9pLX9vrxC+kSif6bxPlS
                                                        MD5:1BFAB6D376CFA4C34359311DE8779A97
                                                        SHA1:713F97016A2A487D0ED326DDD1E278C3C5B3BB9A
                                                        SHA-256:AEBEE762F80CF4A7E3C6EBF3E6419CA3E5A173B0E400E27D05456E7CA41613AC
                                                        SHA-512:6C38B197F7D751BDB9F5A2CE9075633513785D6E34C0280C6CB1672BA180C46A71F7680E99FB91A01747E07D2DFA56724751A64D885A822EEBDFF331B6E6AF45
                                                        Malicious:false
                                                        Preview:v....O....%..0.FN."NO.q.r.N..u..C.J~W.4]..A..I6.n.q.vp..K.;.. ...$...Q.%.;...b'..c..9.h.._.1...v...EF.6z.v.?Jo..dy..'.L....4..H!.ZkH...q....z.....^..A.d.d8K.lH....K......AE..drK....|p...u+.Z..=....%.l.%......&"E_....F...u.j.<.]....l.0....}e."._..1.5.|lm.s..tt.0.JO9..E...W..2......,......U......l8....bu%J....q....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\the-real-index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):291
                                                        Entropy (8bit):7.286379542152724
                                                        Encrypted:false
                                                        SSDEEP:6:6vBLG2hJLL2LO7LCvO3r7O6lHZC0Eyjf61aBDE6txWw+DdP9l49aUSnW:SLTJ+qIeDTECf61a+6KxPlu6nW
                                                        MD5:BD6331BB68DBD2B8775A2B488CCB0A2D
                                                        SHA1:5058F6020BE6B522009EA2831D97D3660A917D81
                                                        SHA-256:5FFFE336F0266AF33B58D2EC21A7424835B5027902912096EAE43C882A0665D4
                                                        SHA-512:5B580FBA238651A77D01BA4BAEB45CF1C5016488503F40631B3A3D792844CB24BB45A902F9CC1C04E7825B6472F0A38CB13C3A05B0BCB4CD7E94866DA1E377BD
                                                        Malicious:false
                                                        Preview:)D.M..$.3;j.A.0~....y..#k.e$.....O.4..Lm..wZ0E...&uEG..I.;...n.K]|CQW...n.0..../e."._..1.h...m.b.Y..w.`..cX.*?.F=....*,g......gA.HL.AAi.....ji^1[. ...m....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):253
                                                        Entropy (8bit):7.214839967812451
                                                        Encrypted:false
                                                        SSDEEP:6:Dm0mh/OzFQVRKyxTz/IFx/gQf61aBDE6txWw+DdP9l49aUSnW:DYQYMyNz/IfYQf61a+6KxPlu6nW
                                                        MD5:91A9F172CFC64C82CAEE9C7CF4AB235F
                                                        SHA1:E0C6D8AB62E4766880835908EA0A58D80CAD101C
                                                        SHA-256:F0BAA7D5F4B43569AADF0CBF48DE8C84BF43015E87C287742347B7E9C7C7039D
                                                        SHA-512:E51112A5E31DDD12C11848B5221A48146F070F62E7BECCC0D5E8849BFFF5A1C3C9464061BC1C4884CE5CBCF89A8CBD560DD946E7B97E7CCB38770D9FBA7F5723
                                                        Malicious:false
                                                        Preview:._.....$..w...;i.N.\..f...&tE...f.X"....*.9.^)O...n.0.*.h........8m...........U4/>}Z..*t}........f6;U!.X.$......u.._....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):517
                                                        Entropy (8bit):7.628210776033679
                                                        Encrypted:false
                                                        SSDEEP:12:r0w7RiGgaQRWv4gQyx7O+AZPGbCZoBe3eEDWjPhjAbbUZf61a+6KxPlu6nW:Z7QQEo40xeZPGqceOEDWVeUZf6bxPlS
                                                        MD5:7F52219A7B18C5FE54809606BFAECD37
                                                        SHA1:AF443A6E2C4040934E485A94A08EB2669D050A00
                                                        SHA-256:42C2F421984DFF3B23621FA725943A29DD6F6015F4F6F603E490E5AF2D18D05B
                                                        SHA-512:1C26990F61F009A4D141834998BDF934527D913C824CEF6C5C0C1D1876EDCA9FD673F2F9A62F9F8837A7E06533E63C90E9C2B1B890E02CF0D9D81C2E7F4E5077
                                                        Malicious:false
                                                        Preview:@.z..<..Tk17.\.fX..6..I...t...VN.c._.k.J...<.S.......I|.D..y......#.Y..u..Q..v.....J1|R.y..B.....N...J..C....'...l/....V.....@#....k..iN..xL......H|.....|.q..\.k.....W#.`..U..T.5...g/...?.....a..].....~.....)].N...>..S.....I..*...#W......w.._6JP.y.`r..J.}%.C.UB...0.~.^M....&WD..f..Z"..x.:.^)O...i.8F..@].a.[.V...u..lVF. k.*8oPw [P.T.~... ..C6..........[....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):525
                                                        Entropy (8bit):7.644797013890063
                                                        Encrypted:false
                                                        SSDEEP:12:rt6cIG5DZifXNmVjdvX57Wnj6lMEEf61a+6KxPlu6nW:e/0ZdP5KnjwMvf6bxPlS
                                                        MD5:D7714D5DDAE32779E2E4C9E2195C9F28
                                                        SHA1:3B6CC9F5F278E819DB4E09B749FD2DF2ADC5002F
                                                        SHA-256:4141313AB066733533805AD44A8FC8D083D7596347448FB003140BABB51DF50C
                                                        SHA-512:54A544CE65D3FDF12B34D8FBC1B173DF9F0A2E55E8ABD463893797D2160AA5DFEB5994A5D76660708135018418E35FE8C2B8B98749F77DD6AFB53CD9064A050B
                                                        Malicious:false
                                                        Preview:.........W|!.Z<.-....V......wM.....x.....lWx.E...5..g.#..v.5[..q.k....O&..l...V[.G.......[...8.....o....35.:...Af........l......!.=.......z.J ..i........t$(.Z...C?..0.....VVv.(.r...D.=.^C.....XE........H|.x....SK..%.sd.....o.>.o....I...8^c.9E..:..n....1..G.......I..d.>.......&WED..g.F['..i.9..)L...n.0.....F.9..}K.$.P..R.%.....)g.$...:..Zu...:...R{..nP.Y..t.2...2.%4.p.c....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\CURRENT.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):248
                                                        Entropy (8bit):7.0940216630786015
                                                        Encrypted:false
                                                        SSDEEP:6:aGI822+TNEaLNttHIFKaMf61aBDE6txWw+DdP9l49aUSnW:a38IjwFKaMf61a+6KxPlu6nW
                                                        MD5:976E92E564B34359DFD1F909BD15DD0B
                                                        SHA1:E3DD4AC88AE0EC19F794B701BD0EC865F48E0D05
                                                        SHA-256:E74DB70E23F81318A7FB62753CD0BA48597A9E889797DC57FF68755E82F9BBD6
                                                        SHA-512:9E2FFA467F60F70EE157CCE8599E1DE8B1858D73AD33BF5F90F34B5D0C77000AD9877FD84D5491D299D4484B49ED1BA1E02A8147F9206D56C824C30352F5DBC1
                                                        Malicious:false
                                                        Preview:.t..z"....U].....&Bko.h..9....x.9.^)L...n.3....ARr]......2....[#..S..q.|...."...9r......H..........y.bb....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):561
                                                        Entropy (8bit):7.687968209592891
                                                        Encrypted:false
                                                        SSDEEP:12:vOOW4aD5rDAJoeL4uPYQ6Q7dTGDey1WGUIIf61a+6KxPlu6nW:vwTDAJ9L4uF7d6DbYIIf6bxPlS
                                                        MD5:E1C1AF352BA07F5096E208BEF4D63BFF
                                                        SHA1:CD82C451BF66EE2FA82A41275D084900C6A0DA8B
                                                        SHA-256:BDA186DD21892DE30664A1663D30959814F85341057543C4A66BAF299BB3872D
                                                        SHA-512:B99C2B75634594603FEA86DD71D46668CD16886E9943230F72D93FB7E37A6315C03EDD2C9E95B71D947898BC8176E2BC045BB8EA185B3FAC06FB424231040F8D
                                                        Malicious:false
                                                        Preview:..}.w(s..u...`I8'.K.j..w:.....}0]\...<2-x...K......7C{.....d..+...........Pt.UW..u.A.|.O.p...=6I.#..>}..0.....0....J...j.....Q1?@D.,......U[.V.~$..4.fNg.t5.>V..c@Gej>%......M.7j..d..,o.{.gl.bK.....\\..:..$...D....|..\[\. ...............i)*.B..J.9.%ds...M..9...8........-....b..em)9."I...0......bc.e...A...Z........X..Z....&WD..f..Z"..x.:.^)O..'"\...@c.[.1j....Yg._.X.*q.v.)..2..$J....._.../...p.4)..G&a.9...[....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):569
                                                        Entropy (8bit):7.657869011232651
                                                        Encrypted:false
                                                        SSDEEP:12:hZuTcq+XJcCUuxa+Eb7ZCKlO64xDpAoIHY7tutFvITQf61a+6KxPlu6nW:ruTmXyN+8CKlO1AoIHYpYacf6bxPlS
                                                        MD5:EABEFF65A359CEA06C79FB906CB05F4A
                                                        SHA1:73D305DDE08F3CBE9F0D22E6612FAD25D5CEC9B3
                                                        SHA-256:8023684DFBD912687020BF80D5CEA9FA7EE55B5F871C13BE333EF800B492814F
                                                        SHA-512:E458CA1B52C3C6FCE9DE6B7FB3FCEAF2AB7D5484EE8D59B23CBECB5D7692C12B9A0D29629BB663966D0D223A85CFD073D71C6A24C8D386760E3904149C6EC383
                                                        Malicious:false
                                                        Preview:...j..K.J.vt.f.YR...F.G.[j.F..s.....,Q."4..f.v..X.....j...ng%Y...l..<..I.}....~.>rK`.>.d.)_g... ......|n.9(s.8@.a...q..)..G./..%(A.u......1.g...%p..TI.. .. WM..@S....{*...e!...'..&.t}.ll.Ys!...m%.X.N.Y.v.(...~.]..]u....2..B..~.`.....{...%... .|.....N0...p....JW......[W.Jx^f..Pa..+qovg........=mP......B.......v..O.^c...&WED..g.F['..i.9..)L...n.0....jPb.X...S..,..u.$.[.=..Q.!y.~....L.i..BK..x5*_.....>8hQ..p..d.uc....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\MANIFEST-000001.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):283
                                                        Entropy (8bit):7.283923348701329
                                                        Encrypted:false
                                                        SSDEEP:6:uEEsgnp9/2IXnCsrbnLrMf61aBDE6txWw+DdP9l49aUSnW:vEPXnCsvMf61a+6KxPlu6nW
                                                        MD5:C6BDA0332EC3DC843A4471D30B648614
                                                        SHA1:0CCEAA6BE64780E92CC3687FC29E0D88F50488F8
                                                        SHA-256:49E0CB5FBEBED2CF78611E5AB58ACD4F3B6EDA082169F04EEAFEF975877A8BEA
                                                        SHA-512:48AA54D17864BCF5C889496454C311C4269CE5499E8833C1911FC03AA5052EB24BE07A904A0F7A14BE270D279F118049386E775C9B50F2E7ECDDABB9E695E567
                                                        Malicious:false
                                                        Preview:.~.......~..;Be..k/.F.H.Q..o.m....56a.....&^E#. g..qZ.W...........n.b..../f.".\..1.5.J.9.a....T.......pT..jjOev..<g...b7.e..$.|...g.x!4.;..N]n....l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):731
                                                        Entropy (8bit):7.682513236658009
                                                        Encrypted:false
                                                        SSDEEP:12:FD/tekQToi7LX+1B/nTZDp1YsfrAyb+gWybMMgRAqLgdaytZf61a+6KxPlu6nW:Zs/FLCFNDp1xjAybPWmIrLg5bf6bxPlS
                                                        MD5:CDC9D45EBBA10A60B59128DF06539644
                                                        SHA1:0A4B1FFE485C0D7F5A74D2C357A925155CE9CA27
                                                        SHA-256:0AAEF1C8EBA2BD381BA4798E7317F6630B1B7E84904D987EF6BC542D64446D04
                                                        SHA-512:3CF5F589C7594A5999F90AC07562AA08A9AA63D6AE9833A7093FA0711E044F53DC6F687AC330BE9374D28748AC654FFA467D338EA6FAFE3626C90E23698590A9
                                                        Malicious:false
                                                        Preview:.3.)L..W...........h.._.",.6%}....f..Mt..Y....6n..z...........,O_[...M.%..B..j7S..E}..)....'..q.z1.....>G\(../."P..3W.....:....f<B.....B....#.h.Y....}u...`...c.:xS...TL.b..S.:c.S...Ad.K.k...R........+..7.j...KWM.<.^.T.0....>6.k9P..m.lY....s.U...-r.$.o$F........{....p.q......t...N.S.L._^"...5.|ck.=y.&/QO....T...d...[.'6..=..X..tv."=.\,.?yA...Lh.....0.'..."`b...NP..V.>,T..4EB0.Y......Y.K9.U...J.^[...|.....'X4O;1..V.......8O2:_..3.....n...TK.cVU.v....J.@.,....&sE...g.PZ.W....C.......0....}e."._..1.5.|l*.B.h.SO...%.=.......}.MB5+\.I.e...).......g.5...e..v!25h..m.Hq....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):283
                                                        Entropy (8bit):7.193782800982861
                                                        Encrypted:false
                                                        SSDEEP:6:StAriGH/2/oBCB0Y7U722aFMf61aBDE6txWw+DdP9l49aUSnW:yAr2ollf61a+6KxPlu6nW
                                                        MD5:BCCCEBEB9CFD8541D40AB0F78D4C18F1
                                                        SHA1:F1509095A5BA64EC52279EF62B5ADDAABA22520B
                                                        SHA-256:7FFC5BCDC17E0AED3963F9B74AA2059CF7F093F81895963B2B7D71CEA76F4076
                                                        SHA-512:F508B1160FD41183D807C71A6D085185D2C335422EEBB140ABAD876CABBF13D64372837B131ED44E4E23DF8E166371FEF79D6ED1D7B62FDDBCE1F0DC56948837
                                                        Malicious:false
                                                        Preview:W....W.6...X.&... :.o,.....=.:.|.....!....&^E#. g..qZ.W...........n.b..../f.".\..1s5....E.W...X.T.......I.^.wQ.......QL eMY/L.O$....n..g..l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20712
                                                        Entropy (8bit):7.99120381821098
                                                        Encrypted:true
                                                        SSDEEP:384:fVI3YtfxGEi0ApJ6xgQmBmeIe01ebDvUBzZTuiJnJT5JwLt2Xp1F:fVI3mfIfhX6xQ/IavvC/JTyMXp1F
                                                        MD5:50F7CAEEDDEDF7CDCD99121EC26AB7C7
                                                        SHA1:3A5F8442740038F15EB02C8778550D826CBFAD9D
                                                        SHA-256:ED5FF54500846876EA518723E4DD2E1D4F6897DA66101392A37C5E2218B6D334
                                                        SHA-512:BD3A67135819BDEBD5DB2F649E22811E93F1EC357039942F038E808D70F1E3A2E9280BBB0335C73B7ACB32B5FDFC7F568D0EF5106469C29B91ED8FE865AF5796
                                                        Malicious:false
                                                        Preview:i|]...E....tH....[..8..(.?...K....{N..!.L.... ..h..v.+.....k....{c.8\....A...0...+}.k7."^4j.q.)r$.s..6)GY .........M....BNR......NI.l......z.JJ..N.... ~..;.q./.._.MGF..g....4OX"..wbb.O.....`....qn.FM...P..o....v...h~...%....[_.....)!v.B......<..D......L.O..m!............{...N$h<..x.0....{...d.(.}..X......y.fs..*b.q.X.=8.p../P...,.>^.N+:[.n..t..?...J8. .M....w.5@HIJ:.{]...R..+..<..R'*{{.=+.c1L$......5|.L.,.....n?.Zm..'..N*~... .0....P.U"..@....S.5ix.c..n.Aw5{(<.t.p..`,@.[, cV.4D.....nJ.....W.r}.f8o.N.}E3.....^..S.q.5&K.K/<zQe# .....D.^.....=...7......!Ou.I.....P.XU..q../...A.....s........q..*.A7Fl."1.A..".SUA.'.$.H.L....I[.o.J2........r.d.ev{......q...@..>l..BF.w'(8........uu.....b5H.#.w'..H..M..#.4d.l.7g..c.......P.y1_..K.>r.wf..hy..#.n..{.\.]E.. .4.}].z..E]..V...uf..kvN.}..\R...C.,..z>..s...f.....J..5...a..L<%.<.L.....z......m.R.`...(..f..)a..tE...;w.\.].5....2.....u.S....m.6J'._.Uw.3}V. X.|.cN8.A...NYx1%.;.....a...[.H....&.). .5.`..........*.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):730
                                                        Entropy (8bit):7.735796313430943
                                                        Encrypted:false
                                                        SSDEEP:12:o4W7OC6kA2L8+J99hhU9SIsX3RcuAY68u/Af8V4prUg96Qv4s6f61a+6KxPlu6nW:HoAhUL5xcBYAYfG9g9lV6f6bxPlS
                                                        MD5:CA80233DD4290B33DB8415AD80332084
                                                        SHA1:86AE990503C17963D75767DA88DB6EA664239B2B
                                                        SHA-256:037A191F0E6F7CBC9D953FEEE70408C8450D3C777DAAF5FEF6AF24B6AECA79A1
                                                        SHA-512:53018551A3DD5266ED22417F1D6A8D9AB385CE6CCB017F57203C29960C9B11653E11EEDAFF1474532F5B5540BF50A3288B6FAD3F2F6663484F4FD9FD7FAB158D
                                                        Malicious:false
                                                        Preview:.e..W.9C.N...vsx&...a..M.q..............T#K54.g..l9..WCP.n.^{..4.Fh.%A.<.c...$.....SN,U+.`h.?w...e...u......m./..R.1.!...o.6N........Z...xp..._.<Sc.%....?..>5.$..1o.....O..\.^.P..\VW.S....7UN..F.2l....f ._..I\b.C.N.#...=.$..Q..{...e.&.....a...o ..]......,.zw....|.]Z5.|...U.t..;7".F.3W*.7..v.>..O.....y..C.STF..@..g.6...'..=...C.................6.H.........w.d.l.|.Ws.~..k.(...!.w..Zg.z~.*{s.....8.{.>..'.D.Ha.#a.B...*.....y..mr.1.^...>...M....Q=....l...&dE...g.IZ.W..-..@.........=.q?.."._..c.6.|l../R..,.........W5.=..Q....!.4....+....~..!]...&....~.:.qJi.Hu...8...y....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37113
                                                        Entropy (8bit):7.995022648364651
                                                        Encrypted:true
                                                        SSDEEP:768:p2OiWRuckzMtymkqJVYDr9niBiJ4mSQGwQkOcFParxMqxAt5l9RhFxQTiBF:pN3Tk3r9idioPcRCMVp/QTiBF
                                                        MD5:33E73D445D92339BCFD7B5E34BEAC22C
                                                        SHA1:E57B051FCC2967FE884672494C449962EC2952B7
                                                        SHA-256:7E8C98EBAC734977834FCA70738A413894C58D38DC47F9A25F0ED39784EC61AD
                                                        SHA-512:ABF5EFBD063FCA43071D70BFA3CEFE17D717B6C67D9A0D22505F3231E0137F1388B85E771557ADD11076A7AE81C04693B1DEDB857D4CB9A3EA471FD6A729955B
                                                        Malicious:false
                                                        Preview:..9K.....3.c......T.....3...)J..&..4..V`...@.\.W.+y.W.w_....<.G.G?.'CllP..S,u....n.G.~.$O..^%g"...q&8... ..[..#K,...u.~6-.!......zW..EB..!$}.cv.0S....T....F=...61-..Qo.;..p.#..'...z.v.\nXK.2.......DYn.!N...|.pP.m.....d..,....@.\\eK.HY.7..a..........t-.l.......f.B..Z..f9Ec.!..Cr..LuVv..........JR..9.J......Q\{<..`..m...kq.t.....Fj..a-/?..Df...i;..!....B....:D.Z._lj....IC-C..|.LM...T..i..@l.D.zt.V......ow.....kZ.SI.../V...q..:.@j..\....x....Y......~.....%......c~...!/.w...lj..#...ku[..L...F....!I.....ii$....d1...34W.....V.I..=T..9Q.P....Tm.l.wx%/....s..Q.....~.B.U^.\*^......o.:|.".}...)K..j...`.w1.1..`....-IYi.6...x..}.'...h\G#..<G..x...z.....F.X...O....k.w....;.%`.....X.!mg......q!..6f.k.:G...k..hV....[MTD4.3.`.W..x...8\8-&.^.BN..I..h.{. ....x.,..B..x....!............l..........8.*J6..!.....45.N...,....A....I.. .....}..G.L...z.B...se.D....xW....X...........K..d.Y:LS.8&......F..C..M...0s.... @).L ........u.ZI].b..Y....T.[J...5/..K^.8.<.j

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):4067
                                                        Entropy (8bit):7.953764567513865
                                                        Encrypted:false
                                                        SSDEEP:96:Fi3feSX3IQ6vXG5XZSCfroAZKpzKkWIRnIqeQ:m1XYj25AsoAZKpzKfIBF
                                                        MD5:09A095A3707037FC3F44AB287B20D474
                                                        SHA1:8A48DA4D1343C495B63442B9BB4588E86824C7DF
                                                        SHA-256:C8147FE64C8DF427725B2F3B0D20064BE4558CED50BBF3FF282F194BD7929C88
                                                        SHA-512:A4A57CB3FBCE4ABC634AFE05A474534C173F17172C0D71624D9DA72C8A7A4226192BF2F11EC379A18E472B444F912FCAB80056CC05ACCEF1609C6B96143C2E92
                                                        Malicious:false
                                                        Preview:.t..%<...L..z..8w...J..B....u..#.m.UkO...U...V!oiQf.d.cE..LD1.. `q..R..;..%.......%...=.<....".....}s...].l.}..._E.0..l="..0.z..EsG..{D...W..;(.^.%`..c.d#...!....(.........!V..%Z.~.Pv..#y..6.D...[]....w9.@...Z.#......yqmQ+=.9D. ....Pn....8....t.r.\..4.XS7.s4..H.W....Q...G..J.B...%..x...G.L...!..gO.j...S^..^n\....K....^.>d.o<....k............'.......PDR..*t.E..'7e...zV..H..'....D. ........}/.<.u..u"|...Y....;9,um.{...^9....PneJ...X..YQk...:.&..Ct2...(..&G........)o<k.`..$..Z....J.5&7.>..1..[.!..w.x{.y....Ng.&.8.D.v.:%K...@dJa..qq(...h*..r.;.=..e0..n\..1S.l!.w..*}>...vV.......I..{#<[G3d...3...N.....|P...8...|..>dV...8.6........2.J..e.4..S+.g..."b.a.W.-r..{...ZK .Z...l..Z}...x....5.J.C..8...D..m..c.w.+.ei....U..]#b..>.......D..^~.\|.......I.L....k.k[...S.Y~0HI..D|.......`...x....V^}FL.......#......._.?..p..#.L.L.>..,..3...'.c-X.........eg.C7w..T..?8.7I.bt]z ...-......A..dk.....j...^MI..b.7.j?..).g4M..^..FV.^.UtV.1|W.Y...v..N........V.N.qv..$T}....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\CURRENT.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):248
                                                        Entropy (8bit):7.224627951488133
                                                        Encrypted:false
                                                        SSDEEP:6:Iy2+ooRMUni+djjf61aBDE6txWw+DdP9l49aUSnW:Iy/okJldjjf61a+6KxPlu6nW
                                                        MD5:503890192F1DF530FA3D7104CCE5C610
                                                        SHA1:B7ECC1A55571FAF83D80BEFD8CB8DB066A15E835
                                                        SHA-256:D7BA720F1382DF079867C4C2A641C1AA84AFC99BF015B9F830E5219305D5A2E8
                                                        SHA-512:A57A451C10964D9A5B2094EC72EBB1967E51411A353E1BF9C75DA658493E37865CB484CBB3FD04F4AE41ACAE61999B9DED634BE0BE9704B8336BA2B55AE1F22D
                                                        Malicious:false
                                                        Preview:|.."...."aJ.x.K2...&Bko.h..9....x.9.^)L...n.3...f..u.k$Q...nPi.. E.0./...m.....U..s`...[dVye....0...j....b....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):549
                                                        Entropy (8bit):7.638033709062708
                                                        Encrypted:false
                                                        SSDEEP:12:1LsGjkiXgixCc/azSt/WYN9TB8DNel1VYzXf61a+6KxPlu6nW:1LJEDYj+DcPYLf6bxPlS
                                                        MD5:98B4093BA7F38215A125539A28B566F4
                                                        SHA1:47A214019985C468F70847B4D571C5D8151CF9F8
                                                        SHA-256:37C92193E7268C72D5A731A4C9074BE28057C02431996DB9425BD468F86027CB
                                                        SHA-512:E61366B8B75A1C712C499C3C2530205F7EF5C1A75C418C717AA2E646AF0FB1D214B7C068BC3D6EE962035A39A646B83264901AE2528B3AFD14C6ECF656F9828A
                                                        Malicious:false
                                                        Preview:.E.*.q.."&..;%...[.Z....`f.P.\.w.....o..J3)i.2=.D.s6.A..@......7=...........owd.HCC...5}0O.tt.t3.F.9......A...6.M=.iep....v 1.A^..G.JY...B.n.W)_.P.q.....sS..M..w..C..].."!.f....P..S.5e.U..FhT...L...3........1.l.8...7.....*..{.V3c..h%.3[... ..!..Q.:.gt........e..@;!?UrOw...A....oI.A...A..H.k......p.*...&WD..f..Z"..x.:.^)O....z...."/]4z....h.U.3.?..m....J."}v..}....%Ud.+..[.k.m)S.u...[....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):557
                                                        Entropy (8bit):7.605162619922008
                                                        Encrypted:false
                                                        SSDEEP:12:U8iQEEUYItRsLoVGfT9FXGWeAEPr52PpskbM81O2Zbf61a+6KxPlu6nW:3IEUYFLMwxV9eAEPr52Ppskbc+bf6bx4
                                                        MD5:B8CDD1ED1C74880F32411B597A29B9CD
                                                        SHA1:822287ECAAFA15E29873689A109CABA1675D6B1A
                                                        SHA-256:F7A82C8B44943361C5619FE397D32F3C7A51869F790CC4330C298BD2D916517C
                                                        SHA-512:0D06831D6192BF85810E5442590B48A15213F93D2BDA8B83AC7A41B8F366FAF8B8180ABFCF0CB19D32412C1DE35669817358E60E3483EE5D9328C20E8A3AC709
                                                        Malicious:false
                                                        Preview:.D..}........f.].B......9....z..Kd'ma..#...=.O.kC.....}z..Q.`...4.?.7,.D..;....$..F.%*.".X.k.c.......'g. .W.....Z).....3...Y..rT.QQ.+3%...........T>E..].t1.+.....I[....|0.K.{.(...B.....(%x...<.s.8......T.~pZ....ag..Z+..&.4.M.....J+ x8.."....>...........O.^.Y........?P:&....._8-. .E.......'#..O...ye..2.1.B'...&WED..g.F['..i.9..)L...n.0........w.$..6/.. .u.-/Q.w.z....r.....6....;..Y?.L..Q.......(Im.c....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\MANIFEST-000001.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):283
                                                        Entropy (8bit):7.3104596561371125
                                                        Encrypted:false
                                                        SSDEEP:6:SBC0B6Y/2wy4dwExFpH2lhsPVjLMf61aBDE6txWw+DdP9l49aUSnW:c6qpyEDt2lhiMf61a+6KxPlu6nW
                                                        MD5:A49ABA6D748F3E6BAB1FBC9644A36366
                                                        SHA1:B2E2363AE2C67AB58EFDDE44077611CAE599DAC8
                                                        SHA-256:AE1D9891B357336C1A9DF970E21EC7C028C3E6E8598499D749BDF5DDFE5BA711
                                                        SHA-512:7ABD9D5124F7E2A3E8DD2C52F1EC3628F2D025831ACEC3FB4863D09DB86F844F5FD443E4AA0CD1F04B70550AD9076A21FD06675AE8D665BD78E73BCB3BB0DA99
                                                        Malicious:false
                                                        Preview:...:`....\6J....KL..B...[...gP....H..MT...&^E#. g..qZ.W...........n.b..../f.".\..1."..U*..L..a<j ...{.....g.*../p.....S).A..z<v.a..aC.O<...b.l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):131313
                                                        Entropy (8bit):7.998806198755304
                                                        Encrypted:true
                                                        SSDEEP:3072:/LXNGuTVOv4VZ4othX0/fUm6ppXnroJyyUAuaEGckeaYYdLX:/QuTVOgEoaB6pFr+GarckeabLX
                                                        MD5:E02078A1E948505A24809511268B63A5
                                                        SHA1:BF2B5D8CB028FDB427545ABCD534AB0BAA7F000F
                                                        SHA-256:2B2312966A01DF78E0451E0FC1F3BB2C601876A3634E28C84594AE19E1948A71
                                                        SHA-512:3660E0E3B5A5561BCB6EB2575B714DB7A1DE2B3ECE5BC50E2E23E38E73471AB8F5C7321A2FCB4A6CDF65B720F7CDB9381AAE8AB835F19E9B2C4578181EAB2055
                                                        Malicious:false
                                                        Preview:u..NY.nn....>...".I....k.DV......#l._.....S.../}..k.k...[..\...D..=2...q...2.S.w...8lo.t..q.......,........t.....x.w./..R.sr.@z+.Rjd.X.+,.. =.J.1..U..L%QV.....(.|...U...I;V....w^..'..r..D.n....F..E.i...g.S..5.?..R...j.d..c.':.E..w...u..~J.X#7....SF.....n.3....f........y.A_.L....B\.W...!&..&.H...3..@y.i.....U.\.i";....]........+44p.0O.. h......6..QK.0D...D...l.8>...%...k.."q..1.=f..b.B!...,K..42.<h..i.{.Ml......;.C/\.h$j..k*....t.......i..1@.0q.Cm.?..6G..*.A.....U......h..Ro.r.(}.....l.w;#.l...(._.*...._.n..wc.M_...o....8.........q..XP Z.6...n....TS...0.d?.z.;k.c.UG5.....<.t...%...e#.h.8|..'.Y........W.W...x.b7p..-....\.e...K$j..$WB8(.S3..:......M<.*5.l)m......i.o..........4..p...S)S.....=R..59.9!4.A....X._H.H...esO.5.....^,@E......g...=.]|..=.....p......).......m.............=../S.[\3>,v.sh..Jp.....>,q#hLf. L..,]..hdp,.._u,d"S>.l.%^....k+Msl......5."...5...&q@Z.V....\.j..T..r=!...e=...AecI...`.&.......,...-.H......n.;...9.YTv....U....g.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):339
                                                        Entropy (8bit):7.302559920662773
                                                        Encrypted:false
                                                        SSDEEP:6:XyRZjzasj8Hlt/IRfoIIGzHri7FViqPyvNhIMZ7f61aBDE6txWw+DdP9l49aUSnW:CjjzYGoIHHGtyvN9Z7f61a+6KxPlu6nW
                                                        MD5:EE0D692983C627E8DE60C35EBFBA1DC9
                                                        SHA1:7F5DE187B4BE31FFB237D490841D70E713A0ED83
                                                        SHA-256:EA06F2B0DCAD02636B9D23C0245BF71731488918EA060454F870F245419E594E
                                                        SHA-512:1B990B44EB6FAD45C1B3399F7F4946FFD0AA3FCE33A1AEB9FEA70B87AD10566883B6675899FFEDCF32929EBAEA6BC250EBB213674547F561700A7F5714A51094
                                                        Malicious:false
                                                        Preview:.TcZ$fEZ....p.7#....+.O...0.....R......F....T...........%..q..>X....v.....A!'....5..........T'..)...#ED..g.E['..i.9..)L...n.0....M...G< ...j#r..o...R.k..G...Rf.4V.+.C.."..;......|....P.o.c....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):248
                                                        Entropy (8bit):7.244203568311816
                                                        Encrypted:false
                                                        SSDEEP:6:3t2i+Xz33lMjQf61aBDE6txWw+DdP9l49aUSnW:3c7X7df61a+6KxPlu6nW
                                                        MD5:3F3136583727D5B19EE3A40D1CF70B50
                                                        SHA1:3AC1A3849CB0CBC588B7B18A2BBCC0A52794B757
                                                        SHA-256:F3120CD24520C49200F3A6E9DF0723BD23B755E92815652F9EFFDF1C3606D818
                                                        SHA-512:54CAC3D30C3081FB35493A9283705EFC1F6F87B240BB49E2255D32A027F43A833DD5CFD00B37358CD7A3C60327A8DF8C41EEB84707C6A4AC13775B4BC70B35F3
                                                        Malicious:false
                                                        Preview:....>af,{z.EP......&Bko.h..9....x.9.^)L...n.3....N.w........_.Z.>R!.1.Bb-V.aE.T^.0u..PG.......u.}....K..R.s...~b....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):546
                                                        Entropy (8bit):7.616828949924347
                                                        Encrypted:false
                                                        SSDEEP:12:hs+5ABCt94BXuj/S8btFG2J/BtD6HwMfcN4f61a+6KxPlu6nW:hJ3KXAKUH/D6Qycef6bxPlS
                                                        MD5:F6EEEAE29D1A37CD83F38A9F518A2A4F
                                                        SHA1:3C3F9DA0DF6AE8007F2DA017FE42C30BF4CF29DE
                                                        SHA-256:5B1269E056DD13BEEEF005CADA9BC3A660F30214894A27608ECB0C0009AD92EC
                                                        SHA-512:C3A2D61E63EF9DA8B121D3CC8B43BA3596841114E3C6A9C299CE023E575763193C1DBC7C067A56125295B5274C8394BFD6AD6DC19BEA357A5C1B739A8021844B
                                                        Malicious:false
                                                        Preview:.s.5=.......r^.-..q.4D.l..IK.Rl.X....g.xM.....M....o.#.|.m.y.B[".`..4C>..YD\:.u......X.P..D..V..^@;f;V1..$R....D...?*..>...".$.)4.g2.:.(...2..o.>.!.+....a._jW:. }.SZjk..-.?J.,.....0V.^...15[J{..l.Q..N.hFb.C.4..&n.n.Pv..p...................l..G..I..P.j.F...!RM:w`..{M+m....P.......'..T........"....I/....&WD..f..Z"..x.:.^)O.....8>7s...l:....B.'.......3..6.).M.9..Jn5.(..J.5Cl......p1..[....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG.old.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):516
                                                        Entropy (8bit):7.565656230821453
                                                        Encrypted:false
                                                        SSDEEP:12:0RI6ah0KiowxOyaUnSOLcuA1H2A4CafB+Ei3ED7f61a+6KxPlu6nW:aIWKtqSOL2+NBTaEHf6bxPlS
                                                        MD5:50DA3D4649F9F151C8B7182CE9B67A3D
                                                        SHA1:84A1BF207E8D0F064EA15D60B0BF6F92BDA07EE8
                                                        SHA-256:3AB9757DD18D5ACB1793E12DA9554DB90E98F642250D7E43B2ED0250BC1452A8
                                                        SHA-512:F1FFAD810D47BC04C1260F94F8E472C921B4936AD8E8DED50AFEF0DB76487062A6326241A4DA0B7C3620C73042C1EF172282E26CE4CFCF418FC3C6C46FB2D8B3
                                                        Malicious:false
                                                        Preview:..]R.'...:c.6a.....R..<.J{@...^.f8$q%4..c.y.oV.D.N1.E...D6B..%z...E..w...S..^^.Oh..Ls]|E[,=W.[M.#J.F_.).xf....z.CU...{:d.~.~.I...Y....Y...f....(J....m..%......e...?\..Wy.E.].....n.....Rj..w..\.O.. P....T ...hn.+...]._.`...ee../..)x=.^`q..P..nk....K.O..[..X.."P.F..'.6Ix....&WED..g.F['..i.9..)L...n.0....eA.=.......b..q.+A...<....b....U+......:..p....../...........[c....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):283
                                                        Entropy (8bit):7.320991281548229
                                                        Encrypted:false
                                                        SSDEEP:6:HL2yiNJR+K7Jxvmo/2phgRCvAIUdb16UBzf61aBDE6txWw+DdP9l49aUSnW:Hxil+K/vmFsWOdb16azf61a+6KxPlu6W
                                                        MD5:0232620C0DD7F432224B03C30D7DE13D
                                                        SHA1:5658759E43F97ED3E671529F99A22D391D6A3F3E
                                                        SHA-256:8128E46C1FB9C6F76E3B2CFCAF963ABDA3A85DB8CE83D74B5E5C436E6CAF054A
                                                        SHA-512:43DBBBA05D78F831CABF9B342173865F806E2A262A922CE022CBBB4422A229D5E7FB1C2FB37612E95716A7B612DDCD80DFC945E0F54BE6F08D009D587EDDA3A2
                                                        Malicious:false
                                                        Preview:..@>.m......|F. ....l....K..!2...o..]...&^E#. g..qZ.W...........n.b..../f.".\..1.w<..L..U .f&....|..5.m.*J.....|z.....T2.y.`..)....L...c\:..{-l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):393
                                                        Entropy (8bit):7.424530407009871
                                                        Encrypted:false
                                                        SSDEEP:6:lCOdTWMF3B+gZBgtIu1rYGzHSi9GWyD0l7oOt5f61aBDE6txWw+DdP9l49aUSnW:h5rZBMBzH2WN7og5f61a+6KxPlu6nW
                                                        MD5:758801162F273764FDDCB8469328EB79
                                                        SHA1:FD2FBFC5EAD75D5653996407AF29BF0B49EAA95D
                                                        SHA-256:B4F43919D44239426B752E71CAB238C3AFC379CF728A656E2E0CA12A06D8AD81
                                                        SHA-512:530DA5FAA4A6C627F730106FDA074AAEF42EF256812F87D2C0047516101FBBDAE1AF8C54A354528B26D0CEEFAB7A3183C90BEE69703E2DFC6FDBE8DC871E0A7C
                                                        Malicious:false
                                                        Preview:zu`o...6....4DI...f^'.c..Z..3....s..`Uvn.LJ..9W<.....`....3(^...A...~.b........99....4H-d.b...<...h..O...h.u...SC!.^..me.g..p.+T......{.+....E.*.Tm.J..>r...#ED..g.E['..i.9..)L...n.0....0...K.J..n.=.X>.........+........g.....>M.....2\......;.v(2c....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):248
                                                        Entropy (8bit):7.2135195341407
                                                        Encrypted:false
                                                        SSDEEP:6:YIqtJgz+VNRIAH8o0fqK6f61aBDE6txWw+DdP9l49aUSnW:YIq7gq7O20/6f61a+6KxPlu6nW
                                                        MD5:2CBBD41B01281A709D123BCAD5798324
                                                        SHA1:DD644B173648008DBE35ECBCE092BB3E5D278343
                                                        SHA-256:62EC555D50990E1D73EA9776191F519921B2D873F0F1031BD4E760CB4587A058
                                                        SHA-512:DB4A8B261DA12D886ADCB8B5220AA23BCBF5E3798D97685A0704B2D905CFFB942EAF436616FC0BEADB44311E527918E3728BA03308BF1F0E65CF03E6EED155B8
                                                        Malicious:false
                                                        Preview:..m_9..sF....+!...&Bko.h..9....x.9.^)L...n.3......=N.N..\...e%;;....."..rQ&`h...y.l..h.{.6.z...3...+.-S.#b....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Secret Key
                                                        Category:dropped
                                                        Size (bytes):564
                                                        Entropy (8bit):7.665560365482217
                                                        Encrypted:false
                                                        SSDEEP:12:opsbDDwiwseacaQzAZdfJYOdB8yEGKhDHUbhwf61a+6KxPlu6nW:UsnDwF6QzSdf/d2yENDUhwf6bxPlS
                                                        MD5:42521F2BAE3317E5D345E84006C10537
                                                        SHA1:49565FA97DC730751883D88416D8679BAD318CA3
                                                        SHA-256:431FECE0757E0B2876D94CC8E2FECBE7E40B00CADAC44F12BA6B542FB6708238
                                                        SHA-512:BED947462FCFCA70CAC20355F1B6C25B5FB6CB9A367D670E58C02256F6EFCF7E2DDFB8046A0415584A127AE4D29338F272418792BBCE3AA79084E4CC7D55FBE0
                                                        Malicious:false
                                                        Preview:..._..H.|.ov?.O.$........H(v1.._...=..`.mw...Zf.&*=...f...G..0....!..yo.K........PG.nm....Z.P......"M..[..D.G^E.m.I^.......E.....~.?.C..k5........8.i[.......J`.....V.,..U ..-Z..B..../..4k..#.P3 .c#..Bp..8B+.C$1.....Gq.L$.!.. .i+.~..s..[O}.F..m.:k.e>.....5..C..T...............)...?.gt..7....q9.W.._..p.u"E6....].P:.T'...&WD..f..Z"..x.:.^)O....._..E..r....0(....$.&q...EhTtF....(...Q2I.[Q....C....O|F5P.b[....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG.old.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):534
                                                        Entropy (8bit):7.600246718448127
                                                        Encrypted:false
                                                        SSDEEP:12:BcPlnOWCNvY5PizL9IKg0n8lUKf61a+6KxPlu6nW:BcP14w5qzL9IKghXf6bxPlS
                                                        MD5:88C132D4E4BD86613ADBAB9FB00A3DF0
                                                        SHA1:1D9879149A5D03E1552F123F3200C28C51133E2C
                                                        SHA-256:148271533784BA32C4AE9AB090CDDBAA019A2F534FFCD078B1CAF2089E0284D6
                                                        SHA-512:38A2771060E4118787BCEDE6F93E828873A363523FCD6A86190FA4134B73D63D003AC0E83E07BADEEC65D46C97DB5C059CAE5EC7B28645304E274295137B104F
                                                        Malicious:false
                                                        Preview:..o...}.?y.dfm..+.@.I.g@F.J./.m......)6.6.t..S..S.....J8.>.b.WYY.9P...O..E8$`.8nJeK}.........9..{....+.'...A.....((.....t.3..."3...1.z............C.>.... .:..z=o..C.6$..!.z....@...(@o..v...{\m.!;.D9.=.#...S..>...m)..l......0.B.+.*..UW0....&.U4G..L...<........ ..N!..O..H.,....u.......&WED..g.F['..i.9..)L...n.0.....)......h....~.......6.KV......v.E.x.3Q.......R...4....[..?>cc....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):283
                                                        Entropy (8bit):7.237917871638951
                                                        Encrypted:false
                                                        SSDEEP:6:rSDx9rx9d/2kjHMfdmfaMf61aBDE6txWw+DdP9l49aUSnW:Gx91j7Cdmfjf61a+6KxPlu6nW
                                                        MD5:635109571E94192268D4753F17825125
                                                        SHA1:35135EE41FF48287E140B31798131807BC92059B
                                                        SHA-256:FD0F62C531600F441A00C9001DF807748127E7EB4D6A431DC6195F68DED1CBDB
                                                        SHA-512:E5AF7AF69794F532B58AC2BA00908348A3CA8AF5C0373F329C2B7A4A2B93CCCE9813851F459423DF69B804AC2DA62B72B9F4368EBC5D1BC1B4A18767C14B617D
                                                        Malicious:false
                                                        Preview:.t.......4.^....$.I,.3....i..D...z...'.....&^E#. g..qZ.W...........n.b..../f.".\..17.G......|.^.j.v.lni..'.e..r/.8t../...l..\..........u.&.&Rl....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\Linguistics\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\Adobe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\LocalLow\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\ARM\Acrobat_23.006.20320\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\ARM\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\ARM\S\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-0C0A92D435E5}\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):248
                                                        Entropy (8bit):7.129323628813131
                                                        Encrypted:false
                                                        SSDEEP:6:WZB9++ESfW8rbcGsznmFk7f61aBDE6txWw+DdP9l49aUSnW:u7HESO8rbcG4nyk7f61a+6KxPlu6nW
                                                        MD5:0EBBFE299FACF52D3682351BF4914EA6
                                                        SHA1:5EA612D229FEE54113AA87D0FA90D1343CEFF97B
                                                        SHA-256:351FBFCC9BCBCD5D0DDA5069FF193E6A94EDAE0404629E5B2413170BADFE66A9
                                                        SHA-512:BDB4978931DF6411B656DD1333D40B1DAE4D73A1C5B9CD842E7D096402C3107DB70A4AE7F244F03F20461CA349D9473506F22F817871719C6D77D39162E63C01
                                                        Malicious:false
                                                        Preview:...U.=h...........&Bko.h..9....x.9.^)L...n.3...M.G..+.M.+.>..0%a>..>P.b.%.....q.E..Dj....~.......j##...{`.Db....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\the-real-index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):291
                                                        Entropy (8bit):7.272067524845575
                                                        Encrypted:false
                                                        SSDEEP:6:Sez+vlgO7LCvO3rkR6jxFNGsXUxfz6f61aBDE6txWw+DdP9l49aUSnW:nzc6GIec6jxFNGsER6f61a+6KxPlu6nW
                                                        MD5:29FB2F189D9B0E5E0095A5D7BFE85C22
                                                        SHA1:0B9D01985BC4ED7E6268CBAAEABD132EE901649B
                                                        SHA-256:0CEA61BC9E0A62441FAE4B0592F2024A8869F6538E48466DF706DDA6CD9D5DB7
                                                        SHA-512:F39A7E801DCFCAC844E97FF00D326770900EA7C50186D658B79535515CAC3588D0F7B4B573E9DFFC07043D39E483548BF408E115FD91CDC354C20D16E5E28545
                                                        Malicious:false
                                                        Preview:b(...>6...#...........jv.I(..).1_..l.._.....A......&uEG..I.;...n.K]|CQW...n.0..../e."._..1..+..Y.!m].!..y........gB...,.dZ..... .Y+....qx..>m...q.....m....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):253
                                                        Entropy (8bit):7.270827307877194
                                                        Encrypted:false
                                                        SSDEEP:6:FrIGrX/OzFNGRQCf0lPqoYe6f61aBDE6txWw+DdP9l49aUSnW:FrIiXQFCf0cPf61a+6KxPlu6nW
                                                        MD5:8B007660B810A0A4060E9FEFB3E661EE
                                                        SHA1:9370D536B98444B9DB1D87AFC9D9A1F638B3B144
                                                        SHA-256:FE80AA591A68F2054D4E7BDC0C0E1FE11F01602B0B37CE8E81BCE59A9DDDC219
                                                        SHA-512:C9D91B9E86B650B0C1A43E200F5B85636F78C241185D55435694835F9CDD18E0C08A144D1CDD559A1490B99B42F73198BA25668E5872B069D6BC4BF0105E1C30
                                                        Malicious:false
                                                        Preview:..Sg...K..Mm/%.7FM~W..c...&tE...f.X"....*.9.^)O...n.0...n.....5j..8...$w...{R5.y.k.w...}..l..Eg..I|"..C.Rj.X.*.PV_....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):508
                                                        Entropy (8bit):7.570482161675064
                                                        Encrypted:false
                                                        SSDEEP:12:RkZuMAIl7bQm8RntJO+3El2KH8p8n2SDm8woixf61a+6KxPlu6nW:u1b7bQm8YMXi1Dkf6bxPlS
                                                        MD5:83C4731A2C81668E36382C4B7A067B82
                                                        SHA1:1DCB807D69A2FAC2FB296CE819CA27DB86A0D0EE
                                                        SHA-256:8427C7F329A203EA0B92DFBB553361861C1710430D2B651A076B17A414C51880
                                                        SHA-512:36050B0E55D0852ADD1297B23271D930F0258F22F41786BD6AD921CF8597098565CE24365C348AAF64577026E0AB799BF6321F2464D5AA116FBF19F49CE8C94B
                                                        Malicious:false
                                                        Preview:....Q..9..d*o..I~-.~.M.[...0..}1.f.).B...f..Z.o.!..(..ue.<J`Y..G..z0...#P.u%......4..0P[U.J...I..AW......k.......0$..q..:1.'.Lxu./.....F[.w..9i.6.,...'v..d..8ms....1....$x..8<.m..v.:.]..Mt.......'..W ..E...N...th....UX`u.C..[...E.gNzKV..!.J.-.pg-*.tr.....O..MLD.....&WD..f..Z"..x.:.^)O...[(.e...k.4.t.. x.{oi.td.v..d..f#.)...U.J".....z...F.46.[....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):516
                                                        Entropy (8bit):7.613841677038461
                                                        Encrypted:false
                                                        SSDEEP:12:2Qu1w6QQNRGwzwvnOHZ19OAcbO0XzmxGf61a+6KxPlu6nW:tewawbY1IAcbzmxGf6bxPlS
                                                        MD5:CEFB443BFE372469812FE64D58A789D3
                                                        SHA1:392D621B487152B643A6AB5E9E3ECD3382285734
                                                        SHA-256:0C3B4DA0741D2214FD7554B3BE9B301077B8609814886A403D9A091AF66526B0
                                                        SHA-512:B33B4F33D339834372AE10786581CCD3558A232A034755431DBAB1A8EC286156D6B9D8969C56F4A4F61A40C5345C4DCB198C3A304CDD93FA94949767345A47A0
                                                        Malicious:false
                                                        Preview:.V..@..(-i$..C./....s..[.`,..N9|%..%..O.@ .D.*r.(.>h.ZdL\..mu}.M......`.TZ..mH>Wn.cK.)....0{.CBnf...o.v.,.>......9.h.I'E.PBh..\R1j.(....*].).n_.E.....=..,.........'jkO...N._..w?Y.7.]u .......p...l.Y@..#...5#....i..p.<........=.(.[.K..H....0..V.u.W....q).....#....Qv5t...&WED..g.F['..i.9..)L...n.0....<!....(.7.~F.u...z.....CV..c...A....+.W......0...+W...r~y..c....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\CURRENT.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):248
                                                        Entropy (8bit):7.166602308239892
                                                        Encrypted:false
                                                        SSDEEP:6:hcJhnz+hMgxWGI+vf61aBDE6txWw+DdP9l49aUSnW:hcjnqhhxWG5f61a+6KxPlu6nW
                                                        MD5:BC3D7D35E3AE1C70AD5D9F64975ECBBE
                                                        SHA1:29BC5F9B701D30177B3FA7A3DCB2BF21205ADBE7
                                                        SHA-256:260AACC0415D971E78114F98D7221EEEDAB745D79DDCD6D32E27BE25D048F194
                                                        SHA-512:ED072DC14D4BDB550CF71BAD903C45AD2AD63E5F8735E87E0F9E788BC0F573AB6904DDFDC8FF4C4AF1B24EF8B631F2285FBB68361299C764D98CA62230510A93
                                                        Malicious:false
                                                        Preview:.zZ.7;.....-..\...&Bko.h..9....x.9.^)L...n.3....w.2.!?$..+..t7.k..K..^+........I#*....`jKd]...Q...I....!)P....b....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):552
                                                        Entropy (8bit):7.639107940089062
                                                        Encrypted:false
                                                        SSDEEP:12:a7oSppPtzXI7NLypgAPas8xjrftD8B0ap9erf61a+6KxPlu6nW:CoSp3qOas8xH1DaDerf6bxPlS
                                                        MD5:DDD3D7B43B2DCAFC3D40DE95530FEA91
                                                        SHA1:E5368B7C8392FEC020A02A6A8440817C7E7B3BF2
                                                        SHA-256:A78C4D15CBBD226E1B89214EF46F34EC8460953E12743369C22697038CA3965C
                                                        SHA-512:8AFCCF83C0938F6D759140F3880ACC5BD15F2573CCF4CD0405CDF26E983F0BBC85320FAC68A42F9F98003C5D6697BCCC1354DC6A63ED4C75CF0996E22770F2AA
                                                        Malicious:false
                                                        Preview:$Z.?&....ahb.>..4.0....zuj-r..w%.{.pD.U.....}....0H(@....."h..h.....S....{...,h.-t?.e9c...0..6.".@.m&...AKDB.Ljr.`9..n8Wj.....ZH(..J[....cY..S.qm3.a......<}......#.D.2b.W.s...)R...P...d.j.C....Lm..Z.U...)..wh).:.....7...z..}..}..q.uI.`S.:....(..iq..T.{.s..-a....+.4F....XD..:.w.....@..^.6.-4B"_!....[.mvM.W...&WD..f..Z"..x.:.^)O......(.p...ssLN..u.4.f........CN..Ty.L.J.Fh1..\!.f7..yx..w...u[....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):563
                                                        Entropy (8bit):7.6750827500963235
                                                        Encrypted:false
                                                        SSDEEP:12:ckZtKhENQXPyyHJ39+44V7HOiTGtz4hTe5ea6f61a+6KxPlu6nW:P0hBPJz+44tSuhe5Qf6bxPlS
                                                        MD5:BBFF125BD5744BFEF2CC8030AC6605B6
                                                        SHA1:49CD615A2C884F6709B23749879422FD3D111D53
                                                        SHA-256:A27B448FA05710421CFA6FB125C56F7E042331F91D7E762C955EDF2EFAACA919
                                                        SHA-512:9C0BFAA613A2E0E878154976E1F4751952DFC4F3F919280985E7CB1E02AA8E510B33F74B91649B4C002F81D151E1AE0171582659B8F3E56A4092A79D630D6E0E
                                                        Malicious:false
                                                        Preview:.$T....)..G....J..Vp.e......P..Vk!Q...(g.jj..y.e9O.....N. p....P..Lp...6..J._...1.. ....S.)..W..o.w....Y!......P.8.k3.=.8....c.P6...VY.......`.-.1..s..R..*w.O........p..*..da,$l...).P..xd-..h.Q,o.<.....Nu(b.^.1r,_.2'.dO.p=J..{.<U........'......S.. ...r~..e^.C..4x2....Rb.y..Q.{..A.?.:.7.........|.7.....,.w....=..%-....&WED..g.F['..i.9..)L...n.0.....ooj.j..:_}8U.Q.hIW...Y+.z.O.2OV...B.h.K.t..x.4.d.x...:. ~!.o.Ywc....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\MANIFEST-000001.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):283
                                                        Entropy (8bit):7.249967021936535
                                                        Encrypted:false
                                                        SSDEEP:6:Kn5Wx6o/26B+KKJdHKOYQf61aBDE6txWw+DdP9l49aUSnW:scyKQHKO3f61a+6KxPlu6nW
                                                        MD5:A8F539D98EF798EC4EA8D30688F60DD7
                                                        SHA1:F999DBD2AE9507EC0CFD4ECD5C58BB4CB59D85F6
                                                        SHA-256:B3BB7B3F968C12C7C00C213616B54577B1F3627011B07BE1F993BEB6FBFB23A2
                                                        SHA-512:8584D3A062EA2667C07E6A36F7C3DED7F96BE28BF5E257615875B94D7AC63956505B5F4B8540BF555C2C907DEB45BF4D2F68E4814B93060238B63544422A2251
                                                        Malicious:false
                                                        Preview:*.S...2..u.p..1...\SR$..k.;*.'..k.........&^E#. g..qZ.W...........n.b..../f.".\..1.N.t....Xm....}s.y..\V.DG...8Tm<)V..[.'k.x....&....k...QyV9.S.l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):731
                                                        Entropy (8bit):7.6936158946337825
                                                        Encrypted:false
                                                        SSDEEP:12:QkjoFRNxsPCkIWHMtRPzg3arQAC3dTbe3cqsa2f61a+6KxPlu6nW:QqcReuuarhC3dT6/sDf6bxPlS
                                                        MD5:0F321E6DC3B768BAF94A4014E64EB0F5
                                                        SHA1:22C085D20013387D86A8A1A013D07C2BB9320229
                                                        SHA-256:802CA6E9DAA80A1924C948E6500B2F69E73C3C45766012D62F881C09110C6071
                                                        SHA-512:99535020CB52E8595A86011C0C020566C54445DDAF346EFB9B8A0E3E088610D0F01086EB797F55768BAAD1237CD7D89EA9AC55EA13FB3E8EB976CB7FB4A1070E
                                                        Malicious:false
                                                        Preview:......'..6O"J/#.7.N.6....X...0X.;}.2.......=E.N..<..:.#5a..F...,.$..N.>.5.....d.xm=.?..l.FLz..~.Y..\..l.....d.X..i-1.6..a...j\.E.../.0.VN...[..5.DV7gt1....$.N......Y$..9...j)B.S7...b..8..X...........A...0.HW.._..`.."....v..7.gl......s..&....I.c...g.e..m$.Hv...t?R...,n.8......GV.E'8Z.H.j..L.?.oX........^\E..V.az|(<..t.q.....Ly!E$......./...$.z."64...}....5.;E!...}......^X...h..I9.9.M.."...~.+...XWF.......sD...Z6'.;.]Q....M.j.....>;}!..q^A..E...U.<..|.8H.M*..&sE...g.PZ.W....C.......0....}e."._..1.5.|l=...P7.O..;.B'..O...". ;=/.x..@....:.Q....,C.@.....h(...W.Fq....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):283
                                                        Entropy (8bit):7.229562649106791
                                                        Encrypted:false
                                                        SSDEEP:6:AaBZos/2PsiL6ov6v5uf61aBDE6txWw+DdP9l49aUSnW:jHo23uf61a+6KxPlu6nW
                                                        MD5:2F95F945F022519294FE290B5E8C61DB
                                                        SHA1:8299E3FCADE3CE1624B0A8247AA0E9ED8E83CD0D
                                                        SHA-256:B31A4101B0A3CF94CA003D31EE177A60B9EF4FDAF5EB5BE0D0BA018552F0320B
                                                        SHA-512:DE398AAF5C5D4797FB47E7B5D8F0937A4237A3E3A96034F16117136F6ABA06D89F134B0063E6B66E59E4C4571CAD02999735CC2263EAC83752888AF64E71EFE7
                                                        Malicious:false
                                                        Preview:..............3-..YR.UZIa.$....k?$g. ..&^E#. g..qZ.W...........n.b..../f.".\..1r.y~.3.Ws...(ti.R...&h.AkO5Dm.k.-.JI..S....'2.sw....o..h=......l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20712
                                                        Entropy (8bit):7.990388882790642
                                                        Encrypted:true
                                                        SSDEEP:384:GMq8ljwTs0Jvktm0+KdRlTkD/X/2zqDY+bXbzTdx+F+fHNmBPB5deLvYAhUz1CF:fq8VwTs0tkt3RTAfel8XXTd4FQt2Bwv7
                                                        MD5:28768AA0DA48920BF57946971128FD8B
                                                        SHA1:1CFA9A190301997A2A3DE0B6E5D5B29DE2D3DA08
                                                        SHA-256:7DCAD6EBB7CA2F0F356E0F22628422E31F7ACFA0E53E50767114CB2C9126B5C9
                                                        SHA-512:C65581433C52C1341688835082AA060908086C59955918FD6D8188518870F5C3D592FF5533FB6B5031A686A30AE61C0DA8C8CEE14917B347262D4FA880702085
                                                        Malicious:false
                                                        Preview:..%~K$....c_mrGk.L.5.....Jn.@&bG.....&I...B.I:..a.q.:.7u....5`......A..ufX...".....>..f...{...qh......e..l.>.r.T...f.Z.I2.CT.`S.q......y..#."....m..o..q....7B..k..E.a.....YS..4,&y...\...pk.j'h@...bo.Z....`..!....~.#.9]j......+}...4.......q0..(Y..,.H.s...~.l..>p.3Q#F._..k.DP....M..w.+.H.U3......[&..=....,7/.....akR..h=B7\..N.1........9.1.GA..M...j..)!...N.s.)..)......b.2...c.L.gh...X#.u.;.|./.MS.t.....P.....K..nG..~.P,....5.."^....I...........?.{..m.@..'..X.e. =.a.n..{9FbM....x>.q.zb<.UF...B.{|.=e.U:..k.p]F..'......X.........>.ci..`.E.?...0o..p..AL....jy...|..z.>.4..A'...~...T`....A4.......i3(v.....<6Ii...$A.o....Wd..V...H..A>@A....e...FGg.s.CD..^.{P..g...8B6 n.......:.\g|>."~.eDcX.....iDF.n.7.U..H...f..N.F..|D..oM..\3 -.DV.%d.......... ..x...sp.d...eS..g.`jp..d..>.......0L...2....K...).#.&Pm..........D.s....C.61...|}u...cw..pO2.z....BY%.S.d...n...Jt.....6.j...L.P. g....~xv.L%+.....^/..Z..:..n...O.\...|.....=s.-...t..5...&V.C.i&d...'. ..t.y...^.i.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):314
                                                        Entropy (8bit):7.3600275067901375
                                                        Encrypted:false
                                                        SSDEEP:6:GlQJPZx43B0lpytT8ziZJe5J5vSXk0vOyf61aBDE6txWw+DdP9l49aUSnW:G84x0lpylfe+9vPf61a+6KxPlu6nW
                                                        MD5:C393F6D1369521FD643592656A516C23
                                                        SHA1:40DE7B27A615AED68179BBF3BFF76EF79F20D14A
                                                        SHA-256:4897AA0658DD2658F920FBAFDBD8A60F49A92C0B8414AD6F2737F95227905F4E
                                                        SHA-512:DBD0710A8C19E7612069A9FDE0E116BFBF03CCD3BF854377CCEAC01698909553CC66EFB4D2BBE2AC573F44E4E6DB6848BBD1536E6A30927F13D1EAB6EE8185C6
                                                        Malicious:false
                                                        Preview:..G...D#.d.n.?..k..2........x..._.3$..}.'......W.....!..Q...&dE...g.IZ.W..-..@.........=.q?.."._..c.6.|l../R..,.lS.m.)A..qpm......7.J...=..8.,v...d..B.l.+h.a.%..KJ-.1}y.i..y....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37113
                                                        Entropy (8bit):7.994970898034201
                                                        Encrypted:true
                                                        SSDEEP:768:QgYopvfIohVQyG0sn5zitpwlpVFwMMpaKekcjvh6OvHsZWigjoUObX/aqvztpg6F:/QyG0aFlpjwbgKwjJlvMZWisVqvzE6F
                                                        MD5:508E26309C207A6CEA0278884520EE0B
                                                        SHA1:7FBB384DC48B88BA596256FDE814EDC10181AFAB
                                                        SHA-256:5B3C425FB1A9C1DE98FD10166A59C9852AA8F9BE6634AF6908331883636E2235
                                                        SHA-512:ABF53523AE94478ADB27737016E3C09FD60947EC7BA0A8E2B1E66B800E07894C1CB9B766B07573A0F71CE6DFCD537AF3E353BC84FFBA40EFB718C8730982DDFD
                                                        Malicious:false
                                                        Preview:.:.U....7..?...&...?8....5.N[....rF.Bi.d..|S..&Uo....{t.%=.tL..s.......X&m..O..Tx.O/.1...i.@.. 2K.R.d.JH..}...|..l.....{.O.2.....Q.M.........npE..=.........x..a.k..........R..D.M...A.P.!.....^..\..[...%...Gb@..\#4~.Y.p...L...O.(.....7<F....w.e..`.+.a&v.......+..f..3Z..XP......~..QF.(.u.G..;q....%d.8.I......L..........oN.i.~..W..o..$,...b.8.6....Q.XS.^...7e..$.2.......xr.`....s.I...*.Iv....q.....]......fo.'...r..w.v....;.3..|....2!....sK.I$.../.Kto...x..p.+!j....H...H.Qp......\ki.:{....9<.:^.y....d..>)...m:.....0.........W...a3^.W..xs..^...A....<.n..Ta...}.K.Q...w.V....9...6.h>.K.@}.j..4g...pk......3.P}q....H...3t.............gM.J.@:.o....ec.S..}..r..7.?.}...|1..n....6..._.....Z.^.gvW..X\dOm?.j..R.......H .t....`%us..,......)n....D......D=q.w....G.`"....@E.SE.....(.6p#wU...d7.-I1.e...'..yE..7.......53u.m.R..?.G5.xT=A`..>#.;p......F3*P...[\Ow4..qrI...^y.d........h...Z.a......G..........A_w.-.aMP.........(i...,.4..G...}...{......i..

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):629
                                                        Entropy (8bit):7.66118163187146
                                                        Encrypted:false
                                                        SSDEEP:12:P4bYXYHVGos6Vfwh3ihv/+dQ9x5pD4GaxSiMp3b1pHM19ZvJy5f61a+6KxPlu6nW:Npohiyhv/oqx3NaQpL15M1Phy5f6bxPQ
                                                        MD5:3D4A3D131F19A59CC32BCB4DD842506B
                                                        SHA1:91C4C00160964A4DFD661F9611AC0D7233EAF724
                                                        SHA-256:63A12F63FB5AC6181C38413A87D561A55FAFAD644929C1A460F57B2CE3853BE4
                                                        SHA-512:452F7B1C0F4DFE610424D9D4E395ABF42177418F5FBD63A0C726C850FF788F90DB1DE0043730C930FDB988EC7346C6D24E9CDCBCE84C8F1AF7049E54411A8A0B
                                                        Malicious:false
                                                        Preview:...$.;..d(.]_cup?:..6....Gim..8...Q...)9..1...].S.s:..lm......y..6..F.*I$b..R.y...c.VLrA.|1%8.....x..@O\._<6.....*.....I....q.a....o.=....:...}9la......!...c.*.....{..w.'E.6..&U.....=.x\..%F..7zc....@i.3s..le...w.;t.$.... .....,.J..P.............,.b}.=-.../9.*1Op'....s)..!.pzO..*..........1...=.R.'..n......f...T4.....o|.w.'."...TB.....?y........c..i...+....a..S.....jX.t....#ED..g.E['..i.9..)L...n.0....]..^..."...h.1|.......r.N...E.o....-.......(....r...i......jc....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\CURRENT.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):248
                                                        Entropy (8bit):7.047208596649421
                                                        Encrypted:false
                                                        SSDEEP:6:VwKrWz+dmqsAu9UKjf61aBDE6txWw+DdP9l49aUSnW:Vrrddmx3f61a+6KxPlu6nW
                                                        MD5:593E0F34AA0E83916777BB010E5E962A
                                                        SHA1:CD87738FCAE0CAF3434E7D23CA841F9875F6DD96
                                                        SHA-256:B0E03F474CE2B1F56297A90FBE1C9FD1842C81FB40474D50462D304E72CFA07E
                                                        SHA-512:063A467DA50C6AB830E81FBE817EA5B827EBACF84B0EA0D5934688482AC32AF042D53E35E35F86F7CDE8B445CD866F0B0C72AE251DDAB73C05A792490F8C0C54
                                                        Malicious:false
                                                        Preview:...D.P$fh..C2j.....&Bko.h..9....x.9.^)L...n.3...1v3.E...8!D.......&.:j......B<.3'fj..].;EM.....l..f....i.%.;V.".b....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):540
                                                        Entropy (8bit):7.646393446538803
                                                        Encrypted:false
                                                        SSDEEP:12:HSrOnl/uqvEwVTmdcSGDzvY4377f61a+6KxPlu6nW:vl/uqvEqk5GDEenf6bxPlS
                                                        MD5:101479422988F73752D496B320C53196
                                                        SHA1:3C5CCA034983D101BFE123F05ED9E7905037798F
                                                        SHA-256:F6BA9B558025B72A74988EABE219E7458EE264AFCF920E53629FE2992399E336
                                                        SHA-512:2B64A482752EDAFAE1283DFDA51C4BF38CE94AC7D3CD90A679EB958C365AC58E443F10750CA8367FF43577981A007759E3DBD49ACE5DC1273F416042109C8BBF
                                                        Malicious:false
                                                        Preview:..h(&.R@....r.).> .s..q.r.......|...Ar..y..o..2...BrBA..G.....QQ......`..,.[f...G.uV0=.l.)."...7{k...Qw|.;.E..f...u..2...*Qlo..P.. ...W........w...d...lQ....r.\..>..5.......h.M..v......v.~]f._;(.....N.R..*M..a&h....f<R.e......2.....=u...p..)J....p...q....-...4j..Br.... ~.}.....TH...w.[.C.......&WD..f..Z"..x.:.^)O...._..k.n.X..BP*...-T.8.....p.Z(...}.......a.......+Q.`.Yv..~..[....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):551
                                                        Entropy (8bit):7.661897644346081
                                                        Encrypted:false
                                                        SSDEEP:12:kBA/bM7cjBa4jQHnBO5BCTLYHf61a+6KxPlu6nW:aAw7cA4jQgPQL8f6bxPlS
                                                        MD5:690C4FF8ED31955B04562757B8AB75E3
                                                        SHA1:79D1D9E14E824F0CD4DD24D61BF4CFB36DF0E979
                                                        SHA-256:0AD0F84485085A2E9267B83C1AF9049DB7EC3162A9D0616736F8C8512388A710
                                                        SHA-512:4A85A30A1980FAD2303454A5A4D566C58FE1500B7FE9FAA617F59FA6F1FBCBA12DFE29C9C43378795C0551B62FFE2A57F6F0BCCF0913086BB38EFCEF8D1C4521
                                                        Malicious:false
                                                        Preview:...g.r..LH....4..].O:.8......Y.M3:......Y.V..F.."..~.c,.......g.....a...x.....4..S.k.............9.H.MU.)Y...a4P...j.x;@+...f...&.0J.fE2...F....Zw.0...#.C.-..A. .$.Z.)....v.dK8...o3...{iM,z..x.....K.;...!z....+eg..g.....Y.R.......nP_Mg..#.:#.....&.=.ZQ..H.3:..0}.E..8........`q.@p.um.s|.;Q......H......&WED..g.F['..i.9..)L...n.0....|~.{5...%.5.w.....QL-).....y..O@.@.x.bG.C.I...v.^']o2t.......c....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\MANIFEST-000001.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):283
                                                        Entropy (8bit):7.306948283488026
                                                        Encrypted:false
                                                        SSDEEP:6:M3aK6Ph7pqd/25i6l5iovsJRIMf61aBDE6txWw+DdP9l49aUSnW:M3aJPzqUxvaRlf61a+6KxPlu6nW
                                                        MD5:E5EC0915DA4A07AADDA639B04CD4D59F
                                                        SHA1:831D4DDACFCC51030FB412FDCE9AB174465B3EBC
                                                        SHA-256:FC81558DC08CBF9AAE317A10BC6FDC8CCDBD0EC798E88787FA91B927628FBDF5
                                                        SHA-512:5B4BC336CF15A0979F8BFDEC039A5A95DD882EEC06CF6BC88394F06EB9A5407747D36F191326F066EBF50227E4CD3F736F74480A6C24238FC7C985BE3C92C82E
                                                        Malicious:false
                                                        Preview:>....+C@e....s.......F..o..wQT..X....[....&^E#. g..qZ.W...........n.b..../f.".\..1&9ZW{<3........n.-T,%.jn..NI.z.`#.K....Xt.c.........6..z..Hl....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):131313
                                                        Entropy (8bit):7.998862977916001
                                                        Encrypted:true
                                                        SSDEEP:3072:sTL15yBZtDxmzQPICjMigaHH2HuxbiOW6Ra+SrtLv:sTB4BZtntjMNAZxXa+SrtL
                                                        MD5:F39B72DFF75100A789B837C5C3A16775
                                                        SHA1:2B95554B3FD10889AB8BF7823ACCFC72A47521D3
                                                        SHA-256:65B7138B27FC6E158E706661300AA4242DC20CD74CE3B358826BEF28E199003C
                                                        SHA-512:C9598EAEA61FCFBDC6468320DAD65617BEBC17BC5DD1CF4A79CAA6ED568E082F4BF864694021B37C26E19B7926964E10052CCA3DF2A92D2B6B9B5E9D48201702
                                                        Malicious:false
                                                        Preview:....^./..W.<...."KVB.8`.2.H.F.0.....[L.?.K.>w...?=....l.......[.|.c-..-....Xk.9..BtwU....[..x.%h...E.&..b.......B.H$5....z6W.u.].>..{u`.[LAV;.w...a..'....sR >...{.zY..*n..*.......tO........;'...ueF)...?.w[.....6..>...Y..S..7g....xJ..W.5.2+.l..p....[......T{z....j.C..1.7.}D......@.....+s.....(...."....S..7....../..V..%.......|.|..*3...-.V.p..rm...2.C...2h.*.....(..N.A.....Jt.K........xo.3\..v..|.T..q..._.[........}b=......K.CS._;...%.I.............s...zTF(......\....x.)x..^.......E..{m.....c}.. .oh.a/(ie..?E{.K.........c.O`..{......~........xL.A1..w..YY%{.u.WM...=....d........D.H*......0....\Z...x...........1..te"R...x.6'4./.$2...S5..d.!D.......=O...n.b~,@.....?...L.n......h.....'......{....Tn...|P.Uw......##I..t...m'^..[ .........@s,}.U.Z.OP..u.......:..Pd....<.....n....I#........h.R.....-^.6...4........5;#0.e.4J./2C......$.a....$k.t.....P~....K....*...t..yir...T{...~.`.fc?=...5...3.A%.7........joq.U....^m.C.a..S........#4.y....SV.C2.j..

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):842
                                                        Entropy (8bit):7.767514597427003
                                                        Encrypted:false
                                                        SSDEEP:12:8bb3+J76Upe2ly453BOgMUR+UeNdJHql5J9xG4XZYIStuaH5iW8/yyjaLZZf61av:8vk6cpR3bgqFvFZKH5iZyy2Ljf6bxPlS
                                                        MD5:8A25C9DFC0F80416E4D4E23B7948E9BF
                                                        SHA1:49A4B62D7D614E959BA95A4DC93916958A148316
                                                        SHA-256:79B6004BCD82D818B60EEF222C58AF08826B570ACE7AA058C4C0A236236F9315
                                                        SHA-512:00668FCD1325998EE2EE4E6632E3EDC98910B66D68A5CADFFE2471598BFEA07D41191B2D347E806153356449E0ABE4BCCFBFD858EA9B1AE1B3FAB127EE9B0B5F
                                                        Malicious:false
                                                        Preview:.........~.P......v,....@<..Qw.Z9...j./nH..@.#.e..F. .t.....O....>._.m.R....:......N.G.T#Z...2".O%~..iw>._X8rk...X...i..].}.I.m.V.!.VNopCe..o.......P...H.I+..W..v%2....qA....t...N..m3a...f.....yw ..jQx.7Wc...-.....NO..0.X..z.S....[mStm.&.M......I?.\)c.@......k..@..-.W..v......F.......;........t2......}Pi&.R..V.\+f..@........#...#.\^...H..Hk.$..$..dE.E...W..}".j.,.{Q9.....q+../..'......NB.y..}q...|...jk.....".Ga+.2?.g....gC..'..M. ...!.t.z...%...Y.b#+....<u..........>.........Nk.W...&B%s.R.t@s...[.%..M..yW..3r....n..E...<}u.v....6.buu..\....q......tg.[2...&Ukc.h.2,...VKUR-.8.s..r.0.E../e.!._..1.6.K....x;'..^G.Ki.k...._3...u..4<.Hx.....n)..S.s..|[ uo3....n....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Adobe\Color\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\Color\Profiles\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Adobe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\CEF\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\CEF\User Data\Dictionaries\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\CEF\User Data\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Comms\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Comms\UnistoreDB\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8424
                                                        Entropy (8bit):7.980951581717943
                                                        Encrypted:false
                                                        SSDEEP:192:66G4jdhcP0imSowP1qRRrHvRc2uInPTSc74cunHyiWPhD5VEmysoF:674oPPVowdqRhHvReImHFWhRysoF
                                                        MD5:06C614996AD9156D1C7D14BF378F7F04
                                                        SHA1:015D3B3B8722E9CBD656F973B2960FC2B78B8404
                                                        SHA-256:D4AFC5A934E0C3655CF93679181E6D4ADA7A9417FCC2D9DBF1F9B8A1024F6E0E
                                                        SHA-512:CFF75BE466B59ACB92390CC989CF746CB2B97D0FA60E66E548D4369746891D6A6EF63375F9A3AA5E6D7B0971D817E05ADB04A9A9758F57445D70DAF400F2C7D3
                                                        Malicious:false
                                                        Preview:-.E.h.k...!...Df..,..5h.L.L)..d...M..,Z.....Tk....r.Ia.....g....3.a+&..+[.y..b.cp..l[...EC....$.m.f..q........I...of....N...P.2(....t....k7....8....R....d./. .`._k..1.O.Me.....&'!;j.|FO>..`Z...9V.+...I.z/1Z...KZx}.x..cc....i....KX>8...x.2...q+..o...9...,...#......sX@....J......I.....O......|....#..c...C...%.TK...r...$..=+..R&..f....<.L...*z...D0............_.z.F.o.n&yDq...6}.z....vW.....Z..7...........5B....3.v.M.:.n........W...5.'.."..,..{.l....I/a.N..O.....\.G<...T.".J).5.}..&-..3btNX0iAg.].p?M7...\1........'.H.@.t%....4&../........Ab|YT.6.x..@*.h......[.~H.J.A....N.l.=./,.y%hFd..........t.m......r..".&p.....d......-...ZEE..0........1.h%r.+I.4..G.Z....9..../...gdp..r.....H(.1f.....m...V....h...L(9C...r.WEX...XQ5..C.8...b.....iZ.....IV..C../........R../....g.]......S..V...<...L.F.b6t...7.o6........pE...e"[..[..$.;.o.;......'..MkEy.$....c.>..qFZi~...".a...^k..y...O+.Z.<.......RY..u....tkx.L....o^ F6^...6E.......$.v..ms......N.....".S.Z

                                                        C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):3145960
                                                        Entropy (8bit):2.4497110853252644
                                                        Encrypted:false
                                                        SSDEEP:12288:4LGIy8zJWhLkL14BxffMnEPMVKlutxYGYkux8M5kXSOIDFbZI3iMPPSSJ:4S0YkL1MiRIM8ku35kXoDFVulSU
                                                        MD5:CA1EAC6FCD0B4BAAFD7A0E23D1307D5D
                                                        SHA1:DC2F92203B74D4F4CBBEAD17B6FC22FC41A7CAD0
                                                        SHA-256:6D96677D4DB30D65550A253EDED7DFA2E0124D84E2565428AEC4B71555197BBF
                                                        SHA-512:E4B4E4F4ECD13DBFA7B61E2B93CDBAD8D40B8D9770425A33C6AF67E9BB973252A65E20FECD45C470753CE10021F7F76440431CFF3C589EE5279C3F6F49652E82
                                                        Malicious:false
                                                        Preview:?I..S.}..a<q..,7.m.....`....v.2.bZ7D..2|&.QHT..u...=iie b....,..e\g.U..Pk.../......^....U:..o....%Dc.Z._^D^.M......?D..!...5...'......'....M3n.~....@`.^R*.#{ol.v.].te..u..I.W.O[..'.Z#...d...8..6..H..A.c....0...i.....L_........`.!.....l..M........w.I........1q:..d(L.,.j'UR.T~R*......u......9../){&...:..,.C..R...H.7\..:x..+.....}.apb..I...\.0J....4.Z.$/...![..Jr..'.%'}.J..E...ov8...Mw.HI..Y..H.......H.^.6._ b....,...-.o.../g+q%A...1.{.-Z..TJ.k!...^..6........e.^....YW..$R<........2z|.31.Vx..Y...).^..G....w4+5....[...,:..|...9(.$......@...."..Z.....d....V...^....|8<>.Ez.....@w.%S.P.C....A.2.3...Fd%.SJ<4......>:.m_.@.e.A.&2k.E..Sq...3.1e.X.@......O=.........[8.}.-oRK.;.T..M.`..D.LEj1^W.A..Mq..nx..+.M.eT6...u....].b..;.etk8..Q.e...i....6...r.[.8.3C.].<.?..BJ.n..r...(./&.;...V..z.V..E.?`.....s9...,/....OT...+..m0.z...d...H.... .S..U..\.t...;.~Yh..."..c.Y..S.O........@......|....f.H.k...#..AI.d.F...F...t.`S...E.vf..fSph..p..C>.*=..".]Ga..!

                                                        C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):3145968
                                                        Entropy (8bit):1.976221013215212
                                                        Encrypted:false
                                                        SSDEEP:12288:24hBb+bl3WnA+o9gaGqMPjFtb966syCxZzcF+o7W6:hBbAl3WnnomaG/jFtb96gCxZzloi6
                                                        MD5:451DB23168FF74BFA0D022279941B8D4
                                                        SHA1:EE59019A36FE780CB280CB821C8C29EED8682C11
                                                        SHA-256:51A9FAA58ED36683BC1C6791923669F6078DA3559E43E2C2C7AA47E360C8B945
                                                        SHA-512:D3088556CCD4DEEF07948916E18E55340D37EE6DF4926B86947077A96B4E7A84AF19C6E853E311922C10AE59EB89D8DBC4256BD5F7A9E1FB16D00DAB67336674
                                                        Malicious:false
                                                        Preview:.!.M.cG...p..Pe...K{.c8!.i..\5.T....P.....Tw.....Q......}{...%.p.......a..".mx..5..Q..F.-.......j}.:)*.."x..,...a@{TK.1./70P.O..}...a ...7O....6.!&...x......;.fl};..7]....n...&&~\... .}.xn.B4.....W...r.2%./.u.]9..X...].i8.@...u...[....3m:........y....h...........t..$.y....M..3..NS..$,y..)N..#..rJ...{jb..S....p..{OS_.;f....C5L.1....q^b.4*t.....B.._A..*Cq$.G.)......L."m..n.z..!e*.j\L,b'...2#{....?...A......O.......J.m.P..".g.F._c.F..,..5c..~..C........s0.g..,.|7.;o.........&..<h...g. ..$..~..|....-<NN....a....[Jl....0~....;.$q..:w....-.y..>........D.?@.#CD*.....{h......9...Rs...`....=..d...{..h3.../.s.....t=7Js................H.3n..l.......R5.`;.E......'.....H4....0....%^7.t.Ha..h.b).s,.Ls.....Cj.>.p.I.w${.......Wic..bA_,.....m>.R.-..9..G...."..E.....d.-0L..Lu......e.e.f.V......D..g..~r.+6/..egw[...)A[......e.7.Ntv...X..t..@.........]...8.G..5g..4j..U..</.B.?R..H.....Z.c.:....c..j....SG.....I.0.1..ob....dzQu.:p3z :.v.K..)..7u..=...[.......\

                                                        C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):3145968
                                                        Entropy (8bit):1.976060358872479
                                                        Encrypted:false
                                                        SSDEEP:6144:HGZP4L6/Ta70TeX7cp+hr36adBeuNwEpomla1bA4HFI2boWsOADDdxg2ncvf9CLV:/UazX7t3dBeu6PH3Hd0DDdxLL/Ws
                                                        MD5:221C5878A4DE932A04842D73351195A1
                                                        SHA1:2A226072E52B52F945AE32EED82EFEB1CDB3A1D4
                                                        SHA-256:49A9A8F16F1DC5FC931ACB992B0A6D540B1510A95A065D7652828ACBEC934EA0
                                                        SHA-512:2AEC98633DBAB074756311ABE9BE66402191979B415ABB2466FE27856FB519D4EB7B176FC9D684F983906E4707BE09F603468A24B96DF8565FB6D6B1BDE8FC56
                                                        Malicious:false
                                                        Preview:.....6u.1.]C.E"..$...S.lMj..R..@.Y.M....r..X,^2..[\...KY.?v{q..`.?....c...8..{..r.;N....}..p:.s.h5[$.M.....o3A.\0.C....i..*{B M.EI.+5I.X.!v9.....l<.........K/......? O......j.<.....E)?]Ym...;.r.2.-.w...5r.~.....L7... .....>......f].......P....=I..-M.T..b.XN...M...'....E..6l./.F.....22...:..t..$..../..d.B*...,......61.XjN}......\J;...n.|.c.-....&.M]..1\.-.a.W.jI....'..K.EZ...]1..tH.~..Y.O...fv.(.....q.x.........P>K...:....j...;.4..Dr.e\.n...qCX^....>.7.;......... N.9l..!,`...=..?L..{7..1...bm\.V....[6....X.7`.G ..G^.c..".Z^~}e.....Q....{..E...:'i.\..m.?..%.t........ME../,..c.............sM...5A......\.x......7..J.........T&y.....R.h\B1.m..h...m.x.t>...`N...V..<.6J.8.23..&..."Q...;m......,.tl..cVx.........a3.P.J....U5..T...1.4<q...._.e.aiY(.n_...ki...AO.....^5t....._E5?v..R......................U..Q..._K?E}.%U......q....y...>_.B"......<M....2.eS@...7.?.9PS.@_;.f.q.>....Ss.....Tb....-B......e.\...I..k..s...{..$.......Sg^;*4qh..K4...

                                                        C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):3145964
                                                        Entropy (8bit):1.976186346364729
                                                        Encrypted:false
                                                        SSDEEP:12288:leMsCNqcJd8EcOyBy9QPOz53dozwpQjS9:l6CzE+4ON6wQA
                                                        MD5:48A71DEC9C2768EF3124B24CED919379
                                                        SHA1:C2AAC6367FF72CDA4D9FD56ED5039221D177176B
                                                        SHA-256:CB385099434F04DB859E05657EF7247B2F952B4D86C3863708F222A09A35B2EE
                                                        SHA-512:96E4430B98404BF962C30779F98D7DA4D6D8682D5FE4B5610C96994BD6BE019F8B914F8D31DC6AAA238FF113BEE64F48D2287F4B560FFA9B3ADD040162C5DF9B
                                                        Malicious:false
                                                        Preview:_...l..x..M..SY..........'5%..M.*...x..R..K..S.....ql..k..D:.x.5u..k>..Y....=...-.c.z...h.d....]....5.qm.^......;~.F.@.]I.3.....4..-.%Y... ..[9..q...9..3....K..h........B.6....jq@o..T.1..JD......=.F.c.;0]i...n.Bq.\6\T5.6.>1.....\.+.&n..~....).,..TW..R~.B..\....D g......3pn....E..pw...n..L..1eI.e3.[...&.)..&.m}.&..).r(... rq.`..._.l-Z.,..`<.|.R.}7...i...Y..<.9`..a.Oa.T.....d..h.....O../...z..2;.Z.)_.........f/..@..6.. ..`.|....(50..E..q.0}.82........f+....q.e"..oqA...k.#c.`*.....9....d./=....Ah...Y..\&...WM..g....2.2.Q....yq(9..eo.j}D....k..d.*..{.....W C/...w....9`.l.t..2.E4y-...P.2.b.[...'.?-obN.7re..qz...;.rL....u..]......f.;..Z].......&UfN.U../K.A.q.l.1.Bo.4r.!C....S#....&.(5...E..........-....l.H1.$-F~....v.h....X....}n.c....%JT:P...r..g....a.E`..3 .E...;y.XV...m.g&.T.....d.......!....h!..++R....8....C.oV...E...a..m.k.48..iI....>.......Y...-..^..c.....'.X.2...L9)...Imd.<.#....\(......d..bCQ..q..A..w..._E.>Z.8..K..j@`...-.}X...(.p.

                                                        C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):16621
                                                        Entropy (8bit):7.989285913098649
                                                        Encrypted:false
                                                        SSDEEP:384:E3qOXnZZ2vc0oCePBRolyCW9Lx3rHt92XbQgXvXDxBF:E3qOXj2zoLJY4PrtgX/DLF
                                                        MD5:C92812ADCC53A187C4A9694B2A5CEA73
                                                        SHA1:0FA36244DCD155FEC9EFDB5F642AFA3FBB8CB0D5
                                                        SHA-256:2B65C2C3965D1CF3BE3356C34EFBE093ED5C94DFF174B3E2ACA2C4B2D26C6324
                                                        SHA-512:1C0054C28BE92173F959E43559F31514DE4CE55C4D28266A6C297F03F62B30BCFFD257935D5E4FDB1BA6E719C0D390FEEAC824D35DD0BFFA41DDFD4A19D55D00
                                                        Malicious:false
                                                        Preview:... .X...........f.../mj.../.;......-z.....:...r...e.gE......d.#...u.A...p...7....y........(t.....PrK.........1....MJ.(h...>.z4A..n........~H...>.....YW...C....+..F.^y............v..Q./..i*...."...n... .o..$.-.$..3.$.Y.O.*-R.X.mu...4\.............).Dk.2...+......hh.....U....../|b...'A/M...D._U.4..S@yS.*0...s....ZXf@.y.Id.p{U.*.).s.....q....G....#....Wb.i.0....hpU.....A&..".<.`...ohC/Q.....~]./eB.f.8e/Z..N...tJ...r........{........:....V.0V.UfsE..rT&2..j*.b?.6...K.$...A....4.....i.-F.;...#'..._..A..&..z.4.FJ..$....h.{.......G...v.._4?-...+..Fh......#0.9Yh..w...$.|c.;L.p..g..Q.c;.%.6lqM@.pG..B..@]4"X<k....t..1r+..7d.Yc.z.....Lc..(.oGP.i.h.00Q....?|Vg].S.Z.....m.aI.c....X..j..l....H.|...0O....W}.......i.Y29..f...2.n.4....Q.\~+$.#.#....z{...Za.E.h..:7..c..FL....&..Q..9.?..X.....[.{.7jy........W......'#wf!Dc.B...!...t.mk.......R.<.GzOi9....'.n.6..oy.o..N.hw.R...U..K...E......8:y....|Q{.h.7.>....R.x.... ).+.Z.~....M..2CR\..)0q.!.;w.H...*.g.vZ.

                                                        C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):5767404
                                                        Entropy (8bit):1.3963822168945317
                                                        Encrypted:false
                                                        SSDEEP:24576:pUay0+ddxcBhDon7OyNXrvPXuBEFCABRl:mayTuhMn7l7XumZ
                                                        MD5:D2979D92094004AE0634794666E089BA
                                                        SHA1:5E686C015397ADAA71E577D398CE7C2A42E920AB
                                                        SHA-256:FADEB78A7F6D176859D3B6BB60FF3774790E5129A5EB611B3F3DB0801C79FA86
                                                        SHA-512:76EE97C79BCE8BDA870FC76773CA754B7F81CF3F8F456BD2A25E03DE3A1F13A453B5211EC5DB73F0A0A64E04D9A4240C137A48E0FE0A3F3DED7CAC339D4C7BA6
                                                        Malicious:false
                                                        Preview:<;.......7.-4A.*@.a{._.K./T.w.+h.;..... ...}..C..Z3=.Pj.9fA!.'u.nQo.........`u.%.....Z..1...".........s.......^..........u......t....<..J......E.jv.k.....4..u[.........yy.......^.)..RNUi.}2.[@.Q.....]6 .....>s...C..F..x...]u.{+......d_.4.n+.{.1q.\.....0.y.II..G.F..F....4#q.?.l..h...L....S.].4.....z.W.;.eg..y.1....S$..6.._.D.)~....[..Z...r..J. |.?.xi.......B.I..@.0....3/[....;.z......BW.S....s..z.a{...I..Z5.Vk<..3..Nt1....!.....w..[7..X..\........tal9.0.!..L.v....|...um.,.o...U.H.`..!..c...#R.3#...xIxx#W.8:n ...?.Q...&.y.)..c......iB....`...s.....[.U....h,..#...t.w..^............`>......o\..N.......o....\.|.P..L.....]`.T...ac[l....GA8.[.3..A..Q....J..5.o).1./../5u...,94..)..r...h98.9...G-...A.A' ....>@..3.f..-......._..*.j.C.XG.Q/......y...R..........7Em....wQ....+.....)f...}......-..mlU.@...v.....`.-d.n%w.....#E].'..%....tj+nY?S..........W...5.4.....n....t..3.gp...D.)"a...(..1...3.i...Q.cl. ...E.E......n........./f....B/..M..Q....N.n`z.4..[

                                                        C:\Users\user\AppData\Local\Comms\Unistore\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):248
                                                        Entropy (8bit):7.124809856721343
                                                        Encrypted:false
                                                        SSDEEP:6:G6fyBWuY3upoGgw0AiQf61aBDE6txWw+DdP9l49aUSnW:GsiWnaZgwmQf61a+6KxPlu6nW
                                                        MD5:24123DC370F94ECC08BB4B32A3146F5C
                                                        SHA1:637D34D79F396983FB63BCC69857F7A7EA267606
                                                        SHA-256:EA60FE97909AAF8334BE6AD841A056462D62E3984294BB5450D2BD1C6E181838
                                                        SHA-512:482A778F32BA3BE0390D9866F58F64FEDC559DA81033E698884CE405EA44588508EE02C6DEC5A7E6C3AD7E99766EC83ECA88800F6073D3B8152D92D775CB1432
                                                        Malicious:false
                                                        Preview:.E........f.k.\...+.a.,..\Z....r.0.E../e.!._..1.6o..J.'..a{.tMp.u.W.i......l....@3......\f.......M.D..TQ..%.+.n....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Comms\Unistore\data\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):5120
                                                        Entropy (8bit):7.95793211911185
                                                        Encrypted:false
                                                        SSDEEP:96:M6ptMrpV4/w/tplVECNiKx5gysp7idRe/dl001lUMILQkA8eQ:LpOrD4/wFplVZJD9sidcl1lVIBLF
                                                        MD5:16B04FDB3A47A9CCDF687B6EFB2E8ADA
                                                        SHA1:85E07159A004FBE8169D6448F5EF4C1CF695CE2C
                                                        SHA-256:D7BC3A8327F7506B6B720645111E14C262BB3F5660342640965F76AA67AE009B
                                                        SHA-512:B2FF616750DF55C64D28468DC5989CE2711EEC4B666423D7392F22341F60D89C921425D625D55B719EABD6823DDF5C7C27E9B2EF52C19880CD50E30730F7C394
                                                        Malicious:false
                                                        Preview:bY.g.H{.s.n..tu.K......NX .[.....Z.b_.nxbN.v#q.x9..>.wT.u-.(P2..~..c\,...zC./..9..I.H....N....HZ@t.....E.+..".K...!..V.uU}.%..R:6..........>Zo.,d....j...m.[...$O.i.../...x..zxn...............4...KWu.l=!^...h.b.!..J.GG.K...o..'.q...S.-.i+9..V..s/w.....i.|.K.p......>.....D.NJ.44..g`].%-.K.?...=...q.e/..fsM..a.R...R..v .......\.3.KRS......:...(*y..[].G...)>7.ww.0.J...5\...9....;..;:.Yi........D.....Xd..X,.....%.h|g...|....P......xi>....<..h..u.;..i..u...T..."x..*.u...o....:..g..O^B(..9..l.S...@........b.5..]1.7s..d\.|....2..........e....Y..\...@.F_..n..+?.5.=.u.U.$...eo._:.[..{.y...z)!lA-.}.u<F..&.4.?RsX..D0+.....$..S^>..y...F.V..T..J..d.... ..UEj?.dw.......... g.b.9O..e..m}.T...k..!...*.....TgOs.....6...w..P.....l.Fm..y.....y....Xg.....e......l....H*......WP.../.p\..6OWY.j.m....4Rn2.........`.[..u\P.-Y/BQ2].H...F4o..t.......:..g....tV..<..C......:...../'...b.....z.~..P...M"...0.nq....8...@}. .I..e.3....z._.0.gJ.F.<.Lv..V....P..9

                                                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):932
                                                        Entropy (8bit):7.818494791827454
                                                        Encrypted:false
                                                        SSDEEP:24:taYY5sRmBJZsvOAcM+qLwpX2SeiNzQaxw6f6bxPlS:taYTuCiM+qk2hGFfeQ
                                                        MD5:B4192487CF7FAC905767A1E7F9295397
                                                        SHA1:561B56EAF583F2D365EB60A3EB15537CCF49A255
                                                        SHA-256:43DD8DCB1F19C3CA14F7AFFC4E51EB5F4AF6F569C903290B74CF2BCBA7476F33
                                                        SHA-512:1B3B2EE0000C68C74168382EFF8183CCFE1A0A5926586439B1D041C54BB5B844FB74C4BE5642CE7A0FC3D271D3E7C3DC1B388B5259823BC3A0008A04ED735168
                                                        Malicious:false
                                                        Preview:...|$....I..".=Kv#7.....=.._.w=......h...g.^xB.c.....+.hn...x}.Yjv.....h.u..y.AR..w.*....kK.... b:...%4?.a.Q.../rx..{.x+<..p.q.kE.....R..h...G..4.,Q....v]...s.N.1..@31.V.,.....l...A..D.`4d(..e.\.u3.X.......H.7.e.DE....V.{6.......%W.7j.\..h.m..N.Z......."k../.......!....`...5vA.w.N.J./_3..R.eH....D'`.7.x)W....aG.?e......{J4yW/%.K...R.. ..T... 9..@C....YXi..%!..\.....1.-.#.(Z.$L.Tt<.E......3{.$..~,..j@.`e...z=A..)....../......b.....O."-6,..{.].?.ot../.?.......?.?.s.J.c.9]"...6..8E...m..{..ej.PCz.0Y./.yHxn).>l....8.. .. N.]....d2.$..*..I.....t.M. ,$.....:W.h.......I..$.)X.....n^..Y....m....i.q...z.....2f{I..tq...&~ko.h../.w.n<e(.S@if...>.\svJ-I<k.....X....1.vn..:%........r.h.`Yr.pEV2Q>.7......[.d),d...Z...h..6..#(...=.).U....&.c.&.a.q...NJ......?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdp.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1208
                                                        Entropy (8bit):7.849186670624003
                                                        Encrypted:false
                                                        SSDEEP:24:rhjCB8D8KbCJ6/LVWqFM08GfuzueETCaFsJOLjVc6pGAQ8sf6bxPlS:TCJWLIqTfuzOFZLZc6pFsfeQ
                                                        MD5:D2398396C3F628044CA97EC2AA5200F6
                                                        SHA1:A8737DF53EB7470FF96A412734F0B6910B60391C
                                                        SHA-256:E2EB64AE5C8734603CEC55BAD68C80320934E0324457858623E2C5B56057AAF0
                                                        SHA-512:7D5355CCDD1B0B96A07B0226E37BA53EE316F270F96FBB628C6D2AB63E9031A70C5C6C568C513F626F50E55887DE7F1D2506A525E91527816B02DC478457086D
                                                        Malicious:false
                                                        Preview:t......`.o..$E..ih.....1.5...B"b;T...wh..|.a!INd....hd.6.\...k..<.rH.q.\..q"[.h..O.w..\E%;d.B..A.2....reo.......6.U.]....Q...X+V.!..).[T*.=.! ....z...&..h.W9.E..y?z..wlDP.;.@....\N....A.C...i/..F...{._..v..y.x`ONYB$..>.@...}t..D.\....nZp.z...D.../-.M..&.........C..#.?.k.zo.../..2<>B.....!"..r8..~....|..2n.!@..W.o^=>.u....e...(9.^..............E.R]$...G7..;...j.M.|.~m.,7.dLRc....nND.#.WA.$...&.2..I.&[....H.Cv.*...H]Cc....t.r./..J`'..u....~.p.2D.;..m..8.q8v....iP...-.\....d....WYo.I........q)[.$.4...'U..d....5..........,.0.B.~\`.V(......#..@.....r.... ..r....Xp.I.7..6z...~..|...8.Y_Q..J.i.........$...=..".<[.QX.....x.D..$Fa0bD.K:..U.SO.$.00.w.6..n+lXJ.+....D..-5.|$z[..;...`w.i9..Xk...rGi../|.,..k..|\..lK....5fEo..eM..A.R5.n:.J....e7.....{4....#>..o.H.1.,.....I....M..F.+.,..85..H......5..).t9J...y...8o.4.l.*.C0....d..x._.H..s...I...*...0A@2.....x..`.2..(...:.....%.%.w..KMCOv9....Dw!10. *.|...q...&zE...g.Qt....I.\)L...<.0.

                                                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdpresource.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):303
                                                        Entropy (8bit):7.306366598834544
                                                        Encrypted:false
                                                        SSDEEP:6:/MQxl37yI89zFiLVGxqGyXLBxvy/Kjf61aBDE6txWw+DdP9l49aUSnW:/nl/zLQqtVVy/6f61a+6KxPlu6nW
                                                        MD5:F4E996988392F78C9349DFBBA956F89B
                                                        SHA1:B1173FDF8C6B39EB65E553FFF324313228894658
                                                        SHA-256:2D2092B67000DFD1C7BB255E18C3D4AE2C43CC82337691200D0A39C51648247A
                                                        SHA-512:9213BA0E953550071E9D0A100FFC2F2BEBCF37ED25BEFD087793BE5ED6A70B7609D744D0157331F7F44FDCA233954ED1F61D0CB379FD2CB930F6B27D53DF1C24
                                                        Malicious:false
                                                        Preview:.M.:...\....P[...*...ZaO...0|............-.]..6u+..E...&zE...g.Qt....I.,'......2r.../eK"._..2.6..l....-a......,Sw...CQ.....=[..^yu...w..@I.?.o.:B..]e.....O....L\s....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33022
                                                        Entropy (8bit):7.994521175356368
                                                        Encrypted:true
                                                        SSDEEP:768:rCyFLWIFGHSSnr3E6eP9aYsdUqOhJyJqPr2M+vxJEbXF:GEL9TQEaYMUqiAJKy7EbF
                                                        MD5:E4752E505DF098F17ACE6E373FECC256
                                                        SHA1:31A93F3312ACBC7E8A49C754C9C2B496855D364A
                                                        SHA-256:A7DDF5A7C8C2C34A1F6C02109BEECDCEFFD0AD4D0B1D93F839B03D82A0C30F38
                                                        SHA-512:F0CCBBD723642548B74EEE22CB4712F231B61DCA15E638BD913F9C76F33F75A3909D6A4C6818206C4195744E5B9E07603ABD5D915F28E2D0D6362D2C02B0E7B2
                                                        Malicious:true
                                                        Preview:.....%m...'x..s...E.......&rN.R...c.$WK.......F.M......Z.....Y.9.*..<..XI<.\.p#..O..8o-..m..N..\q..u.....i.X3....tmS.:..K.I.....(.4!a..h...v.d..j._....t.W.(}.Q....E..Y.M......]...Sdsx.......s.~...G.).D.v..i.6......^n..Y..<..PT9..L.5k{...q..}...>..i..4y.oZ.<..=L)...>`F"...<.w...e.....g........r.U....M....ev._..\...vY.@.....3p...(:T;.3...#?.1R.}.P.\?O._....(...q.S#..........&..p.4.oT......H.VOqlu....?.%.....@S.B..&......_4...QO`N@..0l.....I|j..wJ.,.o.F......m...6(S.........ZC.g..Y...H.HD..@.q. ..M..*..k4...N....H..k........w.^..~23f?..Do..F....L.l%.{X.x1J.......#..F..A.`.#..R~5....6..?.^t..n.QQ.S.Q.f...H..l...1.i^..+.4... R....]..P..;.9....8...P.!...7~m...{.q...?...ThtL.?........../..a.6L..M.>.I...]...x..a........v.k........YGJD|..*./o.....<.....X...r...M.^.>...f3..:;.C.....Ci.a.a..l...i:..QxH........6n..l.1.p.`...i...3'...yiG.X[....w..K7...Q.J..w.....D-.u..,.@t@.v..N..........eYH...T../z.....'.N..w........@0..o.UE.D....D...V..l...z..m9...../....

                                                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-wal.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):255
                                                        Entropy (8bit):7.176930974069788
                                                        Encrypted:false
                                                        SSDEEP:6:A74JUqD3DAJu2HBwPnOCf61aBDE6txWw+DdP9l49aUSnW:A7jy+u26Pndf61a+6KxPlu6nW
                                                        MD5:C6384EB91099F8C4ED7DF2F83F56D038
                                                        SHA1:D82C6A530EDDF54C9FA03DB765C338CC75FD8699
                                                        SHA-256:7AFE63016663DF4A9A58A375ED364CCBA3CA51C94D5F260E2030D3385401A1B8
                                                        SHA-512:F1D8C7F6B6ECED357C8B132FE182767BD4D94E4326FF2E72BD08FDF37770996996A021940FE58A0941E144541462482C4937A13ABCB4EA390015EF7AACAC2817
                                                        Malicious:false
                                                        Preview:...&dE...V.R...;.X.6.U........`.|.g."._..c.6.|l../R..,.....i..:.4.nl......?.^.e;..kp,....-A..c.|..fwA.e..e..=...y....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1048824
                                                        Entropy (8bit):4.982178380991181
                                                        Encrypted:false
                                                        SSDEEP:12288:7BVsM2MujhfJh6/2tBEDx0fqQbf+RxnrDFfdcIVcsnXxI:kM2Mujhxk/EKx0fqQb2FrDFl9cQe
                                                        MD5:5F37AEC93DF9BB06BE171844475FAF97
                                                        SHA1:8B11C0856E60BB5FA71B5115BD1EB29AE503CA65
                                                        SHA-256:BBEE8D0D2CC136D28DF492EE7B9AA114F6B0E027A748A7F33B59454F4CB5B145
                                                        SHA-512:215C392CE61D389C995E25ED5BE5562D9D00E43021D25A1948AF0A6D3B9C50A29C2FA2737AA200642B88720647E635FE093B19BDC52EE1837E2EB87EE21EB1AF
                                                        Malicious:false
                                                        Preview:.._.......^T.....A..UY.L...s....{[.....J.\FKY..@.ik.........w..?iA.T.AO.W.y5.`..).s.'g`,.`&........ .E.C...'YS.I3.Dj....H.?.J=...h....8.X.....O5$.C....F..v.T.;........)...k...8XDjk.jq..'..ZO.,le&.X...../3q.E..5Y.....&...um.>H._M.m..#.J.2..C.....e....M.l96s..L..w.En...(.].....if.,...$..?,J..*.$.0.*p.zfU.D.........*.><3...L.tt.\<1.Mh........./1.B,l..T'gC4.(.v2..n..w~l...g?.....R..oP..V..6....]8.n.z.uq..hQ...ok....D....:..`.........B.4..:.....Y.F.....G.......u.t)..j.|.....4.S.....m....<...:{..3_...MK...i.`.e........'Mq..w.BN.&T......`..m.n.aj0..,p.P..J.)..1..O4.@.....E...6..J.[....yb)......70.2....r.F. .wqv..L.c...&......"~y.....B=B.._k7.y8o......PH.."59.bx..06....T7.:.......Xj.V.m....g.:..3.d....p.S...C)...N b.....h.p.X..OLN.....S.f..#...MwGA....Z.e.I....,.y..P... ..u.U..[lxS.,6...2.!...D.....s.`/...!..apH.sb0Y..Y...3V..s.F.E....R.$..t.^...Bk.....a.....q\.;l..-..F(.n.SC....s.\.g.t..C..w_...C./u..Q....0l...@>}..t...-_....e.?.l..g.*.Mh...

                                                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D36B0-970.pma.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4194574
                                                        Entropy (8bit):1.5381135419681824
                                                        Encrypted:false
                                                        SSDEEP:12288:PHdTzfWluC/YQGDiGB9o6/b+4Kp9hR/MHOVV8aY:PHZjWlu8YhDeV77I+8D
                                                        MD5:8F350A9182F825E02FA5904993C5B152
                                                        SHA1:AD64200C8D359AEEB08D45AF52DA9E4ED21A3DE7
                                                        SHA-256:2BB9AA18C7F88506CE79369A98622B1D71982D9A4037A6BCBFD3A4C17BBA8EDA
                                                        SHA-512:E2F4094B01EDF9235F3E8BD5B12F53FB5462709781B5F58C1B3236AC97AA314E241CE221C0FC503238E7665C362859E33E429A516727F21FFC3E1B669E7403AE
                                                        Malicious:false
                                                        Preview:..5=R..-$^..`...Ac....83.~..m7......D_..u.a....2M.7.dcn.. $\.F..DF6........f..........l.^...s.Fpt.R....G.;.....:y"...bP... 3....]......:..2.3b....P..d.B.HD.?...Aj9m.e...<T....h......V.Kb...9..e4\...!..V.n...P....cQ...eK........S...'L....4.Zh...|....^}@...W.A....._.y....X-5.....B..J9.}.:.G...;.&..)o..0.....4;jX...M.9W...J..r.FE.z-.;.r1.0o7.R.pF.osN..{..3..E......]4.....+.0...zD.X.. ...F..{p.1.X.....H..YU...4:Q...P..(.$0Z.*l...>..........,cI..}.ub...........P.-#1...:.V....?[........qH....zJ^...e.p:...)m..=h.{..n..H./#....)..0..:R...Q..q......=..".R4..>;...M..B..0...u.H...Pc{........B.....|!&..[..$.nb#1[.......T^.o.Y...@Y.........}.x^....-.MjU....V.c.Z..Q.L2.t.L..A;.L.P..u~).oUm...O...5../.[.^j.....ER...:..Em...8).C.].j.....J...=.....q..o..S..L.If|.Zf..eH...T......= V.L.=l.....K.{...g.x.(...SX."....M.b|2......P.+.A..`.q.a..]N...M.Y.P.(y..=....i.r..B..&..o....]..$.!bPL...6.=*.\.W...3B.).........i.(.t+b.%.....~.>...Y..}H6..zS~.@F...

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D45E8-1230.pma.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):4194577
                                                        Entropy (8bit):1.5379450569115072
                                                        Encrypted:false
                                                        SSDEEP:12288:kCVl9UA18bhNIuswzK8CrFJoSWjdDHw72KRfn4lN3pr:BVjUp9mu1ErX2dsqpldpr
                                                        MD5:27B8DD038EBE9619D866E38C8EDF3BB1
                                                        SHA1:346FA60DCE240ECBBF563E156954FFFCADA271B5
                                                        SHA-256:810D8DD34371E74103CBC3DC00DD2D5B94B5EA038A510C1CBF76BC674B3E3935
                                                        SHA-512:0DF6C8A4B00FCA24CF766F864A8A190869D347788A965A360AD21934EE93A783312D8291E709D06AF492DF74C2C412556365A43B01EE85F95E44F7919C2A8AE9
                                                        Malicious:false
                                                        Preview:..T...Z......o(..j.D.I.P@..-.&bTI..=.O.B.(.......@>Qg@..\....q.w..|.[..!w|.FZ..>.+..Q.........y...^..H..@...Rn..IL.>.^*..[...d....!..e-\{=..7."...5.h..A.......Z.......1~......Vk.#H46Q..vh.K....al....s......z.i..3.h20.F!X:....c.$wC....G.....G..H... k.;.....[(w....`1.9.g."..<.Ap.f...N.#.....}.L..".(.uQ.....`+ ...&..G..uR..!QX......;N.@{ZC..~AD....@...4..N..%ch.p..h...m.-.w..pO.f3......1c.%.I.....*S..o..p.Y#.AAui..nd{<...R.....@....."..`.z.....K..{...r.-...rd:...t.\x^.B..=.l)......0.H.TXc.|.R.......Q4...My..{.]...2.b....x...t..Un.`....[.<.Mk$.....R...c.d.%..@}..O..t;G.b........Y..IB:.....4..f.8.....U.....y.A(.......?...?)k3..j...%..r....%i.4]..0] y..x6.M..QSx...............N.......}.....o...j."'..%38=...O2.<.L.....'......$5...'...KL*.x^.A....*2._...M..=.U<..+.O..D...r..VC.....E..Q..:?...K....t.o.s...k...}.......}..=.......v... r+..~do.+.).. }O....L./.....E.~.+:. R.....9....|ut?..Z.*.......E.........DU].@..2lVz.V/Q..b....E..|Cb.,#.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D45EC-1900.pma.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4194576
                                                        Entropy (8bit):1.5380757461890153
                                                        Encrypted:false
                                                        SSDEEP:6144:tHQq7F+dxyA3UYycqNplNEyCvAmTL7ksr66teNbHcTGX4DoUdkBT0ERh82/9AHdt:twLbyAeYTnkI6/pGorM21qlpl
                                                        MD5:0018885768181C68729220E7DC139AB9
                                                        SHA1:EA1799FAB45F587F3528A69283535DD550BC4932
                                                        SHA-256:842A2FD29F2AB57331EAC2A125EB7E1BF947BE980DC2AB671672EF64370319F9
                                                        SHA-512:30FE3B9F9DF7309FCE462B0F88600EEF607F2695EEF7762B5F9DFF9CB74472589B15AC7EF156F8C4700685619E0236E4415F17F396CFF654AC2CEDFEEAEE9473
                                                        Malicious:false
                                                        Preview:.=..I..G.5....T:.le..Y8z..}..G..io.di..E..qLua.)......Y!....n.}1n...i.f.>...w...Y....#\.......o.|......|.{ioQ..K.,V..v*.!.e...[.F......r.}...3v..<..L?.Rt..y.d4.}.9./...*m..,.b...Rn..z-N#.......!S.T~.wG8F..Y..<[..'.L|.}......uy7.. ..&.e.^.}.}.~}.Tk..Og...........!ym^...4.|....-..~....I0...7q..........i}.. ....:c.%.eA...-.p.;.G7T.b.b..'.;......a..};e.g\q....)...24m...%.....2......mK-....Fo+.;.#.?-...d........zZV..i...m...x..wL.6..}=.K.....{.>......p.o:*%...:)c.+....\...o..z>...K1.......%p.d.Y.V.L.tf.....0...GH.0...).}...t.wf.@...z3..F..u2Rl......b.w7.......M.j........E.......w.LK.....r...#!...Q..!..T.=...&.h.*..@....4.....0.1RKr7...j/.+."..E...P....1z{#..O..MpT.. ...K....]......>..6..G+3.U.>..%..L....;.......s...i_".'....e.+..Q...k...5g....rr..q.....F.Z.b....P.......yMzxV.69...4..t..q....S@..L......4....($.j.J6.K...........U.Z.#.............X.<....W..M.b,....X"IV.6<.[.-l$.x...t-.."4."~..{Y.m...u../>.G.h......J'...1P,NC.$..j:

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D45EE-1AB4.pma.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4194575
                                                        Entropy (8bit):1.5379431664968881
                                                        Encrypted:false
                                                        SSDEEP:12288:YbNv7vUhiripnlVnEXjtrh8ircdu6rfHxNgDj+avnxzzs5RrH:Ypv4hUiXVEXDVyu6/gD6Y1iH
                                                        MD5:FDC3202513069B616ADA5DEDD98DE30F
                                                        SHA1:72D7851DEB4AF5C591136AEC4AAC7FF57DC3D19F
                                                        SHA-256:9B35B89595A3CF4EA4A17066A0F52E3912D78D293C3DA7A3FB09CE00EB9B7038
                                                        SHA-512:93C898D5A0E296D5EBA5A7BE434588F32B897DE42786CEF77C6C6A391FA8DB91F3C656CF907817C1081E19757F38B6E207B3E07E2ECBE5B69915082AE16EA797
                                                        Malicious:false
                                                        Preview:.q..d.>.V...\D.........j.jxN4.@..%....=**n.c.CC;.D.../c=|....@.......+...I.i...;.Mn\<n#Q;.1>'......&._F..xS.M...}.T+..9... [D...Q~.Q...ct>q...nL....'.a......Y.... ............"W..4.....A....!..L...+......y..q..f..........=g"(Z..1..`.....9..._l..........X .(,.\.......nv.........F6\.l;Z\..t.]d.3..W.e..@..~.QS.(.e.5..l.~.L...W...vm...............M....@.........`....>'..Y......u....Ac..1.....w..A..........0.6..V..#.e@bz.gK>..3.q|L........E.....0Q|+.q.....5...Fp.,..f....}.......u..u^l.......?..^6#\4....!*.o;7%.p^.j).h....^......K.x.Ld_1.|%.,q.......6..*.2.9....x....qf.F..?'.aKF.21....6.]..,.[.&.2.h.q.e........4.....z....*.\.m.um.E.w.[..db.....7A.k.W.z;H9 +...{..]...N...x....O..S.:[..1_3.......G.......5....C'Z3...B.W...._....D{.}..V..}G.......#pK1w....k.g.KS.~.A.m).]M {f...".@..#}..u=&....+.[^...j..t..b.5...\A..x0Y..._.....LT...8.$...............;.@.,.d...q.Ha@.v..*.v$y..p.- .}.3."<..V.f...@-...k...5.:.[..:..e,.va..Pc.=....."/."......f

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D45EF-16F4.pma.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4194575
                                                        Entropy (8bit):1.5379634311766521
                                                        Encrypted:false
                                                        SSDEEP:12288:8YFDMnK3XIkzYyl8ly2bB12qrZdJokOazum+mn50JDYvne5BU1WbG:knKnZYG8l//2OTO8uyn50pH5AWC
                                                        MD5:85349360C4E5786543C9FC25E295FA45
                                                        SHA1:A84FAE27B6B6387ADB37C8CD84695262CDE255A8
                                                        SHA-256:40C63465105F83BCEA473E65F0F59246CD2EB0E601280E65DA000693BAAD9A82
                                                        SHA-512:F770DAB55CD99D3774DB067C5495FBA944ADB5D5B6CD8AFED3AFBB468CF9636FD6CAAB137C5A9B6ED73E5C2B5FCB3145140E589E24B4579D17C07CA993611D34
                                                        Malicious:false
                                                        Preview:H<.1E..x."d^X`.QYK.GGcFE.i..../....P.k.XY.S?.....))..\..H...C.hTX....E}J//..{&Q...s..._t.j%......EAo...JI.0.\g>.7..JY..\HzO.Sh..CceT........vX..>|......b.%.k.4....X..Wr../..,~O39..].C.x.8y.:.<..l.KH.|..X..r..<g ...5.YNx....%.=H./......J1...*.k..\#e...@(...b...O#._A...I.@.>6C.:.'.F....._.......<G.....9.m.....`.:....R...un.-.06)..T........?..w&8.>c0.n....>z(..*..S.9..P..`.aMC...c.K%_.^...S....EU..<.1.......nd*ND.I.1._..Vb..RG.^g.....&$.h.\..A.....@.b....D.J.lT9/.........Qr-..UN..2.qi.A+.)_..Rq...P7.yb....%.....ms....l...kI.nA`...qZ.b~.9FQr..j.@62.......'.E...Ta...........6..`....)W....&....B\....G.[.c.c./y.........!4...&...|f.$...6..P.'.8,.Q.B..8.../.m.XC..o.+J.u..".7X....(.I.a......T!...0..#./...........s_....l.>.........o.UD.W..)..)t.{.-1..q.LW.kPC.q..E.Fc1......VC...*..,2.......A.....\....IK.TT..]....h.4.]g.3.._.#..q..T.,qV.7......f.....z[...I<5F..T.,..GUm4...2..2I,%........a.U.V...`R..2..N.....:.*/.c.Fh.(..v.....K.66...^1..^``...!.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D45F1-18C8.pma.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4194574
                                                        Entropy (8bit):1.538032046020502
                                                        Encrypted:false
                                                        SSDEEP:12288:/ehTWZRAJnTve5cFn9nmDkCJ3kCyw7lBm0M5GtP4QmzCNIGqUWqU:/ehUUnTvCcFn9nmZ30w3OPQNqUa
                                                        MD5:35BF9DD115AFEF8B18DC268910E68520
                                                        SHA1:7EBFE50404E3AC81C344DE941953A5996DCFCF7C
                                                        SHA-256:1D875CC7722FF1013FE00891D65350C48C3DCDD908D77154C8BC4BABDE840D66
                                                        SHA-512:C556CBFCB042C0E726C2B9F95688B1A3061E698DD686E2135E5D3B1CFDA078DCFF477C2B8ED227C83A72F653692025AE09F13009427A5633563AD9E783A03353
                                                        Malicious:false
                                                        Preview:...B....a>......E.mN.!.....u9..,......a.l..\.g...5p...h..;N....n...S.+A..._..-..>.Z...R.....+...A3...7/&Y...$.8..*...A.N.2dQ.....P... .so.$......}.?.N.W....X)....:.....}.W......~.r........I7....9{hC>.....8.gq...l..W.....\a.O....n...m....7.)....#./97ie.....P/.:3.|ng...[.fD..[...>-v.bv..%)B..}..e.y.jF!|}...8."..#.~.'...?..?.)Q=RA^B.f..bG..}..C.4.^..hM...;.... ._.N....+.*+....u...oI.......\"..1..{Re.<,d......./ku..p.j...S.1..M......JWD....`s.....M......5.......Hv..s.......y.\....>4.H.....S.m#!.|.r..!.8.D......{..Q...MC-{I.B.....u..P...Fj..c........%."..Y.Wc..F.K@.U]bD.E...x.A%.........Q....TPA.#+.b.....H.1"ta.L.d_.I3Z..S..Q.......T;......!...H.(.cD.."...@.>HV.kc..=.P..i..8....:.(5i.e....Hy.W..m..r%.eC./D....2.HJ..p5.....evb..sg7...(..x."'...Q.....v..2....o.6f`....-......6......u!{2h.y.Xk.{.8..;E...nN....."5....7<w.M%6.v[.;........bH.Tg9F.~.>H,%K.......A..x:1.fs.I..'K..%0.n.....S..e..8&...5f...L._..}.............f.W../s.Q..;l.$ty.A.i.J....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D45F3-1954.pma.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4194575
                                                        Entropy (8bit):1.5381478623436176
                                                        Encrypted:false
                                                        SSDEEP:12288:W93Mms/U0xOyt7ZMTqqcqocj6Loh6VOaFXnc91bdU:WO7h1jcj6Lo8VOaF9
                                                        MD5:8E9D4616F145B5E88B7E58B205174F45
                                                        SHA1:DDD5597A4B315F1A83CDCF1BA41574C37803B0E3
                                                        SHA-256:1BD8669386F2766822EBDAB28356DAE9F5C303421E664ECFA77A44850E264ED6
                                                        SHA-512:AD9F8CB4C3A49BF1D56067CFA6B401F86579E89EAEC6A6771A0CB8BD79EB9D113868BD92D4A81B49031758DC90A0535A042AA41799C19071F97D8A5204F3780F
                                                        Malicious:false
                                                        Preview:c..7!.'..%......e..>c{.B..}%.Tb.U.z..U3..K3........OD&.z...Fm.Yh-..(..<.p....kw..*..KWaK..~..B....X4{...:[i.Rl...u....b.J._.,.D&......M.1..?...?jvY.... .A..=..k....C.<..EFz......<AcU...0...kq.......i\.5p?.-..6B..C2.F...Ek..3.w..h{..$T.......+.N...)..'...[H....q...>..Z.+.:.........<.........K.p....0Z....W.8..p...W....gXq..:8.ju.adr.}\Y..g..?.P!.#.c.a-...y-.@`..........h.=..f.0.).A.(C..h.(.>.B..1....g.S".5....b.)...........nR...y.Ix[.`+......Xq3.....F/J..F..Un.w^..bM..L>.&..>1.J..PM.....>........m..C.\_}~...u8R,.".&........2.pE.......O..v.q...=.s..j...[.Zy|.K.P.P.zf..fs<..Z.~..v1..g.W5....s.C..\..2d..=...$....q....w...0.H..N.>....P..R....<....@}V).....-Q..tu....4W...+. E...A..S7.....r.-..(... ..U...H...i.$..P(.at....P...?......a.*F.....P.mQ...O.Q9H.N.)o..O.w...%G.ga......of8..cax.....4....x~w`Bo....W.@{....j.......o...c.r...v5.h.y.....%..p.G..[..k...S...d...6Pv.p....%...f~....=.........R.+|..n.P]:K...z..K.{Ne`.8s.y5,.f..8RG...}.Hv.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\CommerceHeuristics\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):279
                                                        Entropy (8bit):7.275257198794134
                                                        Encrypted:false
                                                        SSDEEP:6:I62esSchb+FyEr/yeK1EgY26f61aBDE6txWw+DdP9l49aUSnW:qSvrTKnYf61a+6KxPlu6nW
                                                        MD5:4B25B8B896D1E898640D94E44A3E6552
                                                        SHA1:7AFDD6D5C5F1BBDE01669EA98CA2AFF86846E50F
                                                        SHA-256:743D833CD6665C5F852F38FE95522C93AD42400270A4B70D0BC4DCF598780BB7
                                                        SHA-512:A834F1C44910EDEDFC7CADD1350441BB78D6581483D4A0A4E984C147C37CF4C443CEFE9B21D475F315670EA8D53E695E9D0757F27BDBB2A07E1A75F011550DF8
                                                        Malicious:false
                                                        Preview:..&.K..T_..#..n.I...]......l.3.6~`T.../...&dko.h.=;..v...\)[...n.0..../e."._=.'y .WJ...wk....5......S.....1.....:...#.....P.*./>...?Qz0i....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8422
                                                        Entropy (8bit):7.979096468181014
                                                        Encrypted:false
                                                        SSDEEP:192:/qyc967m4kv6gpQFJ7dH4vfS24J71ZN4JXh99qqF:/x7ZJmQfdYz9b9qqF
                                                        MD5:5CDB33C2DD950D7677E1876143625571
                                                        SHA1:3F95EC12EC46E1BAB1CF07B719106E6A6DDA1249
                                                        SHA-256:609D5A9D1CFB7B8B0F4634BDB99C10ECCFEB3B30E213CC517EC5EA161FC00AD5
                                                        SHA-512:6C4010B7FE2CC74B3E1AFFAB19CC8A879E3579387EBA44DC36CD7DC499EEA4D9902188AD1A9962A0EC191BC80B88DCF4C11423446CB651D315F65128B94A7954
                                                        Malicious:false
                                                        Preview:c..(..0N."...U. .........Ng....{F3....p...B.j.....r`....O.2.....$.....Xr.K.B+dr....5.S:.2.m.c.......&2.O)..>..@>.....I...'....9.ELc.4..O.M.p....JxetX..ks......9A"...@.....Y........t.p...[.'{.G.."........l).`..^'.....9.x..t..c...j...co^...7b.j)...B......Rs..7..JP.J.....k."..wR.S./@.E.....Pd..:...:J3.w..l.81C...\.E....u.4.J..^.>U3$.F5..[.r.........&..H.7u-.xQ$...K.m.m.G.(l..l...Z..%(.C.yJ....9\..^.$..2.bG..*....6..Y`.+..\..5..d.Y.B.v.L.C..(....5........(0.......9N.9tM.C..(.q.....Wd...../..ig'.ay_.#E.Q..jS...+....o.9p..h..7...y..9.h.17.'..vP.v5D...Y[.8..f.{qZ1v}7...K..Y.m..x..l.i.GV.O.(..:@Oq..6.C..i.A".('yDO+R..W3ITP..lY..w1...:..l.D..$c*.a?.Q.7.-...u.0c..gMH....Oe,l]*.....Dqd.1....d.......+.J......h:...B..=. s...z=0.i5.\cA..QY........|.>..]&.V..J#:.q..LE.e..3..x...C&.oO..F_....I4.5\H.C...K*.B...7..`.....*.k....|........b..'.=.{..0;...k"...+m<.uZ.xV6W.k.).V.`rxFXB$.o....5....[.[t:.m4...6....K.e..H....n.j.+..k..F.....[..?...00..<..

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):270566
                                                        Entropy (8bit):7.999382460251647
                                                        Encrypted:true
                                                        SSDEEP:6144:WbM0adrat4vR5tj7P8JxSwKbSaVURd7w7jdl5ENzEj:W40ad1vz9PMu4qjL5ENz8
                                                        MD5:C3F9FE52A34F3386640724099F8404C8
                                                        SHA1:2342389D838ECECE7AEE083F9B1CA25AD99A05CE
                                                        SHA-256:CFFB76CF4CDFCCB620D7DD716CCA6341B7BC8618DF099C73C62A4C92E343E455
                                                        SHA-512:3DF0B7137591020EBAA5E23FA103DA294C687F96F6B63A915CA7D9CB496490D44CB4546F59871C80CBCB88DBB920EBA38A2A7C23FF7D68EE90408BC44EEF3EF9
                                                        Malicious:true
                                                        Preview:.n....9..&..x...!?.U.kVwN....E...v3.\...I6..}.L.|.@.xk..%...{(..pR....2v.<......m....'nH.j.=..W6......*.Zw..G\MV..q...90m..)V.pZ......D..4.|....|.?..K.......g..b..c....R.H..".....Yl..-.`.n-...{...f6.jz.XP..H._|V.Xhoh...._...P=O.I..U.M.`..%.z+..\......2._..7....8...v...6.(..../....H..l.....m....p.<Q"..1...3..(.O..n.....9...S..".L...8.d..~:..0.0.x-...H01.S.3..:&..f.A..G4)kf...)...^..d..s...i...L1"R+..o.=.jP'...[;.]-UO...(..b.^..!]F%Fb0... ;.).b.A..)..g.LN..Y.%6....;.k.}.fH..Ct.1......p.......V1..i.......6........n.."....C.s.$..sRJO..L..W.7..}<..4..5.,.G.....u.......'...S..L.9......./.v;..[.. :.....{..RC4!#ypPl....:....{....s`...DO)"..WX..,.Y~v.{.......*._......8._....O.nM2..&...H...<....Z........*...ZO.<.tP....[..<..L....f<...n..C.z......G-?......Q0MZ.0.......K..2!b.x..j.=..,S-.....B.ES..B.vOA..l...f.>.i.....B.D)..^.o.zk..r..X...........^,....0...$...V&....^*.__J1-. A......x.zh.7..DnSo.3...F.}5(..j*`...;.%.2 ..4piR=...dO6.g......m......

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8422
                                                        Entropy (8bit):7.977888476407843
                                                        Encrypted:false
                                                        SSDEEP:192:Zg78wyRl5uJ4iPFRF02SjkZy5D3pXNClrGCajOS2BMF:Znp4HF02lZyR3pXN5tEMF
                                                        MD5:48181B4523A1B0C3BF33F824D7C2FA0D
                                                        SHA1:7918E87F2C48B693BB5EDD675DC6763768846261
                                                        SHA-256:AE2D35FD945D6D35CF04FBA017ECA190BD802011D011147D9EF1E17B40C9FD09
                                                        SHA-512:B5D5C9DBA99475F6AF4CE45DE3A326DF9A9BA9ED2F0FBAA666E85D771AEB1EB750A187967A6739FB0C4DDF6CBB075252F7706E7C4C332DA83939BB9EC2FACE59
                                                        Malicious:false
                                                        Preview:.e.o..|......l.....x.<./"..x.H.v..'..........NW....t.@_..[-H8....EZ...N..<."3$ .n..d:....kcM3.9f.."#QH.lg.......X....{t..&..&...I.V...d......<C.*.j.d.Sx.......N...D.<...,..4..v>HI<..<.G.6^.0..l..I(*.W6.ib.0>W7...?...1Hy.i'..E.Ud...)N.g..7.N6r.....~c...gpB.pP9.T.H~.....=...y.Z........}r4.~.$P.A...."........>....:m.;K..e.... Bq...Y .C.5...9......C\5..T.d.HA.o.ZD.i...1......>....B..m.......g.i.....L$...=..V....t2......a...._m.Z...mi..>{......l....~\..7e]q..0..P7S.P-..........V.....Y"j..1>.....?..c....Y*IF.!.r....&.m..A..{+.{.'.P.~.w$.'@...3w.k..mT.......H.E.t......0m*._...8.j......?9K..M..._2..../..@s..W.....< ...n..F..RV...M(F...=.c0Y....T.t...B6.3.p=..U<........T.^.+..........*U0.p.:.I.8d#w-.x.cs..4...k.>.D/.3ua.%.v...V...`...q.=....oh-..2SIG..%....v.S0..^(...=~.t~.Y....aF.!....N...a...~....9(...d........w..[...8...a......F..u.}o..X.'....8w.....(......L.M.....6i;..?..$%..H(];',.n1...........5.^i.a.Z....~..h.nkT26..7.F...w{.Y....AG.=.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8422
                                                        Entropy (8bit):7.980159857246839
                                                        Encrypted:false
                                                        SSDEEP:192:uzNgH9s8Sy4//dzonwfHWQeHZOia5Ij7YYR0tSF:uzNgdDSy4XBCOHeHZOia5/YRUSF
                                                        MD5:F0BA9350970E1D918E0742927FE26A67
                                                        SHA1:A2D010660CC3E0D1519A42B03B41E1C52476F54D
                                                        SHA-256:71499740DF77B4E2917DF009FD25D82D491508D77AD37554E222F5724C8E2FAA
                                                        SHA-512:4FAAFC7B3B3D82CE41E38DD502ED0305B542EDA9931D8117082B1030660F5959E3D5191D5D290E1C77AF90E29AFFB3C5AFD106B0570D9ACAC2BFF8FC444939BF
                                                        Malicious:false
                                                        Preview:..XV1..&..C.....z.......trX.S.=`T...\....Y.Z.t$'"{:.....z..^..n@9........j..:..J.4...j.g...mX.......@H...L..lX=..O_.vB.+8W.(.{.K .../.c..v5'!.7-...x.....p.[$h...(..{T...?.L..;.KU..B..`.]..h...@M..+.;.....ZC.=r.oc..3V......Q.*s........>)...R..V../D.*....*.....+...dsC.E..1..`B.$|.J].9u.+6`...duc.fs.....Z..~$..Q.....Z.D..@%]mc.R...).....z]....#n.r>...b*.r.....7.....Z........zA...... .'..N)....Ci=...O....,D'.)Xi.f._2`|.D..g..;ca.D......@v....im...@.2K.d.....3..........*....s........q..'..r.I.1+.Zj........b...ia.....i..A.._~%.....<J....o ...a.ea.K..DR..Q.1..I,..mA...e.U.@..9h6#?.n...?..n....s.R.zE..e.B8.@B.$.#.L...E......,J.)../4.FR.)1[i.A6....$.%.1.wqNG...5...i...2.#.P.\..-.'.Rx.9....E....E...&..n.S_.0G.AI.....p.(.a.w.S.j.(%.....v.A.=J#.(.A+....'.g.@B0K.)..n....8Q.E.L.3.1..!!. ..O...........'..R.G.v..K....lt.7.M.O........c.....}S.&...]\...3..LJ}...I.yZ....i.....vK\......\...p{...F.fXx..Z..M`C^#.-...*......y.#COd.......... .B.L..y..g...{..|...

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):262741
                                                        Entropy (8bit):7.999388139227156
                                                        Encrypted:true
                                                        SSDEEP:6144:FRJdiwcMs644ssaBaREBc+ByOrRkbQtbQuQCyNhI6sSeGitPn:FRJHhsVaRav1rKbmQjCyQ3b
                                                        MD5:EAF75E0B3C6767FF6F980C21B7EBDFBD
                                                        SHA1:0FBAD9352DD38A889FF7FA18541A0D1180F914A5
                                                        SHA-256:EE8D81A197DD7DAD7523E42ECD53824ACD87334D29FE2FB73BC18A9EF6D96459
                                                        SHA-512:F3D92725B2CD3E88C6347BB6FC4FCE61983A10D359A6F9B9B24F3C1999430A5367742A2830B59CEBA751B3A1EDBD49CB49DFB736CA90104625000DF676331B8E
                                                        Malicious:true
                                                        Preview:Gl..w......$..5.....[..RP~...;O?.;..O.^%.&..K../...7...........(....:?.#R.`y.Q..1/....pH.f.w....u.D......Um..)........C.Z..~B..[..v!.;.!.O.{Rb.7......Q.PG.e@......w26.g.7io....K.f.M...y......X...;.o..-..^...M......;j....0.0...p..,........)..RYf.w...W........yxu.^h`......IEk..6.`R..@......1s.)..............[.:..K.... ...q..\....E.#Mj.v..j..d.iD.g.g!.i.}h-*&....\R....M^.n'T..L.......-t....>.\.r=...[..g.......h%x.."]..Rf.....ZQ~7..J..i.D7x.k.ci.X..O~0.7f..E...d..;.<C|...@.]....".o.6|..> 1..n.....I.....H..N.(.#....-&....qK..`...8.Y.."...<..l.7...U....DYd7.W+.>p.C........h.].b5d.....|)_...A.2M'.N.{.[3..{.P...S.4.9.....k.......-..A.$l.!2..f{H|...OF.,S;...L..`d?4.x.7]c~:.H.. ..,%...r....08..../..u.y..og.-...;.Z.....J.ebs...*_V..P...D{..:......u..u..._O.X.......7..RC..Z?....I|.:...24.yI%<./..../)0>).!..D..V.K......`..........Z.&..W.=Q...'.:c.t.......b.^.waf...V....y....S.u...ifw......he.]+....)...qRo.P.ZU.....3...........^..Tc.Qr.e .

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8422
                                                        Entropy (8bit):7.979078545823874
                                                        Encrypted:false
                                                        SSDEEP:192:IhHIbouPoARsLJ56TeAuf4ziSidRw06wWG9rB3bAw3+F:8aPGF57kiru8/rVuF
                                                        MD5:FF57CE842F0CE6A63E70DC5111F34C3F
                                                        SHA1:002219317D40FB7D8992DD347D21A68921380EE4
                                                        SHA-256:A986C74FEF062FEACAE7DCF1D1613D4AA74319C610C6107AF6BEFC1C3F27CACA
                                                        SHA-512:0A171B3A1002119704A2DB92C2971EE1B7B1A13C8837C3B0A795F4E659BE0CE5F6BE94EAFDAB4DFD108744714517A258834E5312A8D86394BEDA8208F683A9AC
                                                        Malicious:false
                                                        Preview:..H....7.....?H!\...x.e..mR..RW3%'W.e3......Q6..?mVK.g_..9..o......p...f..+n..Db..=....f...........o.%Z2...O][z.S+p..UEV.F..9M...>..l#@@=...Ep-..c..?.:.).4.....1.[V..../..M..v.E...).7!.Qm6.]...xO....xJ.N.......d.".#:.1..jS.6..g..A....b..s.>3$.4.f...+W.}../X...}..C.1..|.......l,^...6.......c..C.9N]8....)..U..H..g..<..-..[+N^..V..h....;....N*.d1j.....N....<(Huj..l....w#.^r.....*.y.`.1.....N..)v.U.CH].. ..K<...sB;rO.R.=.C...&*..'E..dO^..."D...u.fi.'.vX@Uk.A@...@..i..4|..AB...C.....SH.u.E...k8.Y.\.\..E..D....=.._?....g....7a............M.....N.j..4.....f.......j.jQ.Z........-t..EFY...|...../r.|.........y.Ab....+(A..Qh....+.F!}D.v..^~.n~.....V.......~..".O.7b..32......[..a.P/....].W.......83..q.*/\.d*......hZ....]...b...F...U..#b.v..u.v\..J...z...0Q....h...uw....3+/FG.UR.y......zE....%..>...qg....D.>.`..r#'.i.|.....I...x....)rV..<e,I$..i..(..8.?^...ED.'U..4..F.JB.r,..<....W.W..y......Zaoz...>.$f;p..........\.T...?M.?J.ri.....3.y-..)!zC...DG

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):270566
                                                        Entropy (8bit):7.99931767632539
                                                        Encrypted:true
                                                        SSDEEP:6144:RXRubPVmCskGmnSzv12JjoTJrd2zs5LMS+lOy:JcLVmCskG/1Zrdr5FNy
                                                        MD5:641BCF8412D2F66B217CEE6408F1454E
                                                        SHA1:18C6F49D7D71A73DA64F738ED2D05F52E7386F2A
                                                        SHA-256:DAFC8B36B83A4C741346AE2D50D9D4B9B33665C08FAE524221974F9815B10F92
                                                        SHA-512:D6D64DD04F0AE31F4CE453DB31CD77FD6D625C32A8DC8E8F52B5E02DF8E3944BCFD62B40A729BB609CCACB9DCB33356274D669C2CFF314C4E139C690D90ED168
                                                        Malicious:true
                                                        Preview:..'>X.j~.......F<9..8"L.....v ..|)n.U3..........3G.I...=.....p..$Kyr.h.S.M.l..R.H..t.`X.lr)...6z..]....^[4...V...c.O.q.'e...Cb|[qE.3|!-.M...i.G*k1U.V.G.l].H.p .k.YB......V'...T$.v..W.T.I3..H.x....JBja.oC....q..L..z...nK.>..x....Q...B0.R.@.ykn.+..LM..w.*u.%.....]?.S....7....?...x...K.....X`..k^E]=.....3.>S..3...L....}....].3..h...'\.'.&6.r..r}S..j.....j....+.5I...d...>e.piF.._{.a...D.x0.....m1....w.....I@.......Qf..]..'......E$.1......x...Y...*....q.......$..0........2:....gC.ON..|.B...K..wQ...<`_.2P.}..-...e2..4.[.@\}..F.r.U...}V........S..p.}.....o...|...0..d_.........Z..%9.M~.......[..\z......hI....w..N...>j.NEa.!.x.......v.MO.'AK...;.`F...Q]:...5j.....$..d.|U....%aUO......w.=..4..]....m.n.}w.~.d.&{.W...... ..e[v...*T+.....Q5.#.&...%.K....U.:......9..0.e.DP.....Y....y...b.7.I.......2... f...j......d'...3P..-..D.l-......U.L9m[.a...6..A. ....../..../....f..R{d.1..ik.....#1..m...Y..A..[4R..8xP./n.$............#..}.(....`M.5.N.l...

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_2.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8422
                                                        Entropy (8bit):7.978314431626353
                                                        Encrypted:false
                                                        SSDEEP:192:bWDz+lFcDt3jMqkdQdHPvRZQFqwjzEmgKUzWgQu9Lfq4ifdHpWF:bWDqLcDt3jMqkunZmrjQ4UzWy9LfRifc
                                                        MD5:527AF5A3BF8BAB25E231ACE431B80B01
                                                        SHA1:0B501ECDAAA24C88A4E3C7628DBD88A487B407E4
                                                        SHA-256:27BE72A6396044844EFB1400C1EDB36D1ABEE499930A0752361BB889B1485872
                                                        SHA-512:916755CE8975B95CAB68783E9ABBB9307D339300E9F3015B814BAB3383845D8AD2A8C7BE9D06B6DF36BC6C0BD59D2AD018A2C9A7305BDC0B7827DDB70C190F6E
                                                        Malicious:false
                                                        Preview:...|.e....\P...C...Z,.8Nei.......b.....c.P.j....t.,}.....NM0.H#.^.-@f.7,.3..|......D....N.... k..X...k.0..R.gX/.....t.....q....OaO.9rJ5.[F8....H% ..d.T...x..^N?..^....Ka%8...E..SuzE...o.?W.Z...(.!b...~z..YE.Td...,..R...E....$#.Z.8.,c..m....d|*&#K...X........WT+..%.&`...6.P.p.l..[VV......\..d)x%r./..L...).X.......C.};.S,....#2..C.C.z........$O.....m...!.....^.....1?K.H.]:.oRC/.....M..?.v.....l~x..eK7'.He..B..s~..Whs...?.....v%.. q7.z.[.q......y....B.w..$....m8k............*....qqX.0.-8..........9Xn...]I.......FL.>.J0X..O.1.N...k.~23x@....%..e..Q.*J..,6..jC..q.\. .Q..:...6G^f.i..e.-6.a.v...S.6wT..>,S..g...w..Zi.B..4...,Z7..@9....K*..'...l..]n#...9.......6..........H........Y.R...E./..."......?.[.q..b.~P...\...-Co..51.%2.....Q.."2.../-....E..}...gQ~ ...:.....?e.......Y*IrYQ......7,.%...2...-.........Co/.H......k.9......!V.{=xH#.1?..u...B......B#........._1..A.ua..5..\O....~....2..1..._.Z.Z4.c.+.*.0..n...`..a....P.E.-.j.K9U........

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:DOS executable (COM, 0x8C-variant)
                                                        Category:dropped
                                                        Size (bytes):8422
                                                        Entropy (8bit):7.981806588074325
                                                        Encrypted:false
                                                        SSDEEP:192:ifwtB6vsOUXn1H3CaVilQULumhs6Ipnqzy9YvyO2hfqfQF:io6vbUX1HEZ9Onmz2hfqfQF
                                                        MD5:C2FA7F1C2068CA544F505E71E1CE5050
                                                        SHA1:A07C2A4C5F5952DAA5E6F6F540A68BB8B393F7B1
                                                        SHA-256:C16B491116CD7805AEE1EFD66C948D20159A0D245F82B00988E57700F06D0ACC
                                                        SHA-512:BD625898F688F3F134C380457BBF183E792EA2A6CC3E837D7704EE0BD2DB82ACD2B82C53CF17D5230540F15AC58F9B8789B799DB977CC6CF180C32794512D25D
                                                        Malicious:false
                                                        Preview:.5..5|d..g.*..;-q.....g.>.T.[..F.B.D...p.e(.....2.Z..S..ay..nOI<....K......0c..IKA.....B.."..w.^7......DQ.^&.....r.g1.O..H9Z.....+p..|>t....IM...4.q...7...S.fO..B..I0 P.....b...5JT.$..X..3I...3..0..W.O.3..3.)..L.mT.Y.AH..../1.;.^....sx......!..s.$J.........EY...p3xk.-.....G..U.0N.....!YSrN.[v.v.......O.)E..\#.......&....".....a....p(.......,..j.icE7..7.J..p.A .3...=..(.1....%T.^...6....q$.x..M=.6f.6.j].3.....(.....PBc.`..gg1E..y.2.5...>.w.(.MG.....l..9Dw.o..4.C..&.I:....'.'....1@... A.5L.qg..ql...b*c.<`i3.Z_....].....C..#.........Yiw..y..x..P...}.O.ZN.V.9..4..F...3..Ldiy..^.F..?......K. :Ci...#..Gj.u.....A}B.1...L...k.#616...L....:f5."#.Sb.........Qv.f=.\......k....]U.ui.N....,M...e..kq..,[..x=.+..Z;.n...UA..oZ...(...Wk..Y2..26..:*,.G.$/l...(.C.k...)f;}\...~.5M.......1P..v......@j.h@{dC......@.....U.b...ks.....{.R@..'d....I8V.r&,M40B.-.Ldv9.j;)9..4..>.%...T....2,p.E.1a.cd2.X,..hV&.^....},f..g........NV..-Q..bX..2.q....,YF..w.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):262741
                                                        Entropy (8bit):7.999274789055949
                                                        Encrypted:true
                                                        SSDEEP:6144:fDmN1sFfX9tM+6efZEeI+vvsvv70ajEgsCgbjy4Edj:fDmNiP9tM+61svwYGsvXyj
                                                        MD5:11FD8D697AE1609560C847B60A2DBB9A
                                                        SHA1:D2CA4381FD645B7C5B67B758E6481790B9D6D54D
                                                        SHA-256:165AB2C18557B6A3D95C3EEB0C03C4E183F5CC5C03C21D62DC7A4597B1DB055F
                                                        SHA-512:1D5C9F54C3EA6624A3707C802B32194DD529234D6163B2EBDA5BED60B47F3D6617C6B8B28694E97942466E18734C2ADD5C01CF31FDC83AC7813B4BE5C9017B5D
                                                        Malicious:true
                                                        Preview:.Nt...,. .....j4J..|...5.vf.m..a...3V..$.I...~.V..2N....BD.j.....v$\5.Q..h.&..$...#...........nl.......P....T....q.qZ0.c.R.......n.2..(..Sk...V..FJ.&..0.;..7...ZuB.Z.1a..........@.MqyN.J...f:a.;...Pb.b..0LO.k..^..eh..l..4..r...bs?)0.'.....kE?...!.*--..s!Y..Y.T...Ru....y....../.F2r>?...jU..VP"\........<..9*.'...!"h.c0q;%s.q.<...._?.......*.8..u.....%.......'..@...3S`.s...Q.'..5.....,;...K.....=.tZ......q..8z...Av]..Xr.u.....S..>s:..S._D[D#.En...WL.=...]_tok.>.`.t.....$..'.h.j........Z..X...m.C.....M...Cc.UI..`....m...u.Bc|. ...sw..%Bd .~.~VRE.#."..iQ..M.4#..Bs..)'...%..2.V.(H.u.nZ...m<=...X8.S....D...g_.|0.D.'D..;?.w...9c.u"P.....L......P...P..iSM....B.{.Rb.jS.b.@.`.d.4r..&.P8..A.W.#.[.........s.q.y...?=...pJ...../....1......3...........A.>D/....:...M.L=.5 .7......%...?._$Y2.....u@3.?.:..G.....KI3....r......Z.m`X..s.i&....}B.4K....Su?.u4.....Oj...F..._.....2.].U...e.Tt.*.?..uJ}.T..L@...+........y+.1<. cN~...U.>.gjw.>.s...rp....\.{..!...2....%.!..

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):346
                                                        Entropy (8bit):7.407643889484129
                                                        Encrypted:false
                                                        SSDEEP:6:MYC/ma/ilPleqDsrtnpU1/XzlB9+w2lQ9EXRh3Cf61aBDE6txWw+DdP9l49aUSnW:Ama/aMqDUX4z9iQ9EHCf61a+6KxPlu6W
                                                        MD5:4287495267DBCF373A9B7746E28E3D55
                                                        SHA1:82D09DC555C02429F2C4B5B2BF71C83BEDCFC644
                                                        SHA-256:A13122D95FA99E4CAE7C04DB995DDC0BCE8EE947EC2C878FEDAE5A16F52C4DAC
                                                        SHA-512:BE2189412616F1CB3D0B7DD848EB9499E5C73C9E9B01E9FB110258F5F74940D4D7A57C6C7A7AB72D71F60B3879EFE2955CC636577EE2E7B956920BB084BEC051
                                                        Malicious:false
                                                        Preview:.....F._..^..)..8...s....T0......}.9..c+.3...\....mB 7...b..#.4..D].f.H..v...;..t6...W\..G;=..ng..(.....&cE..Fg..PZ.W...\..+L...<.0..../e.!._...-.l.[!^.....'c..u..>..M:.H-... J.|...)..upe}...!.^F. ..ZD*#.j....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):256
                                                        Entropy (8bit):7.138251855282828
                                                        Encrypted:false
                                                        SSDEEP:6:/hNSVZ/q/UvqeP2IWXDRQNwr6f61aBDE6txWw+DdP9l49aUSnW:iXiAqeP2IWlWG6f61a+6KxPlu6nW
                                                        MD5:401C868EDA86C9ED89CABFC2EC96C59D
                                                        SHA1:241DF46EBAB46F728908CFFC1D8B267C9F22F1B4
                                                        SHA-256:D938EAD15E0BC43A4380D25E3413B72BF0008470844ED0226D024E3F302ADD00
                                                        SHA-512:4386C3E6EFBAEDD1479727630396CEB633929995E70A69D116C5AABB4EE055BBDB3DB563203FB25C35F75297B992165896C4DFC78F3C56DE3215756A17B2EC5C
                                                        Malicious:false
                                                        Preview:..?T....SO.kW...&cE..Fg.GZ.y...V.02N...n.b..../f.".\..1.........."...r..0...QcW.......ap&...XJ~..T..!..L......uFT...l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):66885
                                                        Entropy (8bit):7.996819567759411
                                                        Encrypted:true
                                                        SSDEEP:1536:4YpjqmdV7QH9j0ch2SsZDIYf+XsYEKhZH5O7wcKv+haLF:4qldV7aXoWcEZHwkd
                                                        MD5:2F6C11E79B760B5D3953492160E6E7F7
                                                        SHA1:C42EAF123E0897931B5727881A950E0958A5B886
                                                        SHA-256:C52E0CCB1BC69B4677CA82F14C4254EBF326F3D23691FDEC98F6386EF2609783
                                                        SHA-512:EB53571203F83A175A39797FA0E2413F7CFDECC96AC15BE3F6995B93DBE0B90AB5B1481231265A63B994527B6DCAB73DCCC5D85E0507D2036291B1099391EBBB
                                                        Malicious:true
                                                        Preview:..]..7....]..[$YYn...F./..9..n.......<<l0tO..2.rF..P.~...d.f.G.8....U4_..T|..w.T.-............"!p\....+.G... R..Z....v_.5p............y......./.D%C.?B...j.aB00....4T......L?...{U..F...!....."oPu...2`>.CEf.....Vr.U..7..^........A.VZ.+......|-..N..`..AB...%.. .......E.j'EBs...I.aG..c...i.l{......D.5.h-...|.G...S.U.(.M'.P....p{...N\]?.`.....V..C..3..g........ur...H..n.V...g5.......i...Mo.V%.Z......2.p.o1Z.ER]6|2d_.}.D.+....._..m....(.....MN.eo}P.. .....G...E.8U.....g=J....W..d..P..$.$.. 3W..9....m..,..Ic _.&..%.A..2r\.Gq5..%`A...V.......u....P.Z...@.K.z..)}s......K....y.`..!.l...3..M.#....nX{.&T.......9e. 3.,6........k..nW.GPa......V8...mv...2G..@..)..bqXH.q..$(.Z.........'.........Mf.5\.v.O..H.;4.'......R..9.f...b.9....k9.fb.....kST....N..>....X.O.'.!T.|j.j8...U~"m.A...Fb.k.5..7.`L......./.L..c.XKc.K"..%..<..2.w..#VD.H$T.n_v...F?..,.....c...e.....U.KP2....5e..@.i..(.)z.}......`..4...`}..c...H..o..B...44..-B.s....Y.q.R...F.`Y...;.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationGuidePredictionModels\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationHints\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\OriginTrials\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\PKIMetadata\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\RecoveryImproved\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\SafetyTips\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8422
                                                        Entropy (8bit):7.978113452432641
                                                        Encrypted:false
                                                        SSDEEP:192:PEtNY9F0UjVwXfcgsVbAneN2IaIph7rECcxzF:cNqF0UjVef4VbAnfxkhECyzF
                                                        MD5:EAEC14883C7A05AF1274EE240FB928BE
                                                        SHA1:DE01B4ADFA44840FA2B5BA927333BD3C2F4C52F8
                                                        SHA-256:1E6D858338EA79CAE9B8030175A18DAF9FDC9AB45265569CF708E293ECE303F4
                                                        SHA-512:31005CCAC7EE58C2991DEB629EEB04CD47398397A875FAB1EE0D1EFBFBFC856CB6C335108AA929168E3C086EF88DC73CAA0D254F3D9C9EA7161F4B94BE8829A3
                                                        Malicious:false
                                                        Preview:d...cA~S.6~Q4.........0#..>...O.{.*`.@4X..k{..I...2V.t...\..{=.....i....J......D.y0".9dv.B~.+sTo.R.M...sZKV.\L2.q...D.......w..UA.-.E..e.`...m.z.k.M-.)u......Yh.D.w.|...L..^.....1&..]..NaxY...+ob..Z{$.........C?ept.E8.......Fq.......E)?1.....D.....*u.t....C1.V..[.rW.Q..}.....F*..`.f....P6.ba..i9.KH...`e}L..n..`i.`.P....#w.].{...YV.....M..../O.8./..#...-..)_l......k'.....D...B....mT'.B...3./........,.z............5.Qs....>a.....kEm...}......%./......'.........s....-...9..9..p......E.K..h.bif.F....$[#.Lp......8@A...?S..y./..S...^.J.M.E. .....s...}M..w.E...q:..-...d......g..H..Z..L...[..Ov.'.3.w+..L..P.......z.....Z..gF.+....0.u.c...=..h(.$...}..P.Z......}...t3.f4.1.1wH.2#.s.8.\P/J.I./.y.....!......|q9;..a..P!C..../I.e.^,....I..W9.....h-..^.c......\..|..........P..&&.z$*<b..L.@....RE....^.....&..%J..P..=|...F.}.r.S...\......L.O.eF........&.6:..... .v..D.Gg.+._n...D....c..3M.I'.{.X...;=.8..$#5......ZD.......h.....K...;6.........?.../.i.^.![{

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):270566
                                                        Entropy (8bit):7.99931344263524
                                                        Encrypted:true
                                                        SSDEEP:6144:mWEqIGrHLqXKJ09MmSv7i9itBgUNnucdYJzvr3ykY7:DWA5YSve9itBHNntdGTikG
                                                        MD5:0E5EF4DBE0D9262F34F84E99914B40FD
                                                        SHA1:9BE223C3C9E655701160E780AAF7EB7DEBD6BD30
                                                        SHA-256:B5955685E1CC22D99C2D76DEA1E5C4B17AD6F1C5354903A4371A80BC68698873
                                                        SHA-512:5B11D5AE31A5ADCE39F751E2177AC8BEA9DEC042F66D592C8E93EA6151DAF3CF1282B4FD699353ED8E6C6053C2DE7BC6ACC53FB21EDD5FF1560F2A46B4FA79AE
                                                        Malicious:true
                                                        Preview:.O...<...;..s..P.R.?.\Xei5d..g..`...x.n.........gc4\MH..IJ..S.._...Bu.`....2...7l.j...p....,....0...Q.-.eXv. ....77......8..G.n.T..tfYd..=.a.Q..*;].....".,9H.Dz..%......Z-.....a....+!\p..k.L;LF!..p=..v...).K.#..^)Dz.#~I....n...O.CM#'........FE.jDe....X.fm..lh...8...]..u/?.Qc....^.{....8[C^..........~W..^y.\_<.I....u..i.......d..F...F.3...Y.8...I.e7......94..Q....x*.~..iV.2J*....N...4v.H.j.Be^.....%XO.||..|V.bB[.Y0....."....P.}.X.O#3......"...i..ku..(0.1...#t.....M0U.J....+8.. 3....bCC..M.y.-...jEp...}{..#..D.....~....$h,7..v\.#v....l......C.I5[.s..T.I5..=.....y.........$r.}.j.7*u..o.B.j...u@f...&.:.,x.....7...K.._....:.M.-...y.X.o..../'..4P......... .)S*.k......". .......Cz.y....D......X...K.........D..hm %..F.n...........6Cu=.F....4K ..~z........i.r.Pd..Xb.|...yc..S...s....o|y.B.0.a...Jk.IRlE........n..UC.-(.....U0...+\O8"..`k.... .~..&..Q...$..?..........+...eW?..\.dd1y.]..[.%AY..\.....s.Z8..G........'\.1.r._.^k.n..l.7l.$).iG...1...!....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8422
                                                        Entropy (8bit):7.981857743592422
                                                        Encrypted:false
                                                        SSDEEP:192:u7NsCvWUEGMj5p78T+8sCoczkdQ4QD7mF:uRaGKwTFNz9/mF
                                                        MD5:F8C85A0A432791BEB7A4065ACA590F94
                                                        SHA1:36C85377317BFC44CE70B89A0A05450465FF7217
                                                        SHA-256:888748E4B121C23C1F09971C8CB6770EE7E052ED1B421A62D6BADAFD584F8417
                                                        SHA-512:1460541672653F6D30EBF8E18EDC9B9BD41601EBD12C44ECB9FEF00EBF56B19BBB57EB73AC9D3EF08877EFC26C473153E5F6BE6A628621C382A9DA781076C377
                                                        Malicious:false
                                                        Preview:...a...x.1o.Ol.3L.A$..pj....F..).......G...o..R..2,......Y.....9/+'.sf...._,....v[.......Y`...W.<n....I....x..R.%+C1...N..l.f.c.o..r...Y..!E....'.G.L..Dr...P...Wt.g........#...a..~J......kxb...F..GbO6..o.z..F....C.i.!..`I.P.%.Gt....|&.S...!...0(.T.;a..K.hkgh.(.....I.E.;...Y...*....rfO3...|?^.w....Y3.y.. I..%3..).[./...~>....k$....G...w..G;qW..-.E.J.........np...M..m..:..... 2..9.}O8..s....2z'.&.0........~.sO.~..R...=...*8.'.y\.c..\.........8.a..{^....K..oh8......._..#..nsLmS...(..$'+.H.c~..7..K]n..$.Gu.$....RH.:.&*....+..)...f.,-.r`kX.'.....CR]..B.h~...ZeU....X..v...^2.....l......Z..../....K..n.I....]...A4%...w.=._b.'....G....d..%...Q.*C-s..EG..A....2..:H...H.....".h.A.80@obylQ67D.>g&...f.d.*r........=.....vk.eY.Zs.~.`TL..#i.@S...p>.......s..%..P...<.&>..T..E......q..P`....@F.M/(..j.....U...l.4...._%.F........>....q....-..y..'.D..N..d.[u:Si.....2..C...|..1.*...% .dP...?..H}.A..'m.[C"..{r.h.I....[.E._4.@..D.|.....MVuT.....I.....*....]...l....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8422
                                                        Entropy (8bit):7.9788519427456706
                                                        Encrypted:false
                                                        SSDEEP:192:HIVZyuByeqV/xu3mBwUc4GfJWHyKdmsQ91QT70IMUqFDfzocsNGF:HIbyuUess2B/c4GfJ2yqO1U7lM1ywF
                                                        MD5:6A17A208937A0932F3E5854506C762BB
                                                        SHA1:7C63A27F464969335ED4550B1D28F13857856BBF
                                                        SHA-256:5BB0E33C8AAB5720383A0CEEB1DE96D38E52CED9612F03A6CF4469B1D1AD3589
                                                        SHA-512:104CC60FCB198FFCA048E98B0633F78DAB6880B86C944A541B6292E37F0DD77B593BA19B8496313ACAE4E682C9A3F6C5F4F839895031D31AA755E8E43F65CDA1
                                                        Malicious:false
                                                        Preview:>.R.&.{.$.....G..T.r./+..-.........l.Wm%J....]-....M...........9.V....Z.:..*.=..9Kw..|)<{....(....a.*...r..c....l...6@C..S~.SJ9.....4%^..kt...;....b$._.AY.*...D]2.9GD.&.<...r.nF.O.y~S..c..4.v.t`x....Vu..`......;. :u......D"...2fL56_.YK.l....";G.w.r}..Z.H.4..D..$.....1,_>.:..R'.ax../.t..e..-.N...J...u....7.K..;/..Vbm.:..P.8G.lwx.?.af.E.KZ.72..rC.y..........0....<.y.e...<=/....n...;.Ja.u..q.|.g+..D....I$..GB.X...>G....w...Van.......E......4.H...|."|.....[. .....G..P....*..D..>).:......:..s...T.7k{!+V@'.Q...dn.3.ux..ql..&..P>`x>`.3..@....LS..9...C.|Y.C.=..7..FP...&Y....}A.e.(h..B.SW......"k..4..`.7.r1..1....8K...Z....fA...4........=+..][.......H......R,Q7......@^...X.............z.@..`v?...P.!`7..7.CJ*.a.....B.'.i}.C.I..C..u..?H.....A.L....T.r..n.$._..[..{V..7........ki.J. ...4.nP~*\I.A7.c...cA.N.g.ZT..'e...S..../.S......5#..}..q..C.&..9s6}.<R.R>.3.3@ N...!..R.....vW.Fqp....{r.#|b...H...k.o6.@H0.z>..u....I. yJ.Z.j.22NAk.Qa..Z.`....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):262741
                                                        Entropy (8bit):7.999259582639121
                                                        Encrypted:true
                                                        SSDEEP:6144:vo87HNRBMqSyGwa5O5uXeV/MrnMiVE72/kVx1D4sGrzieBWs6TnvHSBplirCcNC9:A8LNRBMqBGd59uarjVEWkVrD4sailnvS
                                                        MD5:B78530AEABF44324B6C48CDED8CB057E
                                                        SHA1:DAD382CA68F06D72155F8F8AC0146C5AB458C805
                                                        SHA-256:304EAEE80FEB0EAD89B5E5A4B19526B8EDF1DFBE24A3D0EA6DA2CD830010AA8B
                                                        SHA-512:3D8EACF8C0C2763968A8A66571C06B5C5B88DBA92455307E8F53964E7EC9EBA395CE93E08A5E528ECB4A68C291AF7F9EF418162B002EAC8F19403A0B86F4D28F
                                                        Malicious:true
                                                        Preview:g..\f..........S...f$.KyV...I.]...h....]v/.G..b..M..*.Gqb.;~O.....o&^VOM.:..u..2.....{...._.$......7....=..6J?1I.e.y.)f..J.^..o ....q..r....//?...r@#...k.x..|g...."+.YK.d...@.g.......v7U..{....{.<qz...@...3..zD.8u...]..........`...c..pM,..Za...D....c..N..w8.<..q.n..Ci..4.........k..IU..r.$ .........o..CL2.hQ..@-Y9.;.P......o..9..8.\.g.....dz.5.......p..X...8.J...7f.D.."E.&t/../.....m..6..v....h=/1$.5.r.u.M.*..*....9...c%....M4.........#.tY..]....%`.f.G.....!....J.P[....R........&......-.d.l..2....W......U.$gh.....g....$..v..A..+..........@...).L.=....-..\S...B@...Y,ZO.0..N.5....(...Q.;....L.s.Fx....J..B]..."/Y,.k.&.YP.D.j.:!A.u.*t..Fx]9.j#.V....,..}..|.G8QB....X..~....c..G...9.u...vy.]e...4z..a.G.s..Y..Y....K..c..&.l..$.......[5....5...X..p.?.[...Dc....e.5.kz......*}<$VK......)...E.>yo.}..:T.d.O*..._}s....m.q.....K]....B..M..Lm..>.2.K.^.3..W.d.7..geJ.....?.A.5..E.k..O....I?..I..U@......Kw?j.N.r.2....Q.2..R.....n...n.[v.b.G..

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Variations.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):320
                                                        Entropy (8bit):7.405766269998552
                                                        Encrypted:false
                                                        SSDEEP:6:JbHcPrZ0XGrWvCQboLAmE0nms1n8gFITf61aBDE6txWw+DdP9l49aUSnW:tctIGvxnE0mMlUf61a+6KxPlu6nW
                                                        MD5:6E600FFBE2293F101C242DE2ABCBB56D
                                                        SHA1:AE1B488B504DB773F7EF5CB2AB91C090A9761D9D
                                                        SHA-256:0C63593E8E67EE8A7A27B5B800B7EE921A78CDED20CF14BC1995F205B5B9C4CB
                                                        SHA-512:6FDD63E259BE3C594225A86AB406641E7359D86D8884E20BC6E20F58B563CCD4859A7B866FA89A4C1D78298F9BD7F394C4AD277C40B482545F00042E867169F2
                                                        Malicious:false
                                                        Preview::.}.v....;~..2&G.X..pw.g.....7J1p..U..]Z...t(....Z..*.$'u+_Z.D.\........p...|..HW....&bE.5k. 5>..z.*.^)....n.0..../e..>.\..Q{\...%\s...V.9....5.4.E...S.....GY..C.....(>...s...".e....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCdm\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\ZxcvbnData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):49403
                                                        Entropy (8bit):7.996349189866139
                                                        Encrypted:true
                                                        SSDEEP:1536:a5s/GUKdeWC5rxd5wVhRLikviyR0/fGB96zF:a5+jom/dCdusReGv0
                                                        MD5:5E50AF3222DBCF6486480141326B0A91
                                                        SHA1:C492B18AD68CE41BD078E716831F68BC32BD9BCE
                                                        SHA-256:448CB90B40BBCAABA2CA60A04C18B57B2E74A1CE4B7E441DF5A6A346F6FA1C38
                                                        SHA-512:09B5C12BCADFA46BBA4B47441CBFC4ADC3D25B591B9E2C51CB930A3D3CB7A806BD2CF5A014B13675B44D46B1CFB54B50AD06A0ADD6F485B2D3BA30A52EF1D9B3
                                                        Malicious:true
                                                        Preview:"..&P.!.&.....=.k...N.2%..F.#.r...........`...r.'.x....k.M ..l.'..0;l^VsW...>.9&....Kj1C..~.......FiPZ.R.....?.G@...`#<......XD...r.2...I..?.6t...A>.O'2....QX1l...v.:?2.D....y..Y..U.vn.3..\..J.Jp.S......@..@...2......................Jac...D....\...V.q{..[""...).@......p..$O.d*..8.7T.e.9"_6...._....;k+3...v.n{~.x..G...(....Y3+d.O.........|...z]MnL............1...qd..u./..+..._.F..R=.....B.M.vA.WL.&e.b&.WB...SF..=..-.M[h..@..%~.F.k.Nu40S..Ws..c9..1f..G...t.....F.......Q!..[..IjF..R.6..,..H)..Vl.wM*.....>.._.....&7bl...G./.R..].a-../kU"j.z5.%..}.L..e......Q.8.M.O...W..D.$._.".6.~w.,y.5.l..g.O6.....'#d.f.b<:...S...O...8^.LAz....R1.1P..f..6..7..y.K....j.........$.v./=.....,.u.>.?4r.^x.a..".r3,>.....P..oz.B...(.a.i......q4..>..N..)..!.Q.....r.a.H..J..ig..sk..M+x.o!S.....,....D.F:.....-5.).c.qS....j.....4.....3..4U>`B.TH....J....`..@y6.R.......:..r.........`..~....Hy..7....;T_......BOR..y[..<...T....e.\]... .R..f.....$.....]....rSDr).I.?&Y.....L.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\hyphen-data\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\pnacl\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Google\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4213E0EF-830D-4105-8B8F-FECDDA39894D

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):180288
                                                        Entropy (8bit):5.291007924658542
                                                        Encrypted:false
                                                        SSDEEP:1536:Hi2XfRAqFbH41gLEwLe7HW8QM/o/NMOcAZl1p5ihs7EXXOEADpOoagYdGVF8S7CC:VPe7HW8QM/o/aXbbkx
                                                        MD5:B6EF572175FE78FC89EAAE777D584AC6
                                                        SHA1:215E7D8CA9E249FB3993BD8AD1F6D170EA120BA5
                                                        SHA-256:8543A9DE61CE12E4C9D033F36683A8C3DD19AB4138BA813C6C42E9715C1133DF
                                                        SHA-512:0869252D0194BF0B14A2DB953166785B33C05086A359774C288669CA069442D03A7F24E6ED6417422AB91FAB65B9F2377A0DECA65291A1643EEAC6E2223FDDE6
                                                        Malicious:false
                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-26T05:27:29">.. Build: 16.0.18222.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):0.09216609452072291
                                                        Encrypted:false
                                                        SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                        MD5:F138A66469C10D5761C6CBB36F2163C3
                                                        SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                        SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                        SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-journal

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:SQLite Rollback Journal
                                                        Category:dropped
                                                        Size (bytes):4616
                                                        Entropy (8bit):0.13760166725504608
                                                        Encrypted:false
                                                        SSDEEP:3:7FEG2l+UQ/FllkpMRgSWbNFl/sl+ltlslVlllfllUn:7+/lWg9bNFlEs1EP/k
                                                        MD5:473B8754AD273B90A1FE174BDB6E3896
                                                        SHA1:24976CFAA5D883E14009D7D8D4B0868B9F742C8B
                                                        SHA-256:6852D980DC7482615141096398E014450984082A0BFE5861B90F324BE0B28683
                                                        SHA-512:471C057F170367D04AE96FBE3913ED689E962347F9D5E95B8529F3BBE6F210D5A438A9408D02F1BB6B55F1A86B168ABF28C32659633F395275FB6750A6302D47
                                                        Malicious:false
                                                        Preview:.... .c...../.2g....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-shm

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):32768
                                                        Entropy (8bit):0.04461426543920338
                                                        Encrypted:false
                                                        SSDEEP:3:G4l27nEyKIKSpq/Cl27nEyKIKSpltWlL9//Xlvlll1lllwlvlllglbXdbllAlldc:G4l24Zj0/l24Zj0lML9XXPH4l942U
                                                        MD5:04CA37D4C97B067842A4FAA4B523227A
                                                        SHA1:E70F82221E0D72EC996EFA3E38826C1F5974A298
                                                        SHA-256:208F9885C3F73092A6CB0B30AB785DC9D51B263D4618BEB35A1AFB71E2F31874
                                                        SHA-512:B50EF1C1707ABA340667A725F34D203EDE4105E86A9F369C272C9C7DD920A8EC113C95339D4502682F5E1D2239D177A2A30F34DC96141EE35EA234EAC14B1931
                                                        Malicious:false
                                                        Preview:..-.....................A.)$.a:./.p....Hh^..o.*..-.....................A.)$.a:./.p....Hh^..o.*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-wal

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                        Category:dropped
                                                        Size (bytes):45352
                                                        Entropy (8bit):0.39511192373664755
                                                        Encrypted:false
                                                        SSDEEP:24:KYJxZ8Q3zRDENUll7DBtDi4kZERDVh4zkzqt8VtbDBtDi4kZERDRzP:ZyQ16Ull7DYMf4zkzO8VFDYM1z
                                                        MD5:B7BECC20C9F1DA613AEA33A356B17F25
                                                        SHA1:3E0245CC414A5D1908DA9539770484805FC9D6CA
                                                        SHA-256:1FCD1DF28573CA5DEAE8FF79D672D6176027D5F0D87102EE158B1ECA33BACF9C
                                                        SHA-512:48C718B53C8EA87B597405B263D6B99E7001A3B262B21014FB5D7D8BF66DEE8ACEAA2787AA7209354B7E952C700ED1C1224A76CC8B137D233F5771AE8D194344
                                                        Malicious:false
                                                        Preview:7....-........../.p....HrW.Br........../.p....H....SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000000.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):49152
                                                        Entropy (8bit):4.835282995202527
                                                        Encrypted:false
                                                        SSDEEP:768:qHgOJDQ/UAqnpqOwEHzNbHMO2swSG96LgDQgRc1O:qAOBQ/UAqnfTNgO2pSG964cM
                                                        MD5:4D5F5DED77ACE0D93E98AF25B319AFB2
                                                        SHA1:F5D64CD3CD95D93A4D785FB98EB35D24BC482099
                                                        SHA-256:D88CA6A6438CA12AC518599ECE15687EE21F79407701CABE8EF6DCE439880723
                                                        SHA-512:924098202D3EC54E904C53E029FA679EA6472E1CA5138943584D737AA73BA474F32E32D9D261775E0D90D704040C5CF56A3130E3D3D3C607F1999F1925958EF9
                                                        Malicious:false
                                                        Preview:........x.....6n^...!)..M.......L.RB.....`."..%.....;.HP.......0.......0....................................................................................................................................................................................................................!.@[.+.d.5..E...^..@b.......L...&............... ...................;.J~..Z........7.5N................T........... ...!... ..0.......L.RB.....`."..%.................0.......0............ .......1..j......<.........g..\n.?\...Q..............................2..`Q..pD..8..............@.........;.J~..Z......x....................."..@.#.."...~..F....=.O..N.....@=......)_L.(...........................................p.........................................................?.................?......................?........................H....$...K...9..$....A......3.%...'.a.HK.....;.J~..Z.....'P......`E...................@...@...q..X...,..lnH....N."..B.?C.pP......0..@........................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000001.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):0.04401584019170665
                                                        Encrypted:false
                                                        SSDEEP:3:RRk//:Lk
                                                        MD5:CD74ABACE8A00B17BD8107BC5982C21E
                                                        SHA1:D53193CF8A43D766FBFA52976192F44D6B0F79B2
                                                        SHA-256:B670BC07C9CB554511180DCF3F6A2C7818E8CE6E67B84784F0EA4D35EC61D516
                                                        SHA-512:1B48A37FCF0F9FB9ED9B31A8F3E36596689BF1EEC6F41F5EFA3C728121944919CE7A81F0379A108D80AA051CFEF07DC296F9C0691FC8855983B2F29EC15C7FEF
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000002.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):0.49201515921564265
                                                        Encrypted:false
                                                        SSDEEP:6:NTclq6d/Dd9l/lNPRGwJ66Xliw1EVrzla:Vcs2/BH/lNPkeiQE/a
                                                        MD5:AE618485532F3315D676CF4E2AC1289B
                                                        SHA1:128893093C0DCFCC337881A8709DF41998811D9D
                                                        SHA-256:66D858F52CF8AE913596359931C63864F039CD49C9167F16F8A68013802E640D
                                                        SHA-512:BDD75339F93CDE2ED320A7B1E77F7A76CDB115B881A57AF9A451367162B217C5FE6C04179C680A2F2680133FE71F37337FB976AB72E205E98675F21CC4BB5209
                                                        Malicious:false
                                                        Preview:2...>...........~........................................................................................................................................................................................?v......?vBd.K.................................?vBd.K.........?v...................................................?v..........................................................?vP..............................................................................5........m;.H....7.5N............g'..........~...cG.F..........N...^.............................................................................................................~...cG.F..................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000003.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.841066101558332
                                                        Encrypted:false
                                                        SSDEEP:48:fMSHVxz3Lfxyw0LiQ0XhBlkw0LpxHVCL7wEwLN6p:fMS1xjjxyLD0xgLlx1C4Ewp6
                                                        MD5:2A8DFEE5CCB63A460E16AA4CA907003D
                                                        SHA1:05C71DB005F3BB7122A9CB371F2B2F40B519A975
                                                        SHA-256:A3A8FD70DE1EB7231C487A9F3C27FC4D30EAD7BBCB23CB55D0A4FB7AF4BD8B7E
                                                        SHA-512:D66BC9F1B0401950807358007C7B628277B34A0B2553C66B67DDBBF054EC83E86FC9B212452BFA3F40E0171364FA627934DC7BDFCF6A7ECE1A49509161D0EA60
                                                        Malicious:false
                                                        Preview:j..@4...l.......X.......................................................................................................................................j..@4...........X...............................:.......:.. /..H..lr..}.1#Y.....1#YX.I.5.%)-...1#YX.I.5.%)-...1#Y...6n^...!)..M.....6..S../0C.:...R4H..S...........1#Y.....1#Y..................................................6.......6n^...!)..M...1#Y.....1#YX.I.5.%)-...2...^.......................,...:.....6...:.1#Y..U...s...S.......:..T.7..1#Y.....1#YX....1#Y..2..1#Y..o...U.T.N...s.T%t..*..T$.......:........S...c..,0...e...B4.$..........C@RQ.H..B......Y.....................M[......M[(.l!.?....E...U.......U..HJ.E..2.j.gU.U..HJ.E..2.j.gU.U..*....Z.G..p.wa.u*....s.L^#.G.=d8.=...s......>.................6n^...!)..M....S../0C.:...R4H..s.L^#.G.=d8.=........s........6..c..,0...e...B4.$...........I...M.....0...............................0...........e....4..................T.i.t.l.e.......|{....B.l...R......(....Y......(...D...L.e.c.t.u.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000004.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):4.746703246966562
                                                        Encrypted:false
                                                        SSDEEP:192:Xs367AhwBothbXe4nRiF3x5G+aPungLd690DMzV:cwuthTjnRiJn0dC0DM
                                                        MD5:1234A95F90D4F15B57ADA298F0E98F25
                                                        SHA1:591C0449556615194AA474FBAB073336152C7EA9
                                                        SHA-256:36C266C4F6A7A22421BA6FBD4DC7157069665113FB67B8A1D7A11164C7D574D6
                                                        SHA-512:0522A0E3AEF02F064705A9930694AA5B95009666203D02C62CB7A0A1007197F46F506297F8548F65F05BED1709E026FFD9EE99C60E0EF2211001AD968A7829A2
                                                        Malicious:false
                                                        Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ....4......F.kT..].........F.kT..]...........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................".L.?..J..V....N...^...............<r...J...................>...............................$....I.qk..B.....LZ................".L.?..J..V............".L.?..J..V........................................................................j.......T%;..............W.....H.........+.......S...............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....................:...k.....z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000005.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):40884
                                                        Entropy (8bit):7.545929039957292
                                                        Encrypted:false
                                                        SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                        MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                        SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                        SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                        SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):4.400547912384879
                                                        Encrypted:false
                                                        SSDEEP:192:fsklO2Ulq+1gHJKJgu8LKw7RmJ8UCFfuR5F6HgXkpvsRkn1Ju6NC679HoK7vT7sd:UklxB+kJKJt4KwEJDCFg5EKkxsRknju9
                                                        MD5:043786707ADCF5C5FA64083D501CB647
                                                        SHA1:E8D894F40590EFA097104499A0160D16297C8DE5
                                                        SHA-256:8594219BC51C53AAFB384DE5A2DC654639B660E94FDF6C973DB5D3DDB222DB61
                                                        SHA-512:447C2FBAEAFD83176572054A999908FFFF5263D86D74B73D9A85BA9225272DBDFE84C861A86A06330A47119DD715AD806B1F149E6C2F20876E5EF13B502CBB38
                                                        Malicious:false
                                                        Preview:2...>...........v........ ...)..2...>...B.......v.......@....(...........................................................................................................................................I.......I.qk..B.....LZ....H.......<.<.!...G.......<.<.!...G........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............l..Qm.6....j.1....N...^..................r..D.+"{................................................"....I.qk..B.....LZ..............l..Qm.6....j.1................................................................................................j.".....T................T............. .A............ ...........3...:...8.....z...y.. x.. ........ ..$...$........D..........7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.5........................Z4...........................................4../4......p.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                        Category:dropped
                                                        Size (bytes):24268
                                                        Entropy (8bit):6.946124661664625
                                                        Encrypted:false
                                                        SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                        MD5:3CD906D179F59DDFA112510C7E996351
                                                        SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                        SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                        SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):4.616686530304321
                                                        Encrypted:false
                                                        SSDEEP:192:3s81xkInBS/T42tSm4hjLuQrP4QsHOVx+DByXif7Rpcz1mZxmLhI19WMRcoN:881KOBS30mGjqQEQsHf9Mif7RplxUhIH
                                                        MD5:26A8988581EC569931C98FD0BD2D9370
                                                        SHA1:FF90F8A8E6B275A76DDF52FA2682F834EF716223
                                                        SHA-256:3046B50C60B0F00E12F03B55DAE08C9305D366C856A2A29DB3E4EEE611127728
                                                        SHA-512:2F203DE1F3A5CD89CECA6BFC136804E032CCB01D68720800F820E22A69BC5749F96B2AAACCB88AABA62F85D1798D711138A3AB1E618D62629B9E4A1E906DCA70
                                                        Malicious:false
                                                        Preview:2...>...6...z...v...N.... ..X,..2...>...........v.......@...H+...........................................................................................................................................I.......I.qk..B.....LZ.>|.N....>|...,.?.n."..F.>|...,.?.n."..F.>|..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............u]K.............N...^...............P>.p.e$H..uN..i............P....................................I.qk..B.....LZ..............u]K...........................................>|......>|......>|..........................................>|j.9...>|T.....>|......>|..s...>|H.....>|..0...>|..`.&.>|..........>|3.>|:.>|A.>|8.>|..z...y.. x.. ........ ..$...$...............7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.1................Z4...........................................4../4......p.........

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):39010
                                                        Entropy (8bit):7.362726513389497
                                                        Encrypted:false
                                                        SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                        MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                        SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                        SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                        SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000A.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):3.9660625176986475
                                                        Encrypted:false
                                                        SSDEEP:192:Q+sS9vptNCvq+noi+pcBRezt7EGGlp530Vk83wq0HOQYMUqlkzXffWAKT4N:4avPNTYoxpcBRexYp0VkWwq0uQvvIffN
                                                        MD5:CAAA480B50DAA1DE25A1A40104F984D8
                                                        SHA1:53E4CACA6B2D212B0D9C4AC22541F43D046DA7F1
                                                        SHA-256:2911566CA44FFF2F1AB0164A574055D61B78A398EDBF304F2550E3722F3EDDEB
                                                        SHA-512:16B2E61977D68701C8B229569E532F9D33EA884620D86D676FCB8F1344343E7D63779EE6F95A5620FA9012D89459B1B3391BA36F1382D42DB32FE888EC9012EE
                                                        Malicious:false
                                                        Preview:....>.......B...v.......0 ..x#......>...........v...^...@...h"...........................................................................................................................................I.......I.qk..B.....LZ..............D...[~.B........u.*<..3.~...........D...[~.B.......I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'.............r...=r...1Q...N|....N...^....................2F.]N...J.........b...8....................................I.qk..B.....LZ............r...=r...1Q...N|..........................................................................................................D...[~.B......8.........u.*<..3.~.2................................I..................................j.#.....T.G...............Q.....H...............$.7.................!.....z...,4. ............................"......$...7...............T.u.e.s.d.a.y.,. .J.u.l.y. .2.8.,.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000B.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):59707
                                                        Entropy (8bit):7.858445368171059
                                                        Encrypted:false
                                                        SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                        MD5:47ADB0DF6FDA756920225A099B722322
                                                        SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                        SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                        SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):3.8406994543386848
                                                        Encrypted:false
                                                        SSDEEP:192:gsKuWbawIRiKUb1GXFyRljdVuCDU0K9gfEjg/MGDe2Cp/2V5:FFb8KURYFyRliCtSgchG
                                                        MD5:A404F5EEA3F5A397069CFDB1124E5AAE
                                                        SHA1:86666701E90F8EFF0803F0B882731926A22C95D4
                                                        SHA-256:53A0EED94E58955CA09AA86C0CA39F8621CB7D3023F74A04CC1198D918A80AEE
                                                        SHA-512:32599B991EBBAC106119808D4F8D3DB867645922417E1EEA7CB3CF49EC42756CB6E2D718500F2F8230CD5229AA102AE68D0CA6AE511B25EFB007E19EF3E14090
                                                        Malicious:false
                                                        Preview:2...>...........v........ .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZ.1O.<....1OI uq.....v...1OI uq.....v...1O..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............@.&.R.C./.pU.. .....N...^...............l...V.eD..~ZU..............................................D....I.qk..B.....LZ............@.&.R.C./.pU.. ...................................1O......1O......1O..........................................1Oj.....1OT.T...1O......1O..|...1O..;...1O..h...1O......1O .W.....'.1O2.1O..z...,4. ...."......$>........4..p..7......S.u.m.m.a.r.y.........................1O3.1O8.1O..z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.9..............1O

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                        Category:dropped
                                                        Size (bytes):27862
                                                        Entropy (8bit):7.238903610770013
                                                        Encrypted:false
                                                        SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                        MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                        SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                        SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                        SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000E.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):5.412659850194684
                                                        Encrypted:false
                                                        SSDEEP:384:PFeVMt3JbX9FnGNahxg4XdIotcbvibnbMIWAOrYqV0sPuZ8MzDzhd7yrz8y/DVQI:X5XGNEgRjbpgW0uKGzXS
                                                        MD5:D63746770E45DBBDDA8254BAF706B015
                                                        SHA1:EC22895974FBFB26339D8AD6FAC76275E5ED7F90
                                                        SHA-256:80A948773EA08F37CB42721968BC8070181F8FA8638E298072F606805CBBAE1A
                                                        SHA-512:5814AA8F3A52D709231E869E9170FDBDD3552633919DDC474928CC7106801C32D6EF83AB4974D4A4B49D850B9F62AD05905C09AB4EF0719258AA7BD46CF10B8A
                                                        Malicious:false
                                                        Preview:...@....|...............8@..H ..pM.........@....,................K..H ..0L.................................................................................@....D................L..H ...L...............N.......N..;..D....].g)..............mH..z,......lh...!..4......l.Y=Z.*MU.9...d..:Y=Z.l......7j...W.@l..............K.......K..................................................N.T....k..T.x.....T#5..k..T.....%T%.....5T$.....KX......K..............0...........e....4.........................A..:4E.2..p1......(...`.i.....(...(...B.a.c.k.g.r.o.u.n.d. .-. .Y.e.l.l.o.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.1.9...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e...k.......k......O...l..^..%......%...DF...$].t.2...............P...........(....N...k...........%...+.5.................0...........e....4........................yf.....F.Q.........(...pO;.....(.......S.t.a.t.e.m.e.n.t...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.105903117947926
                                                        Encrypted:false
                                                        SSDEEP:96:UsDoibzkx7wDEEauiXH298TT4RL9Vei9i9zeii/Wcbi4i9l7iii:UsDPbzkx78RauiXH29IkRL9VZE9zed/b
                                                        MD5:A7E600951D5A2FE9B2CD4FA379EF76A6
                                                        SHA1:E1ED123A8570EE01FBB7F877D91C7D05050EC73A
                                                        SHA-256:D757484B1A6FE4F30294346A7C66FF1C1677373B7010EE06ED62FD2E2CCD2B85
                                                        SHA-512:8E1ACB9D85DB25E7A7540A18789C05AEF3C09FB1B531FC0504EDAD6747388858FDED89D79177F370E33323C552D3D986B2733A4FD754CF352C40717623995B4C
                                                        Malicious:false
                                                        Preview:2...>....... ...v....................................................?....?.............................................................................2...>.......|...v...H............................I.......I.qk..B.....LZ..........j...=.P.'.....j...=.P.'......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............>)}.qf...i ?6.......N...^................E|..b.N..=............f........................................I.qk..B.....LZ............>)}.qf...i ?6...........>)}.qf...i ?6.......................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.10915089760799
                                                        Encrypted:false
                                                        SSDEEP:48:kssAE7U8721tRtEEfmLXk9GhITo/rdqraIQ8CdXQDsNkjMYlMa:5sT21ZEEcXk9OIT2RyAsiulM
                                                        MD5:03814BC353B26376A173EC4C6F21E970
                                                        SHA1:29C7FF767D7F65BEF6E9AFEC57E9A77B2A4E4FB3
                                                        SHA-256:80F2A33AB13791E857DE594C06E87367109F00C9C2F72E03942FD4F61208BF9E
                                                        SHA-512:E4239D25EAFE3D58D3C59E0B31C6CCFB45642D44ABF05430E68ACB05CA26735AE72B56A6EF2C0253DF5995B2E39D602ABF3268357D0C3DBC303AA4614D1CE955
                                                        Malicious:false
                                                        Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ/......./...V...*.|..1Q./...V...*.|..1Q./....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................bG.....h...<....N...^...............g....wO...A)5.}........f........................................I.qk..B.....LZ................bG.....h...<............bG.....h...<........./......./......./.........................................../..j..../..T.]../......./....B../..H..../....B../....>.)/....J...................;........4...4...4.."............../.../.../....z...y.. x.. ...........$........4......7...7........................;........4...4...4........./......./......#/..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.079390889526473
                                                        Encrypted:false
                                                        SSDEEP:48:AQsXdlAFXqptiNoK4E3pOXA9YD/7cTobrd6rLIVSdXtC/+4pMg:FsKqpY+vE3YXA9YDjcTqRin/uM
                                                        MD5:CC4743C95FB03682A36F350B6B6FCA79
                                                        SHA1:ADAB1B3B28FCC134BBFA1CFFEFB2ED54D7008CF4
                                                        SHA-256:EB62E64201BFD7B63DCB29ED04AFDBA02665651354769FB0BAB526ABF502ED8E
                                                        SHA-512:AE70618987BD95919491B20AD28DA1F4EEAD93975606B7728D0084655C3394C5F6F3F023406C93F2AC6932FBDFDD45AE3B17000832BD5DD077FCDC2BD492B70A
                                                        Malicious:false
                                                        Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ..Q.......Q.y......I<.....Q.y......I<.....Q..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............Q.#.t9..8*.^......N...^....................*A....HoTz........f........................................I.qk..B.....LZ............Q.#.t9..8*.^..........Q.#.t9..8*.^.............Q.......Q.......Q...........................................Qj......QT.]....Q.......Q..B....QH......Q..B....Q..>.)..Q..J...................;........4...4...4.."................Q...Q...Q..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........Q.......Q....#..Q............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000I.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.051033163539858
                                                        Encrypted:false
                                                        SSDEEP:96:qGsS/1EiOQNWOEnXc9UaTwRrEfWNu7i74:xsS/1ZOQ+nXc9UaERrEfWNwi
                                                        MD5:541ACCA11C914132695E016B508F4246
                                                        SHA1:C7C6AEC6605E4E9E820E422BE16EB8C0784E377B
                                                        SHA-256:B6E2FAA1108D8A7A643CEDC04B3F01FE27655543D164CC645AA6F474F8F42F75
                                                        SHA-512:AEF9C5939AF7A95EED4BF27F7E6AD3D6FF6B34F22D812C04F774111039A39C25270B65E1CD25AAA66402F26F644B9B0AC5B979E0DA2B45CDBD171300B95CA45F
                                                        Malicious:false
                                                        Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ..........v.h.5.L..C.....v.h.5.L..C......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............v..-..a.x.GdP....N...^..................LB..J..u....(........f........................................I.qk..B.....LZ..............v..-..a.x.GdP..........v..-..a.x.GdP....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.06904370228519
                                                        Encrypted:false
                                                        SSDEEP:48:NshC6rfJJtAo7qcEHhUXQ9D4TTo+rdqruOhIfdXVdZe7yJwg:Ns9rfJJqo7bEHiXQ9UTT/RyuOC+mw
                                                        MD5:8E37831C70BF51778434D2B166EEEF61
                                                        SHA1:3AF58B9A6B5D86C07EA8F40199621AEAEEEF4649
                                                        SHA-256:2E718C184063E204FF2B10886F4A4E75E51EDE7DD62DEA015CB552F3AE7002B0
                                                        SHA-512:86CB9C393F7FB741C2C585D4F2C8CC0D71B6F87EC45FE407B8D721CEC2CFFC7A800932B0378FB21D9A56A69D5B057A76AD1FAB290DCDE18E54BD50C43E0A6A02
                                                        Malicious:false
                                                        Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ0.......0..>...&r.....Y0..>...&r.....Y0....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............6...../Qd..?.S....N...^................CcS..#M..o.............f........................................I.qk..B.....LZ.............6...../Qd..?.S.........6...../Qd..?.S.........0.......0.......0...........................................0..j....0..T.]..0.......0....B..0..H....0....B..0....>.)0....J...................;........4...4...4.."..............0...0...0....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........0.......0......#0..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000K.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.072373213545486
                                                        Encrypted:false
                                                        SSDEEP:96:6sTNtgDgSoS87qECXs9GYNTJRPd3N2NYQN8NLN2N0eN5N:6swgXtLCXs9GYNtRPd
                                                        MD5:BC8610BC541E9089484E3220C76DEC28
                                                        SHA1:63ED65687F0992163054124A0ECCBA5415FE00FB
                                                        SHA-256:6489CFEC97F2D8E6F3594A730442F725D080702C7F155531641E157B36D05BE9
                                                        SHA-512:21C96279B335DB5654FD2FA2A958524BCFE944184455016D465018FF7C7D7ED3BA1D67A6A63DE7E8ED5BFBD1872CDAA6CC4C1ACFEBF24152A224F1B008E5653F
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZSw'.....Sw'..A_..T.*.5.qSw'..A_..T.*.5.qSw'..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............SK.'...>'....5....N...^..................!..H...~>.?c........f........................................I.qk..B.....LZ.............SK.'...>'....5.........SK.'...>'....5.........Sw'.....Sw'.....Sw'.........................................Sw'j....Sw'T.]..Sw'.....Sw'..B..Sw'H....Sw'..B..Sw'..>.)Sw'..J...................;........4...4...4.."..............Sw'.Sw'.Sw'..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........Sw'.....Sw'....#Sw'............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000L.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.0791803993377656
                                                        Encrypted:false
                                                        SSDEEP:48:Yy4seqbfHy3ydzEteWEYwSXc9M+ATonrdmrjIMdXcOwLReuG1wZRz/:es63CzELEYXXc9M+ATSR2HE
                                                        MD5:BCC872BFBC08213790296F1F777AFEFD
                                                        SHA1:B2AA084E308ADFBC070A5B3FEE1BF512C7D9CDD9
                                                        SHA-256:FF63B093A6C7ED680CCEB1196161BD1F844FAA4433C01154CCE0511F4C365BE6
                                                        SHA-512:5AA06E90E55B0D9DBE11657E59F9DC3CB1C8B1B3368F7B5B52CF47D2083D60B176F1AFA4CA598ADF009FC6509755F701C63E66CDDAA598B15C7EEB5FA4126386
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ............52.+.5e..|....52.+.5e..|.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............a.V.|`R....F..#.....N...^................-p.B7.I...'...9........f........................................I.qk..B.....LZ............a.V.|`R....F..#.........a.V.|`R....F..#.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.099829822769758
                                                        Encrypted:false
                                                        SSDEEP:48:Y9sa89Rw5xD6t2ZsEn6r1Xu/9GqLjJToYrdvlxrIIVdX7xRe+pF:OsI5xD6bEYXu/9phTZRHnUi
                                                        MD5:2BFDBBF25990103AC2D731E32B74C044
                                                        SHA1:B8E70C5A9333E033594518FF832120CD5419C98D
                                                        SHA-256:B3D3FA78684EE6D51C0A72F3B38E27C91461707592782B769B8846B6738E927D
                                                        SHA-512:74CBAD18DF4C9B55829AE70033BF6FD7A06EDAF96B02FC8C5C0FCBC6FE2FDE25D2C4EA479A9A84AB8BA19B4FCCA1F0EC420B632BF3263F717BB77AA8B0FBD7FA
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ................)...6..........)...6.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............uQ......%....zE.....N...^.................V..C.(1...Z........f........................................I.qk..B.....LZ............uQ......%....zE.........uQ......%....zE.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.082720714333792
                                                        Encrypted:false
                                                        SSDEEP:48:YeCC2sEcrpCx8OXFRtEtmEXgZUXo9lUqP1ToUrdPrSmIlvdX3tRESppF:OsmxzXjTEXg6Xo9l/NTFRjoLp
                                                        MD5:B02163F21A0B245AAD9DD1C7EB1B3215
                                                        SHA1:7522E34FA4E7EC7EA80AC3D0A23DA663C808C78F
                                                        SHA-256:6860F9373EA0E9223CC506A69C08B2CD2CF5A3EC801F506BE57648E5520E72E1
                                                        SHA-512:D88EB7612A196349F29BB344ED66626ACE50E82742CD2D81B6D7B4ADE3B36DA3D44712D6DA8CE6C654EA898DC70C0581689F6EC64BAA68300B49F2E0466DC5C8
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZl0......l0.......2[.c%.l0.......2[.c%.l0...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............W....4...N\......N...^................>.'.7.H..r*$.n.........f........................................I.qk..B.....LZ..............W....4...N\............W....4...N\...........l0......l0......l0..........................................l0.j....l0.T.]..l0......l0..B..l0.H....l0...B..l0...>.)l0...J...................;........4...4...4.."..............l0..l0..l0...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........l0......l0.....#l0.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.100251642131259
                                                        Encrypted:false
                                                        SSDEEP:48:Yxs55Xrnqu5XB5X09rp2tftOGE8WXro997ToqrdQr2IA2dX/pb4GR55XB5X4XJrW:6s7NtfDEXXk997TPRIPlN4LMD4+y5
                                                        MD5:1F84346EED37C1BD8BB7CAC049F1B5E8
                                                        SHA1:C179BF97136107CFF9A8DB6F3A3CCD6159CAEF86
                                                        SHA-256:C07CB554877182F672565336253259A2ABA5AADCB755A2591043A65B692098C3
                                                        SHA-512:CB17B65148EDE2A3B7B0DB54D2473B2A643F4404C6C33AEB0A223EDCE4512D7F3EB6AE5C1EE1A281E18E9339F154404C241C4966882B1E0A5D9D193969511593
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ................3._.............3._..........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............u.I.../QCv..}.....N...^...............+Z..q.cG.X.m..Z.........f........................................I.qk..B.....LZ..............u.I.../QCv..}...........u.I.../QCv..}.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.071259685194758
                                                        Encrypted:false
                                                        SSDEEP:96:ys28chq+fEfJXI9qkgaT/RfZFOU93Oo6J:ys28chAhXI9RDbRfZFOU93OFJ
                                                        MD5:157B3E9B2E4421F9063C8DF72C23C8E0
                                                        SHA1:5441FEB77FFF3C837B89498FAD05EA88A21431C8
                                                        SHA-256:768A4E4FCED3626FA94C51C5D00C4341F75B0DA7497BE9C4D3E0AF608B3AC955
                                                        SHA-512:4D2C6B3BEB9418D29158D9F17B8E2A483B9039D4B98B326F56AF83AB5AEC0015515F97B94563DEBDE671208D808571364CB78CF103A4F28512EFF7B55B502C76
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ:@%.....:@%6..l.&..o3;.t:@%6..l.&..o3;.t:@%..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............a<....=8../-....N...^...................2.cL.s...|W.........f........................................I.qk..B.....LZ..............a<....=8../-..........a<....=8../-.........:@%.....:@%.....:@%.........................................:@%j....:@%T.]..:@%.....:@%..B..:@%H....:@%..B..:@%..>.):@%..J...................;........4...4...4.."..............:@%.:@%.:@%..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........:@%.....:@%....#:@%............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.07982268814633
                                                        Encrypted:false
                                                        SSDEEP:48:YHxsQNEgfNuqwytGPImaEFnMXs9jE6NTocrd2trAISSdXnYGRr+QPV:ysWuqwyYINEFMXs9JNTJReQSFP
                                                        MD5:43F4096639BD32BEBAD786D5F9EDCF31
                                                        SHA1:B492859388B0FFACA1AB43D784182882ED7D1AE1
                                                        SHA-256:EE5C12FE239989FC76FA12223514100A9C741C143A381136D6611A4428154365
                                                        SHA-512:52905EFD29461DCF44F24C87FCA80581E7D147941A6A94012970A6AEAE606E2F8E84292E9B4B00B37199B56F193E02E380FCEA56F5D3841FCED581D446222F85
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ............l....z&..x$....l....z&..x$.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............l;.K...,...2.s\....N...^.................~H.P.K.&.............f........................................I.qk..B.....LZ.............l;.K...,...2.s\.........l;.K...,...2.s\........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.080036265652111
                                                        Encrypted:false
                                                        SSDEEP:48:9zsyuMZR2tEwtoEtqgXwGg9lcXDTo+rdfokrZIfdXhixlkGh+AxAN6ta:9zsoR2ZoEXXwh9lcXDTfRfHu2W4
                                                        MD5:17B4D5032E36C27F7D58AF815EBF3186
                                                        SHA1:C86F8F7CF964385CDEB925CFA39FA4FE63B9D09C
                                                        SHA-256:7B8FAD544F8655679C6D93EC57D70BC121FE5494C90AA741FCBA93B9261CA38A
                                                        SHA-512:ECF72C89407C92537E0603228993ECC2EDA3BF5AED92F223760FF90079AA12A43615C0CCB083B23500D8E03322539FC0FB2B77E0F296D71BF0032BE26620C7EE
                                                        Malicious:false
                                                        Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZlo......lo...z.....7..x.lo...z.....7..x.lo...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............T...$......../J....N...^...............5.M....E.O...E.........f........................................I.qk..B.....LZ............T...$......../J........T...$......../J.........lo......lo......lo..........................................lo.j....lo.T.]..lo......lo...B..lo.H....lo...B..lo...>.)lo...J...................;........4...4...4.."..............lo..lo..lo...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........lo......lo.....#lo.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.076309798578333
                                                        Encrypted:false
                                                        SSDEEP:48:0qs8PwAEnqQjtnZtMEno3RsX5ds9Dq/2ToJrdlrKICdXmd8kFqeHXUa:FsuQjJMEusX5ds9+2TARpGzWE
                                                        MD5:7CBBB6F9087A7401A95194CBD6FBB944
                                                        SHA1:B7466A1D42F2AC0531F609D46CF69150A5EF8D64
                                                        SHA-256:B611B88BEA8B42301281D6ECACD4C7DC9B5E6F4B9560F30AB6F1C204F219E84A
                                                        SHA-512:2DD49715D371E6E6846C910CE5A1158BA5F214E4BCB911D90BF87FC376726A0B045912F8266A5AD4E922A11E036E526747C6C1A1E074452335A83B38CC4BB00C
                                                        Malicious:false
                                                        Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ..f.......f.w.w...<1..q...f.w.w...<1..q...f..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............K.u....&....Q....N...^...............h.j....F.....k{.........f........................................I.qk..B.....LZ............K.u....&....Q........K.u....&....Q...........f.......f.......f...........................................fj......fT.]....f.......f..B....fH......f..B....f..>.)..f..J...................;........4...4...4.."................f...f...f..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........f.......f....#..f............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000T.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.0916924563671815
                                                        Encrypted:false
                                                        SSDEEP:48:20sXl/1qiTmtY8tMEdLX0p9iMkToYrddrvIFdXO0ekH/Aa:20s3qiTmdMERXw9iMkTxRRCUqA
                                                        MD5:2FB9BC4C422FEA5C7C60F94C7F8C44F8
                                                        SHA1:DDB5B93D9BD921AF6E6FA315606177F389166512
                                                        SHA-256:6473EDF86F9D87F707CF02F16AFD60FAB72BCF31D6CC9B49B27AA262E46384DA
                                                        SHA-512:9948583D636DD74E06F9AEFE6A4893211049A5E1E0688A7699A5714F026F11E54EFAD3C2FE2E99AB02A4820071B8EDB5EB81024E18FA853334FB66707D93F983
                                                        Malicious:false
                                                        Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ.(r......(r..;..=..1..v..(r..;..=..1..v..(r..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............u.v.g.U.&.R..+H)....N...^...............[..).`.L.0.q.PSR........f........................................I.qk..B.....LZ............u.v.g.U.&.R..+H)........u.v.g.U.&.R..+H)..........(r......(r......(r..........................................(rj.....(rT.]...(r......(r..B...(rH.....(r..B...(r..>.).(r..J...................;........4...4...4.."...............(r..(r..(r..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........(r......(r....#.(r............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.1352686004047525
                                                        Encrypted:false
                                                        SSDEEP:48:90sWvTMUA10ts8YEtkXc92x6F0ToBrdjr6IWdXGrzy+pig:90sXUA10ihE+Xc92gaTERvi4
                                                        MD5:597F86EE1CF7D4FFC9B2CE67A8A6FFDA
                                                        SHA1:39FF7A61C34222F7927BD3A8AE531B392D0688FE
                                                        SHA-256:3D3CAD9CE88C50DC086D03D8122180615DAF342E0CD2E69B4809AC290F7E53D7
                                                        SHA-512:627163719C7543EBAB3603D1859C441220BB81E6B7E5624468CC9672B426C31094AEC4162DE76B9452168D201818E8AC2BB9049933CB77E8441329F72CA2D269
                                                        Malicious:false
                                                        Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ.&|......&|.....%........&|.....%........&|..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............?......#YP.g[.]....N...^.....................F...2...v........f........................................I.qk..B.....LZ.............?......#YP.g[.].........?......#YP.g[.]..........&|......&|......&|..........................................&|j.....&|T.]...&|......&|..B...&|H.....&|..B...&|..>.).&|..J...................;........4...4...4.."...............&|..&|..&|..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........&|......&|....#.&|............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.173977396709758
                                                        Encrypted:false
                                                        SSDEEP:96:FW5sSLDe/YmdSEPQXE9WTXRIOjaXqxarnH:+sKDe5ZYXE9WjRIOjaXqxaDH
                                                        MD5:A4EAB37F81D089E00691DB9A37B73DD1
                                                        SHA1:09C6F3418AEE77A1528545B14650E9A3294C0CA5
                                                        SHA-256:AFAB3C05DA23178133C82A05C0A574208562738B8E79FF9068791503088DEF41
                                                        SHA-512:FA5F444E54C60BADCD6B015ECB8E77A886018515BABA679DE55B494CFFB564BB890EB9453AA263ED838B045CD3DF76CE7734CC3C4A1E457E1FE8C111FC602DF4
                                                        Malicious:false
                                                        Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ9X+.....9X+?\;.....}....9X+?\;.....}....9X+..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'....................$n..L.Z.....N...^..............."u...N.M......g[........f........................................I.qk..B.....LZ...................$n..L.Z................$n..L.Z..........9X+.....9X+.....9X+.........................................9X+j....9X+T.]..9X+.....9X+..B..9X+H....9X+..B..9X+..>.)9X+..J...................;........4...4...4.."..............9X+.9X+.9X+..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........9X+.....9X+....#9X+............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.128826681978425
                                                        Encrypted:false
                                                        SSDEEP:48:dsjnJieyH0UfD+tsDKEBAC+r2Xs9F6axJTo2JrdSrgITFdXckakwdEkJB:dsfkfD+NEBA7aXs93THJRKf6F
                                                        MD5:3269FD5C9726AAD4CBEB17E04F322F50
                                                        SHA1:7D0DF65A8DFA886E44EE6E7827A311B53EFA0ACE
                                                        SHA-256:6A0D7126DE1798082A9EB73F884717DC3EF014C8CF40497A125960AD59B458E6
                                                        SHA-512:15714C56E5BE7AD7483B812A950425A497B89E4517EE26316237AA7043A0A58F7184EFDF04A8569980F5CEEF65066FD40C33C7D9FB6C4A9F1E9D9D50576E8B92
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.........../n...>..N.C.../n...>..N.C.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................ruy..!...N".L....N...^...............<g..*..D.,..............f........................................I.qk..B.....LZ...............ruy..!...N".L...........ruy..!...N".L........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.138051296918725
                                                        Encrypted:false
                                                        SSDEEP:48:W8sA9PBhX4YZoC3jtA+E7CWTX09LuToLrdSrSIlSdXMSYhX4FSYpLp5:W8s6NZoqj9E75X096TqRKESG
                                                        MD5:6A41C5D0F6D4DC2C229861DFF9EA4C02
                                                        SHA1:0CE3BA66E8F10778279CDF811F5AD0B0D0BA4F71
                                                        SHA-256:D1102208B4A5572595FA070478FEA21128429D6C13F5D47FEE944587CE8500E7
                                                        SHA-512:39D39C7BB23C97DBB6B670521403A8223C6694F1E7932C34A1DE0FC0B2AA1E95C577349501B8AD1809E67B888F837821B452E48FC4D9D061A7D85ED0405A2549
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ_.I....._.IsW.....l.$2Wo_.IsW.....l.$2Wo_.I..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............wr..;Q......k......N...^..................KI.QE.O..............f........................................I.qk..B.....LZ............wr..;Q......k..........wr..;Q......k..........._.I....._.I....._.I........................................._.Ij...._.IT.].._.I....._.I..B.._.IH...._.I..B.._.I..>.)_.I..J...................;........4...4...4..".............._.I._.I._.I..z...y.. x.. ...........$........4......7...7........................;........4...4...4........._.I....._.I....#_.I............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.1316116955569
                                                        Encrypted:false
                                                        SSDEEP:48:xs+YHaPVU3YptfUOEEC/tX091E/2sTo5rdSr+QIKdXO7U5WVK4DWSkrbDKdq:xs+/VU3YpxEEIX09IzToRK+00VKXSkj
                                                        MD5:2308F0EB44ED4B25151BBE2022A96E69
                                                        SHA1:F2DCB2F34CBA7BCF7405482AE13956DB05EA0A4C
                                                        SHA-256:C11C6D0C309D26F0AC779E073C12458380E9C1592C5B2C2E454765EE03B3505B
                                                        SHA-512:08EBC52727131972290F79E21D7F08B4E075E158F28550352571B889FD1AA4B8B6DEE4CDF865B7DF7A8F5329216D8FB71182EA8146C6423A06C8756E7552D948
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZa.Y.....a.Y..(.."..".U..a.Y..(.."..".U..a.Y..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............f..-....?.N.R5.$....N...^................Y...q.H..i....$........f........................................I.qk..B.....LZ............f..-....?.N.R5.$........f..-....?.N.R5.$.........a.Y.....a.Y.....a.Y.........................................a.Yj....a.YT.]..a.Y.....a.Y..B..a.YH....a.Y..B..a.Y..>.)a.Y..J...................;........4...4...4.."..............a.Y.a.Y.a.Y..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........a.Y.....a.Y....#a.Y............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.1154769360714765
                                                        Encrypted:false
                                                        SSDEEP:96:K5as/RvSwsp5E2aGLXBGL96HTsRKyZvyJqoQ:9sXs0HGLXBGL98IRKy
                                                        MD5:7F17625C237A1EF7A178E74878E99C4C
                                                        SHA1:012F49E9A71781CE08CE49A0FD764C6EAC8F7E4E
                                                        SHA-256:043F7A18403AECA14C6359EAE353FA2C0256340A02465EE784E75325BCF395EA
                                                        SHA-512:885D9AF22A1ABADD49CBF5AD91096D8DAB51874D09A032083447F640CEFE226271D9EE0B04E80152E837B0E9050AB7EDD4507F46A2A8280B073D4B780F65A3DF
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.........0C......7#.::..0C......7#.::....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............&.R,....i..M>......N...^...................z&J....}# ........f........................................I.qk..B.....LZ............&.R,....i..M>..........&.R,....i..M>......................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.121742270857397
                                                        Encrypted:false
                                                        SSDEEP:48:zIoslwJA5iitQZduEG9CCZrXs9kAVfOTo7rdSrpLI4dXcm0qt:Nsx5iiegEibXs97mTyRKpfz
                                                        MD5:A7140B857DD152B98832046ECBB75BB8
                                                        SHA1:6CB270B34A4619680D7DDE0D765C63FAEA38C014
                                                        SHA-256:606B292A3F695E68294A8C4D774F724657EC3B95F5D4CDAE457CF7DDA6DCF893
                                                        SHA-512:BEE7F9C29F80738175F4D9393FBDF573E74067EFB40104E6D809C62C6EC250DFDE4C765FC8C12FD077559FE305D0FAE7AAD7C427614FF9953AB745CDCB5AB882
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................4.......4.t.+....f..r<.I.......I.qk..B.....LZ.4.t.+....f..r<.4...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$.'..T..b.D..!.....N...^.....................A.T+..u.<........f........................................I.qk..B.....LZ............$.'..T..b.D..!.........$.'..T..b.D..!...........4.......4.......4...........................................4.j.....4.T.]...4.......4...B...4.H.....4...B...4...>.).4...J...................;........4...4...4.."...............4...4...4...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........4.......4.....#.4.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.082768906106452
                                                        Encrypted:false
                                                        SSDEEP:48:9sJcQ1t5tIeEnpDCZPCXg97jEOTocJrdSrRITdXpkLI+F:9sj1t5tE1BXg90OTjRKuEv
                                                        MD5:7E288DE4DDB2A05F5064705A738FF8CC
                                                        SHA1:A1F6751C3E5C2620563A3185DD61C669C23079D5
                                                        SHA-256:FC8F47FB8854CC9547327A8227ED91037618E7F4278CC95C40AF42DFB675FCFF
                                                        SHA-512:D794D2FB530094BF46B981672F56164601FC7CF81F4CCA8DC00B73117E7FCE258EBD194C395489A48CB7E87189E882A9117A2DC5FE5D258E931C760526182162
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZu.v.....u.v.".4...?...n`u.v.".4...?...n`u.v..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............!.u...2...*.8....N...^.................Z.$..H...S..U.........f........................................I.qk..B.....LZ..............!.u...2...*.8..........!.u...2...*.8.........u.v.....u.v.....u.v.........................................u.vj....u.vT.]..u.v.....u.v..B..u.vH....u.v..B..u.v..>.)u.v..J...................;........4...4...4.."..............u.v.u.v.u.v..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........u.v.....u.v....#u.v............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.1186073962004
                                                        Encrypted:false
                                                        SSDEEP:96:Ussde8qAx+8SVEmnXAh9FTrjRKeyQ5u0q5khQ:UssvhBnYXAh9F/jRKey
                                                        MD5:A35B580DB94059BA1A688139B3B6AA21
                                                        SHA1:A970E90659A555E2181C322613F0E2BB375D81E8
                                                        SHA-256:77FA2141131E88DB2FB5128C8C076715C79DF06CD28470DA665E28B9CDB82EA2
                                                        SHA-512:81BB82AADA2D947AF86B8E0D7CBF821FFB19E004A49F58118CE6E4448C8A557B5CE5BBD4241DEA6219C4C7461842E2898D9728AAC3BE28C665D169C40537A80F
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZh.......h...y......z3..|h...y......z3..|h....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............8.....1T..u.......N...^...................h.O.a...k.........f........................................I.qk..B.....LZ............8.....1T..u...........8.....1T..u............h.......h.......h...........................................h..j....h..T.]..h.......h....B..h..H....h....B..h....>.)h....J...................;........4...4...4.."..............h...h...h....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........h.......h......#h..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000017.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.067338471295359
                                                        Encrypted:false
                                                        SSDEEP:96:KP0swOwIOzOUfYC+FVElCnXJa9L3TMRKmiTWIOzOXUOdOMOuO7D:M0syTl+MOXJa9L34RKmiim
                                                        MD5:CFDB84ADE94E69A631846DE2BA9A25F0
                                                        SHA1:8B6B9DF17C9A9112AECB3AF91330C4CA56E3A1EA
                                                        SHA-256:91D0BAB2FF8F223361575E9C7A40C6AC072E3457067C78AE17581F723189F30E
                                                        SHA-512:B1CF67E3F8B7BC408A2744A892F579402068DC6552300FFDD20234B4474F3ADDC300623B6A22D06387C7E45EA87C518718A77535FC3BA1559FB5F9746F4B6538
                                                        Malicious:false
                                                        Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ............&b...r.`]..1....&b...r.`]..1.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............({...h1..iua..X.....N...^...............gN...kD..x. ..`........f........................................I.qk..B.....LZ............({...h1..iua..X.........({...h1..iua..X.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.151220447168825
                                                        Encrypted:false
                                                        SSDEEP:48:K0sPhXyNrVuFHKtVo3sE6tiC+GicX7c9SRToRsrdSrvILdXJFy80Qpf3Z7SNry4Z:K0sArVuFHKHksE6c7bcX7c9OTLRKAd8
                                                        MD5:63F4611758F3A97107A1F0BAE70B808F
                                                        SHA1:11553FC1813257F70C3E41356B0CD56B4B475BF5
                                                        SHA-256:1CDA4499E06F8AE41111692B1ECE3E1A15243F734F985B8E9F2875EA946CEA60
                                                        SHA-512:5660CBDA5B0D8DA0B40DD602DE7723081C0C8DE424E091ADFE5315328561D617D00D5B6802F532F8BD5191A21F921F4057764DF57EC761F0FC8C4A3151749A9B
                                                        Malicious:false
                                                        Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZZ.......Z..^.9..$p.,E...Z..^.9..$p.,E...Z....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............R..v.N...KfFR.K.....N...^.................K.N.W.Q?<..........f........................................I.qk..B.....LZ............R..v.N...KfFR.K.........R..v.N...KfFR.K..........Z.......Z.......Z...........................................Z..j....Z..T.]..Z.......Z....B..Z..H....Z....B..Z....>.)Z....J...................;........4...4...4.."..............Z...Z...Z....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........Z.......Z......#Z..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000019.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.103479415983316
                                                        Encrypted:false
                                                        SSDEEP:48:QPsuCrW7IN06iJt9Z+EIWCCYyXA59deSTozrdSryIB6dX4DdMmF:QPsusNniJ38EPJXo9dpTyRKsQ
                                                        MD5:F1BB23E94B37F8EA805FB343E0057363
                                                        SHA1:8CCE7C5B371E2F410A595CBB5D161B0DE9F9148D
                                                        SHA-256:3CB2F9D073DA44A5298E0FDEFF0D6E8A697AA60427C902C9D8BCBBC09A06C996
                                                        SHA-512:CC0562BDB5A66D870AF183E35DBE0D9CB7D085B4CA851298B3855AEB59CBED3AC210C025CDDBAC73E50C611C8EC1DF94CF8F59234550242227009730F12F5481
                                                        Malicious:false
                                                        Preview:2...>...........v..."...................................................................................................................................2...>...........v...V............................I.......I.qk..B.....LZ.;.......;...).....P..s.;...).....P..s.;...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................R.....0.9J.......N...^................@.....L..n7@...........f........................................I.qk..B.....LZ...............R.....0.9J..............R.....0.9J.............;.......;.......;...........................................;.j.....;.T.]...;.......;...B...;.H.....;...B...;...>.).;...J...................;........4...4...4.."...............;...;...;...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........;.......;.....#.;.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001A.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.151871961050993
                                                        Encrypted:false
                                                        SSDEEP:48:tsemG+xV/R9gtqyyyEVC/NXo9FvhrTogrdSriIBdX3mhcIsuM8:tsBV/bgNEV4Xo9FlTVRK1m
                                                        MD5:A40380FFA70406086F711CCC29F9B333
                                                        SHA1:A6CF9BBC6BC6167119F8A45BB7A2AC50FC8FF6CD
                                                        SHA-256:EFE35402B525D61460CF94C841881978D45F3416BB5D5971576715BCCA70E796
                                                        SHA-512:485E618D0196A61D02FDDF6D91596D253834650180B9F0C65F5265A8E7DACE5A6BBEF9C03C4BCD756C45CFD69BC304398E4BCDC2FACED88B0F47C45A38382B98
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...........^I...7dM..g.M...^I...7dM..g.M.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............]./.o...Y..~..C....N...^.....................F...L..X.........f........................................I.qk..B.....LZ.............]./.o...Y..~..C.........]./.o...Y..~..C........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001B.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.128401568772349
                                                        Encrypted:false
                                                        SSDEEP:48:79sl8k/9VGtZ61AoInEsWCjtAXI9X5To6rdSrnhIjdXRBI8rOaG:79sb/9VGG1A3nEsWM6XI9JTTRK28a
                                                        MD5:6C6C01D6EB2D49CADA946DC67C88E51D
                                                        SHA1:6EB0954C7F8201790B98D66BD9D4662127E95447
                                                        SHA-256:06CCBE4AC36A33F37603C6B3F911EA7111A04CFAE344801B5F03483C694973C3
                                                        SHA-512:DA970EA4741DABFC524A6B84784ECCB0008CA9352E589D493AE69B6D351BE1065F5D9D4669854DDE930BB050685932A717C1AC1EBF526A93B68C2F718A04CE40
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZDL[.....DL[.%..../......DL[.%..../......DL[..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............:.......y.~...&....N...^................38...?H../.9Y..........f........................................I.qk..B.....LZ.............:.......y.~...&.........:.......y.~...&.........DL[.....DL[.....DL[.........................................DL[j....DL[T.]..DL[.....DL[..B..DL[H....DL[..B..DL[..>.)DL[..J...................;........4...4...4.."..............DL[.DL[.DL[..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........DL[.....DL[....#DL[............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001C.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.1395771087440325
                                                        Encrypted:false
                                                        SSDEEP:96:PD9sjgXBKF5ER3ciXY9z2TqRKMDXCkaYz:JsAKYxrXY9z2mRKM
                                                        MD5:639FCD7EC099B1A1038457BAE9799BB4
                                                        SHA1:8DE1B542F0AF57F14BA28DC231F92B7FCE5CEF07
                                                        SHA-256:6881B428C2EAC87543A31208D59BE4C38B6D152273ACABF437C80809DDFFA85A
                                                        SHA-512:90FDA8334DD610F73C2213BF91B54A12272542BB35B92931E504F980C8DAF147EC446F28BE6D8DE043DDF36E57EE1FEF792080F6358E127B828E24E01EA86D63
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.........:.........H/...:.........H/.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............i.>.h.)V..B......N...^.................E54.0A...5............f........................................I.qk..B.....LZ.............i.>.h.)V..B...........i.>.h.)V..B......................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001D.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.13298518869488
                                                        Encrypted:false
                                                        SSDEEP:48:eUslNK2yC3wr0t9+6bENAIWCp2hxXs9dZQTotrdSrswIWdXIpq9yCW9OfUynp:ZsWsw43ZbENA1s2nXs9wTgRKswur23
                                                        MD5:ACFE67EF3C1FC877D78037060728BCA2
                                                        SHA1:4F9A5CCD67BD0354C8B437F219757DD3821634B0
                                                        SHA-256:D828A16A99ECE3446E90BCDC3194BDC865B43EFA9A2BDF8796C7D945F6EE0A0E
                                                        SHA-512:80F3EC1AEF427F36D4DC683ADA120FB3F77FDA1384E09D3AC419E66B9E85FAFD2CC8680FCFCC15C01CE0076C07CBB46C8F8BE5B651856AF0EA90895259F9D1C9
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...........W....$/m|...#...W....$/m|...#.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............\..w......^..|`....N...^...............V....NjG...R.G ........f........................................I.qk..B.....LZ............\..w......^..|`........\..w......^..|`........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001E.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.12465237398745
                                                        Encrypted:false
                                                        SSDEEP:48:KT0sRHLyCdedRIOctjeAEyrCQSXc59szMciTozrdSrNIIdXEd0Q2dyZ5I14mZ:KAsmcOcNEyrCXo9AMDTeRK9p
                                                        MD5:C2E81F6B0C80955C8E987538BA4524A0
                                                        SHA1:74CE23FC59DB5E86A337274E620CB6680DD66061
                                                        SHA-256:B0F2917581FEACA7477ACC46BAC2B010D86AA338C7662019F90C7166CFD03228
                                                        SHA-512:CFB9670160575591A244AE467533F61BE95AB23E118B97DF4D6325BDB5A0BA95521D2A13E2288B0FC0B456C375BF04DECB21F909EE9EC366422743E0CCFD6EE3
                                                        Malicious:false
                                                        Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ..............@...F.."........@...F..".......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............@k..0.'....cT!....N...^...............".,...J.M..w9.?........f........................................I.qk..B.....LZ..............@k..0.'....cT!..........@k..0.'....cT!........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001F.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.157357352910793
                                                        Encrypted:false
                                                        SSDEEP:96:8qsgNNom9aEX5XO9JqCdTGRK9RzNUnMDOr9:zsZmFJXO9BdqRK9R
                                                        MD5:405F6AF464E9C568CB3ABB7ABB398077
                                                        SHA1:BA6D3A5A4C686E6D28DF6929353A4DAAE7F856B4
                                                        SHA-256:DEF272BFC8129A08FF77EBB30F089F9523711646DDBE015A09D657EA5AFAD1B9
                                                        SHA-512:E0B7CB0426FDC7CD3DD46FD5B90642FF4FDF0038BB51379AE658A08AA998810B263888BBA1CEF4CA31E415ABFA9277548F1957301D952E5282AEF440D886A00F
                                                        Malicious:false
                                                        Preview:2...>.......(...v.......................................................................................................................................2...>...........v...P............................I.......I.qk..B.....LZ{.+.....{.+|.]3...+$.$.){.+|.]3...+$.$.){.+..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................@..?....;.f....N...^................M.....M..._#..........f........................................I.qk..B.....LZ.................@..?....;.f.............@..?....;.f.........{.+.....{.+.....{.+.........................................{.+j....{.+T.]..{.+.....{.+..B..{.+H....{.+..B..{.+..>.){.+..J...................;........4...4...4.."..............{.+.{.+.{.+..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........{.+.....{.+....#{.+............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001G.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):3.567261571419766
                                                        Encrypted:false
                                                        SSDEEP:96:fEk6E3gLCwQEqselEG4IbIzEk8oFh8Pyc4I4xgEH4I/Cwt+yVyNfj1s:dD3gdtqXyObIgkxziyU4x9X/
                                                        MD5:CB06FE5BAA6316015EA7FEA99CFF0B94
                                                        SHA1:E889ADFD561EDAA1F3726EC0722F90E97A0B2B2F
                                                        SHA-256:09B55DF64D041100D7621DEAF9438B470E9D121CD85E1AD040DAB043B38F496B
                                                        SHA-512:B84D5249BD88F8321A611534C2A103248BDC93F1D307E40268DB1E0848E93AA6E479A2E97AC9CA6B2E306010F2956ED5A46719B4AD3E1758199FCCAA4A99A1DA
                                                        Malicious:false
                                                        Preview:\...L...............................................................................................?...................................................\...L...............,......................................~.8.E...We.<_.I.......I.....2....>..~..F....=.O..N.~.....^*.........@...^..<.......f....}.<.............^.......^..................................................*.......*L..)K....R&.,..^.......^*.........@..2.......^...@........................I....*..g.....4...............T)S....*T......^.......^X......^..J.....T.r..4..T)....a.T.2...............I...c..,0...e...B4.$...........GP..A..}.....J.....................g......g.~.[.*..u.]..a.......a..~..O....<.h....n.......<........g.~.[.*..u.]..g.O.rd.#<C...iW.{.O.r.....>...........<....<.......f....}.I.....2....>......,E..!##.............0...........e....4.............."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w.......B.^....F...r.QH.....(...........(..."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001H.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):4.580040587810368
                                                        Encrypted:false
                                                        SSDEEP:384:3SyRkwAu8YrNIRx3TIgXRtjHmNBCuEq7u0wg7DjkW/CaHWNP+UkeK1NqEvTGSZ5:3SyKwAu8Yr6RxjIgXRBHiAdqC0n7Djk0
                                                        MD5:A8F75B406D3B0DA479152A88A448C25F
                                                        SHA1:9466BBC2053C6CB1B25237DE0862050CEC697022
                                                        SHA-256:80E8F6ECA8CBE72CB211F8B7D85405975E344FCF37B9208181581BA2D99353DE
                                                        SHA-512:6EE511C8D829E422C0B038AE5465CD90FE73C035B722CD0434753892CDBAA060D4C86C8E0492056163607C0A9E00ECB6B1E592C9AD1346406464DF9EF80777D4
                                                        Malicious:false
                                                        Preview:....>...........v.......P@..` ...I..........>...T.......v.......PH..` ...H..................................................................................>...`.......v........H..` ...I..................x........VJ........f.I.......I.qk..B.....L....O.w......mD.........VJ........f.....I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'..............1.Z.}..4..EL.......N...^...................t..L..xuM.v~............J....................................I.qk..B.....LZ.............1.Z.}..4..EL...................................................................................................j.......T.<...............S.....H.`.........&.......'.....8.........3...8.....z...y.. x.. ...........$........!..7!..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3..............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001I.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                        Category:dropped
                                                        Size (bytes):22203
                                                        Entropy (8bit):6.977175130747846
                                                        Encrypted:false
                                                        SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                        MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                        SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                        SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                        SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001J.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):3.974066238330837
                                                        Encrypted:false
                                                        SSDEEP:192:TsSZ1UDLMza8XJlOR/DvjXop4N9UfwDSJ39+vdv:I5M+eJYR/wp4PUfwu3wvd
                                                        MD5:EE91B75E781F90AF1A347CEE65AAD2F4
                                                        SHA1:B83329AC39B8EF129B4E9FE39996032CECC23403
                                                        SHA-256:FFFC5D9BE9D195C40E8730843123507CD792ADD178AF9B0DCA2F7D28FCE6C878
                                                        SHA-512:27AD91A5D0132F8199E968B68BA4EA22C91CE27E537AC80F0A8B5BA84C6F37CF4D9317C9F0D532890FB32A7272705583E05E348CACB0ECCF5085A12648493EA5
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>.......Z...v...&............................I.......I.qk..B.....LZ.:..)....:.l.0[.'..c.....:.l.0[.'..c.....:...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................|v.....)rNp.....N...^................c.V..L.Ql..%M.................................................I.qk..B.....LZ...............|v.....)rNp............|v.....)rNp...........:.......:.......:...........................................:.j.h...:.T)....:.......:...L...:.H.]...:.......:...H...:...}.......Z4...........................................4../4......p...............C.a.l.i.b.r.i...................:...:...:...z...y.. x.. ...........$........4...!..7!..7................:.:.:.F.:.G.:...z...y.. x.. ...........$..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001K.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):52945
                                                        Entropy (8bit):7.6490972666456765
                                                        Encrypted:false
                                                        SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                        MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                        SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                        SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                        SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001L.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):3.507656969647932
                                                        Encrypted:false
                                                        SSDEEP:192:GsniIpgbz1Ja3n/R/CXSpQMK7Rt5DxBP0sbFXkYu1+9kO9oRnKYFmdcEBIDdbl:jniIKG3n/REKQn7Rt5LL01+9k+oRnncA
                                                        MD5:6B3E695B299CFB7C8585B97E9BC18031
                                                        SHA1:AA9251B9278D9586503073D07D26AFF2EE0CB085
                                                        SHA-256:1492021FA1E636770608D4694DDA1955C21D7747DD9A635BF0DC30B705C02754
                                                        SHA-512:4BB95B6CC256B00DF035B81AD191B8DEA9BED409BEE81261ECC0227FBF8929AC18AA88B60EA1C83AFAA52CFEDB5BBF9F9766167B69A28AA2B6764E757D8C6E29
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>.......@...v................................I.......I.qk..B.....LZ....9.......kh..=......r....kh..=......r.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............oo.w.Q.. D..9......N...^...............X.....I.......u............................................r....I.qk..B.....LZ.............oo.w.Q.. D..9...........oo.w.Q.. D..9..........................................................................j.......T.H..............\.....H.........3.......O...............Z4...........................................4../4......p...............C.a.l.i.b.r.i...............................z...y.. x.. ...........$........4...!..7!..7..................:...F.....z...y.. x.. ...........$......

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001M.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):25622
                                                        Entropy (8bit):7.058784902089801
                                                        Encrypted:false
                                                        SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                        MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                        SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                        SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                        SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001N.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):3.201557378929971
                                                        Encrypted:false
                                                        SSDEEP:384:Ss8dbtMeOGcofKq5vagHv2YRS7mOZ8e2Y+GHz7:Ss8dbtMAcKKq5v3Hv2YRwmOZf2Y+GHz7
                                                        MD5:E58784B3A02896A59721594B8ED75998
                                                        SHA1:D08EA8778948FE809B6602E9B6BC8721022DDFD5
                                                        SHA-256:43876DCEAAEE1C911DDFFB9C6D3A18E0A59511FA7962D38261739FF7622BF890
                                                        SHA-512:F91C776C9DDDD4C21A0AB30E7BC1A9E082B67BEE59B20CA4729EF63D6FAE16414FBDC75C6B7B0724C4597C8952F63057CE7ADB56336B84E0F294F1D95F857BD9
                                                        Malicious:false
                                                        Preview:2...>...........v.......0 .../........u.K....ST...............u.K....ST..........I.qk..B.....LZ................................2...>.......B...v........-..............v........-..8....................I.......I.qk..B.....LZ..h.T.....h.*.y...7H&.....h.*.y...7H&.....h..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............u.K....ST.........N...^................h..w..M.m...;...........................u.K....ST..............h..w..M.m...;...............u.K....ST........................................h.......h.......h...........................................hj.e....hT......h.......h.......h..a....h.......h.......h .H.......z.......R...................!..7......}.....W.i.n.g.d.i.n.g.s. .3.......................Z4...........................................4../4......p...............C.a.l.i.b.r.i....................h..z... ..$..............

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001O.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):15740
                                                        Entropy (8bit):6.0674556182683945
                                                        Encrypted:false
                                                        SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                        MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                        SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                        SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                        SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001P.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):3.774456952693695
                                                        Encrypted:false
                                                        SSDEEP:192:xsPHAJMx0rSM+XMlxcXDmtviC2RtTQycy+e012G904XAZO/c9P9cosUnUz:GPgI0rS9Q+DmtaC2RtUyn+SCjXAZEgFG
                                                        MD5:3DB4D1ED369E633159BD80171C2652EC
                                                        SHA1:5400DA6B6863333FCD33030751BB921351D3F144
                                                        SHA-256:ED5A2EB5322AFF32BB735088C3887A4DDDD594AF570AF49A3CA85A3D9C347406
                                                        SHA-512:2F2B57643B2629D223A8CD482274C9100AC39116B0A24E26096B079F16534C57501D29C70603675A628B8DEA16BF6A27252BC6BC995373820C890A0BC11B0FC9
                                                        Malicious:false
                                                        Preview:2...>...x.......v........ ..`!..2...>...........v.......@...............................................................................................................................................s...9...s....bR.......g..I.......I.qk..B.....LZs....bR.......g.s....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............zc.Q,.....&\pu......N...^...............:...;.jH..>.'>...................................................I.qk..B.....LZ............zc.Q,.....&\pu...................................s.......s.......s...........................................s..j....s..T.Q..s.......s....n..s..H....s....9..s....V..s............Z4...........................................4../4......p...............C.a.l.i.b.r.i..................s...s...s....z...y.. x.. ...........$........4...!..7!..7..............'s..%s...s....z...,4. ...........$>........4

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001Q.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):55804
                                                        Entropy (8bit):7.433623355028275
                                                        Encrypted:false
                                                        SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                        MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                        SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                        SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                        SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001R.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):4.627427993661021
                                                        Encrypted:false
                                                        SSDEEP:192:MsQxtZjPZitStQlFQOgDEnrYqoWUweOyuHG1sCXPJPBeOFRtz8tmBAWW3Z89KCI6:RQxjktStQTQ2nrYqoWOfeGq8RLRtotm4
                                                        MD5:68E7382459B27D5309EE1547899322C9
                                                        SHA1:FA47626BDC2EEC4F69D5514E317AF44D32A319B2
                                                        SHA-256:98573E262F090D6EDB71CAE8E0A2E19E371481409FBD4DD2467828930DA6D03B
                                                        SHA-512:F6FF7528E2F7D6DA726C8F9D7A09D035EC57FE57D1AE90F36347C16EB6BE49BFCBF529EC66F4BE29A3A953F4A0D589077698D4D5937375A920AF165E1B76AB4D
                                                        Malicious:false
                                                        Preview:....>.......>...v.......0 ..h+......>...........v...Z...@...X*...........................................................................................................................................I.......I.qk..B.....LZz.m.....z.mP.....Z......z.mP.....Z....._z.m..I.qk..B.....LZ.I....H.9.$H......<...H...........I.......I...................................................I.t.....I................................................................4..'...'..............T....:E...W.......N...^...............aa.$k..J.......9.................................................I.qk..B.....LZ.............T....:E...W....................................z.m.....z.m.....z.m...........................................H..|....H(......H(.z..z.mj.N..z.mT)...z.m.....z.m..b..z.m .......'z.m8z.m..z...,4. ...."......$>........4.."..7......A.g.e.n.d.a.:.........................Z4...........................................4../4......p...............C.a.l.i.b.r.i..................z.m.z.m.z.m..z...y.. x.. ..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001S.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):41893
                                                        Entropy (8bit):7.52654558351485
                                                        Encrypted:false
                                                        SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                        MD5:F25427EFECFEE786D5A9F630726DD140
                                                        SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                        SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                        SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001T.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):4.591271747603512
                                                        Encrypted:false
                                                        SSDEEP:192:Xs9F8vC22VXpF9Ew/WknrdUpbPev1L2JuH0kJJoXAje/sSRtvFjJR9uB8kY9u9hb:cj2QXpH9/WkpUpatL2JeDw7fRtFJR9uZ
                                                        MD5:30586F9DA5CB0EC318467A5426AA37CF
                                                        SHA1:7A891E4CDDC91DB6875ED1204EC5CC8BC795C7C6
                                                        SHA-256:2FF51BC513160D4203E2DCBE050583CC6F0C96599DC78F49C74BDCFEC4D28B50
                                                        SHA-512:F3B6BEFAD97FEBF9BFDBE05B803243A534A026795B4B4E6C26998DF63DEEC634F36B4FF99968A6090314B4BD4F0FB9BC21E57C37D32CB8CFE7E67FA1CF4A9761
                                                        Malicious:false
                                                        Preview:2...>.......,...v....... .. +..2...>.......|...v...H...@....*...........................................................................................................................................I.......I.qk..B.....LZ.{..G....{......9R/=.M#g.{......9R/=.M#g.{...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............X.~.g.:....6.....N...^..................r9M......C1........V...x....................................I.qk..B.....LZ.............X.~.g.:....6...................................{.......{.......{...........................................{.j.A...{.T.....{.......{..r...{.......{. .7...{......{. .........Z4...........................................4../4......p...............C.a.l.i.b.r.i...................{...{...{...z...y.. x.. ...........$........4...!..7!..7................{.;.{..{...z...y.. x.. ...........$......

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001U.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):14177
                                                        Entropy (8bit):5.705782002886174
                                                        Encrypted:false
                                                        SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                        MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                        SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                        SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                        SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001V.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):49152
                                                        Entropy (8bit):4.654521027583577
                                                        Encrypted:false
                                                        SSDEEP:768:LEaNbHlo5/bzSiId5xWKXljvHAP3VEbCO3jFesmLcaDTaFaOq:LNOTzpg5pXljvgPlEbD3j2
                                                        MD5:2B58FBB137EEEF0A02FE1400008362C6
                                                        SHA1:C9AA18A742854F11246B1EF03B2BE2D593597E0D
                                                        SHA-256:4E83287E646351ABD8D24C1683D1378DCCEE736FC1492A7D2E752BC5D11DCDA6
                                                        SHA-512:1C4C04AE804742ED41DE4BB799090105DA2F7A214DCA87A6A7BC53F9A3CB6F494B36D01AA66E3B7A6C9167688EA1F7A608139CCAFF186BFBF97C310ADD2A794F
                                                        Malicious:false
                                                        Preview:....Z....&......r%...&...... ...@.. `.............Z....%......r%..J&...... ...@.. `......................................................................Z....%......r%......x... ...@.. `..........d%......d%.V=^ZM...`8p&.].......]... .oI.........UA..%~...T,..,.UA.q....E..4O..'.U.q....=g. L`..VE8.....=g............v.......v.................................................d%.T.......T.G.....T....]..T"......T%..."."T.....S.T%....2T.?...........0...........e....4........................u.^s.Q.@.).~b.......(...@kO.....(..."...P.l.a.i.n. .a.n.d. .S.i.m.p.l.e...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.5.2...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e.........9.=.....9.=GT.....#..gc@..?.......?..(G.....5..2...B.......P...........N...H...d%...9......]...._..@].."."...................=..c..,0...e...B4.$........{p.....G...^...?@kO.....................w.......w3..UO..Z................L.}..FT..9...q.x.........9...0Po.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000020.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.396676979547422
                                                        Encrypted:false
                                                        SSDEEP:48:0so8GaKljYt+dHE8onXXfSN8xX9KuvcjrdhSrI258tXtkL9eNzgd:0sYaKlcIFE8KXXfEgX9JvORA38G
                                                        MD5:F720ECA7023972821E131031C2556254
                                                        SHA1:3811144252E7AF10409E0C293983AC629F9567C1
                                                        SHA-256:D281C7795D696F8352EEA9B134685C37BCAFAB7F2199DA8A7A40D1EBA51A1D03
                                                        SHA-512:3DB8146DAC40B87164D5BA787FE7A61752C4D33A432620A6676FA1CCF8EF1CF3B7128D31130020015F0A08D59738C7FB45B5CA0BE5D2DD17E8022A3B9A684721
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ................9............9.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............-%o.H..3..#...R....N...^.................8..TJ..=.L...........f........................................I.qk..B.....LZ.............-%o.H..3..#...R.........-%o.H..3..#...R........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000021.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                        Category:dropped
                                                        Size (bytes):12654
                                                        Entropy (8bit):7.745439197485533
                                                        Encrypted:false
                                                        SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                        MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                        SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                        SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                        SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000022.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.322748567244207
                                                        Encrypted:false
                                                        SSDEEP:96:nEs2Hy3HK1dEpYXq/la+91YuoRAn36lf:nEs2SXKMpYXEla+91YuoRAnK
                                                        MD5:73E2E15C213B5CF391B3791B87F988CD
                                                        SHA1:5219341774B3D4808289EA0ED04D5E1B57C8ED2B
                                                        SHA-256:98BDC30046562FB4F9A7154307ED49B9E98E54B9ED0546412E16E8E7983D1555
                                                        SHA-512:F9D611CEC256D0DDA1B7389457822444ECDC00B3E7CF6D1FF1B2F9C80EC6FABD525E2F2EBAA1DB0F839660FF4E876AAAF3CDC4C83AE59D41C4FBE552226413C8
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........T".7.'....t....T".7.'....t......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............|..'\.......n@!....N...^......................J.#.\.Jf.........f........................................I.qk..B.....LZ.............|..'\.......n@!.........|..'\.......n@!........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000023.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                        Category:dropped
                                                        Size (bytes):2695
                                                        Entropy (8bit):7.434963358385164
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                        MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                        SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                        SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                        SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000024.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.333584664649325
                                                        Encrypted:false
                                                        SSDEEP:48:cse7j86eEwBt14XsE/Eo+zXbCK+z9ndjcESrdhSr7T1Z7tX8U9ryWh:csu86FOpE/FOXc9djpSRA/kW
                                                        MD5:E2AA2A66BEB5D77987920A5A5E2CE959
                                                        SHA1:727C58FC5ED85DE1B12B4DF63981D484229C3665
                                                        SHA-256:5B746E0EC8C9A8C3342449BE5ED3B60715B7750C003BF7FA31C1D2BB308701D4
                                                        SHA-512:B561EBF92FA21C43061BDD91382592BF905B1325A817E7C32C2BE8C7A8250CFF4231F564CDB6E71D33C0C749ED5A2B2C95A4A40A64F5CE3B45713FA6005CF43A
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..9.......9.3...5."#..*N..9.3...5."#..*N..9..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............Z..k.V......'.....N...^............... ".8.J.A.dx..p!.........f........................................I.qk..B.....LZ.............Z..k.V......'..........Z..k.V......'............9.......9.......9...........................................9j......9T.]....9.......9..B....9H......9..B....9..>.)..9..J...................;........4...4...4.."................9...9...9..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4...........9.......9....#..9............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000025.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                        Category:dropped
                                                        Size (bytes):11040
                                                        Entropy (8bit):7.929583162638891
                                                        Encrypted:false
                                                        SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                        MD5:02775A1E41CF53AC771D820003903913
                                                        SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                        SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                        SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000026.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.504749763809627
                                                        Encrypted:false
                                                        SSDEEP:48:isyc5xUYt/SELtUEP3F7vNXy939s3NctrdHr9J4tXx3tSAkD32N1Anwn:isy7YtqELWEP3FTNXy9ts9ERLoeU
                                                        MD5:A0CA11433E4B5E166ECAC36CD6F41207
                                                        SHA1:03E442E3123872A0A2F5F0C9F088BF4E5A1CE490
                                                        SHA-256:4469266CD0D54F5462996C88BDCB82B14F31CF2A8ADCF75CA0C6F889853224EE
                                                        SHA-512:62486DC2BE1C336C673C22C4F75921C432F9F8BE57E586E49772E6C8B628E3AA1DD3E78B4282BBE6064A9C2E28A8A9DB5A4E8821F6A985AE79D2726D1C6AD360
                                                        Malicious:false
                                                        Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ..|.......|.#.\.?.........|.#.\.?.........|..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............E.U9.m...s...S.....N...^...............x.....5N.:I...,c........Z................................... ....I.qk..B.....LZ.............E.U9.m...s...S..........E.U9.m...s...S............|.......|.......|...........................................|j......|T%c....|.......|..G....|..H....|..>....|.......| .3...................;........4...4...4.."................|...|...|..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4...........|.......|....#..|............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000027.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                        Category:dropped
                                                        Size (bytes):2268
                                                        Entropy (8bit):7.384274251000273
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                        MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                        SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                        SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                        SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000028.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                        Category:dropped
                                                        Size (bytes):784
                                                        Entropy (8bit):6.962539208465222
                                                        Encrypted:false
                                                        SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                        MD5:14105A831FE32590E52C2E2E41879624
                                                        SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                        SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                        SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000029.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):2.727216536579633
                                                        Encrypted:false
                                                        SSDEEP:96:xsZrAukUbVkBRPvWELnX79PpSM73RQ5jyRD:xsZUfUuTTLnX79PYM73RCj
                                                        MD5:2494993B1F5660C6E2212F1868EF8BDF
                                                        SHA1:849A4E86C926ECF8D8E5D2E2D5B75736EE757A1A
                                                        SHA-256:1D0C9E4CE500F69E1D0C543678FE84E09F65C11FF67D5BA654BD22937A146C30
                                                        SHA-512:CE69E8682F420B6042D0ECE3192C1A495F376591302733DAE38B61556CBAB4B799C7DBD6A4499CF426A3E2D92FEE4B5187503544C47B75E72039A4C743895C48
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>...........v................................I.......I.qk..B.....LZ)......)..........M.$.)..........M.$.)...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............."|....Cx..W.....N...^.................5.|..H..E..{..............................................^....I.qk..B.....LZ............."|....Cx..W.........."|....Cx..W..........)......)......)..........................................).j....).T.l..)......)...Q..)...Q..)...>..)......). .3...................;........4...4...4.."..............)..)..)...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4.........)......).....#).............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002A.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                        Category:dropped
                                                        Size (bytes):3009
                                                        Entropy (8bit):7.493528353751471
                                                        Encrypted:false
                                                        SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                        MD5:D9BD80D40B458EDB2A318F639561579A
                                                        SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                        SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                        SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002B.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                        Category:dropped
                                                        Size (bytes):2266
                                                        Entropy (8bit):5.563021222358941
                                                        Encrypted:false
                                                        SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                        MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                        SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                        SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                        SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002C.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.296415114798667
                                                        Encrypted:false
                                                        SSDEEP:48:YuzIZs3Lv5LZ8tI3tEghXIN9u4q6KohrdQqrBEb6/mBXJp2mYj7ip2m4Hu:YFsFLZ8q9EUXIN9u4q6KYRQy46/mj
                                                        MD5:4916704F560A1AD41CF2008A0C266171
                                                        SHA1:67D89A8677D783A105549C0D87D2EBC6893EECED
                                                        SHA-256:4355AB5C767D32DF4CCC1091537E3C5072B0A78C6F0FBE16FEC04A720620E4EE
                                                        SHA-512:92D45802871AD8C8BD34122BAE00C5E970772F346FD800E8A33DF519536231B136A66381CA73CD20CD3E0515F586BB5B22757C193CE7B4DD0B7E9C64521B5781
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.l}......l}n.{l.......{.l}n.{l.......{.l}..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................A..<.9......e....N...^................Fd....E.+L.upt.........f........................................I.qk..B.....LZ...............A..<.9......e...........A..<.9......e..........l}......l}......l}..........................................l}j.....l}T.]...l}......l}..B...l}H.....l}..B...l}..>.).l}..J...................;........4...4...4.."...............l}..l}..l}..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........l}......l}....#.l}............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002D.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):99293
                                                        Entropy (8bit):7.9690121496708555
                                                        Encrypted:false
                                                        SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                        MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                        SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                        SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                        SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002E.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.334923732537697
                                                        Encrypted:false
                                                        SSDEEP:48:YuxN2sYSd1ti8Di8ethUtEVpyYbXub9eVx7oZrdQqrshVBX9blqtuNQgiIzJh:YVshDi8e4EPtbXub9qBQRQys7nL
                                                        MD5:C4EC9A9490DD7E7A2AE8B8D58B0DA8C7
                                                        SHA1:4C6FC73BC85175FCC18BA387189A77EC6B8AD6A6
                                                        SHA-256:5EDA3AC7995A257AD8F562F8B2CA45D3D50445B7EF9C016756BEF82DDB9B72F0
                                                        SHA-512:6DCC5158CE87D8B90985FBFD307D475FC41694DB09147EA0F3E6D25464546F030EA56DEF1B5EB60AB459556C65B70FF3056DB898CDC09A4D87D8237780E6B885
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ(.C.....(.CU`.*...z.j.n.(.CU`.*...z.j.n.(.C..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............GG...... 4k.yo....N...^..................V.i.E...Ln..........f........................................I.qk..B.....LZ..............GG...... 4k.yo..........GG...... 4k.yo.........(.C.....(.C.....(.C.........................................(.Cj....(.CT.]..(.C.....(.C..B..(.CH....(.C..B..(.C..>.)(.C..J...................;........4...4...4.."..............(.C.(.C.(.C..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........(.C.....(.C....#(.C............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002F.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                        Category:dropped
                                                        Size (bytes):2898
                                                        Entropy (8bit):7.551512280854713
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                        MD5:7C7D9922101488124D2E4666709198AC
                                                        SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                        SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                        SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002G.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.329076159425967
                                                        Encrypted:false
                                                        SSDEEP:48:6s2Pk6U/EutbCESh7qXI49clNAoDZrdQqrRWjWCSJBXOI152QIg:6sH6U8u8EShGXx9cIMRQyRpJZwQI
                                                        MD5:BBC00BDD57A605C2412CAE48DEEA4C6E
                                                        SHA1:327B36B2C2B1E7B2DAF9E113EFA975AE921BE8B3
                                                        SHA-256:17F2888710FF39AC37BD8F6568411AB05C01F4EEA10D3E072AB4190BFA651FA1
                                                        SHA-512:F0544E8C6FD9578996E7C5911C316D992232D29A3978D6480F2E6548BC8248C1E008977A7144FDC92584CD1C1D433DB30654C3C3BB640C0302D54FD0681ECFAD
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................F.......F..[.^.-...8;.N.I.......I.qk..B.....LZ.F..[.^.-...8;.N.F...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................]....:...Hm......N...^.................QFz..N...z............f........................................I.qk..B.....LZ...............]....:...Hm.............]....:...Hm............F.......F.......F...........................................F.j.....F.T.]...F.......F...B...F.H.....F...B...F...>.).F...J...................;........4...4...4.."...............F...F...F...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........F.......F.....#.F.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002H.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                        Category:dropped
                                                        Size (bytes):29187
                                                        Entropy (8bit):7.971308326749753
                                                        Encrypted:false
                                                        SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                        MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                        SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                        SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                        SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002I.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.335046226652172
                                                        Encrypted:false
                                                        SSDEEP:48:4sfeLMI/Uj5DT+t2nEYYOt7w1XzHw9WRoBrdQqrYN0wBX/E9vIIHB/Z9:4sFDT+mEYY6UXzHw9OQRQyM0wA
                                                        MD5:EC3767319F9D57D508F89F5C4060EDF2
                                                        SHA1:D8C5577208836D7DE7D3209B83E22A71936F6468
                                                        SHA-256:BB1CB7ADE879C93840A81683485FA8BB188DD708BC03C950C7E2179BCC8C52AC
                                                        SHA-512:4DCA47BEDBC7432AF7A0F3DD0BC6026F38EB310F888C57E9A2AE3162515AE3AC09C31538CD92EA0A6C8EFF5AB7847855518209DC1B3205B84D4FE91475388FE8
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.hZ......hZ...........5.hZ...........5.hZ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............#.B'.WN.4.Y........N...^...................0.]K.s..$=C@........f........................................I.qk..B.....LZ............#.B'.WN.4.Y............#.B'.WN.4.Y..............hZ......hZ......hZ..........................................hZj.....hZT.]...hZ......hZ..B...hZH.....hZ..B...hZ..>.).hZ..J...................;........4...4...4.."...............hZ..hZ..hZ..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........hZ......hZ....#.hZ............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002J.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                        Category:dropped
                                                        Size (bytes):4819
                                                        Entropy (8bit):7.874649683222419
                                                        Encrypted:false
                                                        SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                        MD5:5D6C1F361BC04403555BE945E28E53FC
                                                        SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                        SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                        SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002K.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.39590017641225
                                                        Encrypted:false
                                                        SSDEEP:96:aBsWu5IMl8mrEVVZX1R19sQRQyklXlkL7oa9:as/l8lbZX1L9sQRJ4Xy
                                                        MD5:0D52C8452DCF3C3A64D563D234FE3F36
                                                        SHA1:0CDDB260D9E02168319911CC880A9698943A5A66
                                                        SHA-256:8C977A364B325CFD9B7CCCE1AB7A74DD0A1AB71170E77EB29633A72676393927
                                                        SHA-512:70BE7AF66EBB55B54D367D058F9C7049A12E2A8D05DFE620A0EDFEE967EC098590C55F27CF63511270A095C09A69316A7D2EF21320EB230F5038BC2AA5817BF3
                                                        Malicious:false
                                                        Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZY;......Y;....{.....=..Y;....{.....=..Y;...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................^.....6.?T.....N...^...............k/#.\*.G.Vf.=6.X........f........................................I.qk..B.....LZ.................^.....6.?T..............^.....6.?T..........Y;......Y;......Y;..........................................Y;.j....Y;.T.]..Y;......Y;..B..Y;.H....Y;...B..Y;...>.)Y;...J...................;........4...4...4.."..............Y;..Y;..Y;...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........Y;......Y;.....#Y;.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002L.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                        Category:dropped
                                                        Size (bytes):1717
                                                        Entropy (8bit):7.154087739587035
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                        MD5:943371B39CA847674998535110462220
                                                        SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                        SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                        SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002M.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.314144314353937
                                                        Encrypted:false
                                                        SSDEEP:96:g5sAX8e2aDmgEKd5XXwm/9nvsRQy0jP5QuI:KsjeWK7X19vsRJgP5Q
                                                        MD5:A0A59583329CA502120AE41A75759B70
                                                        SHA1:469E7A6720AB1A5E6ABB6ECAC2B50B9F5CB59068
                                                        SHA-256:49FF61B20CDEACC717CEF041B09A0F66CE521F3A857025AB3BD7F842F2124490
                                                        SHA-512:D448285929AA4B5AC076AC31E1931B1D6286E7C2FACE86D69FB4855203A3D9C6CF9404529114ED4C554E4EF21CD9BA241269A332E3A2D253623FABB00146BFB1
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|.......................................2.a..."..Ih.I.......I.qk..B.....LZ....2.a..."..Ih.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............]D.:...8.g..z.....N...^......................D....F...........f........................................I.qk..B.....LZ.............]D.:...8.g..z..........]D.:...8.g..z.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002N.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                        Category:dropped
                                                        Size (bytes):3555
                                                        Entropy (8bit):7.686253071499049
                                                        Encrypted:false
                                                        SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                        MD5:8A5444524F467A45A5A10245F89C855A
                                                        SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                        SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                        SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002O.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.336213860618122
                                                        Encrypted:false
                                                        SSDEEP:48:5as1msFL7WlmtEyfyxElrXY6y9z23HoRrdQqrbwOfBBXJbk9IjIlJ:cs1BPWlmaQqEhX09zeHARQyEYBp8l
                                                        MD5:D93650520EB62C8B8FE63E2F56368D55
                                                        SHA1:1EDD938FDB159FC0AF7056C9A28F04A7A9EAC0CF
                                                        SHA-256:DDD0544A48DA3EF9AE1F8ADA4C893396EB5C02584837EC59F1B5D74C0C223C89
                                                        SHA-512:D40C08C3EF47A6DFE502A1E7DD5CDD2F340143B57625F1EF43EE3176DCC2FEE15E06CBD80BA88D05510C0B096A9E9FAADF2974AC6F6EC847E4C0C4E303C0FB9D
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.|3......|3.....+h.7.T...|3.....+h.7.T...|3..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.......................). .....N...^...............\1H.^.D...r!P..........f........................................I.qk..B.....LZ......................). ...................). ...........|3......|3......|3..........................................|3j.....|3T.]...|3......|3..B...|3H.....|3..B...|3..>.).|3..J...................;........4...4...4.."...............|3..|3..|3..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........|3......|3....#.|3............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002P.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                        Category:dropped
                                                        Size (bytes):3428
                                                        Entropy (8bit):7.766473352510893
                                                        Encrypted:false
                                                        SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                        MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                        SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                        SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                        SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002Q.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.379007806099797
                                                        Encrypted:false
                                                        SSDEEP:96:8sjLEwqGQEXNrx7Xo99oRQyyZXByOYXBi/u:8sXEw5XNtXo99oRJyZXByOYXBeu
                                                        MD5:46BE636A1960F89B8451F9ADB199233B
                                                        SHA1:B91864D16825695C135F25D7B9B44FA5DCB62C2B
                                                        SHA-256:43860D9DD5FE2910B1AA9A04A18F85E7623229D3AAA81B32032A880B1C350E9B
                                                        SHA-512:509489BAE9DCE6E83500FCDB20CCCF194F81D937E7EB2277CFF6F9434F3C228BA68FD953EEC763E60035028D84C32CCDBF332832E84F3931880FFC830B079DC2
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........%{.....B.z_4...%{.....B.z_4.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............|...Z.?,..[K.=....N...^................S..i..D.!....0.........f........................................I.qk..B.....LZ..............|...Z.?,..[K.=..........|...Z.?,..[K.=........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002R.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):65589
                                                        Entropy (8bit):7.960181939300061
                                                        Encrypted:false
                                                        SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                        MD5:8B48DA9F89264D14B83FF9969F869577
                                                        SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                        SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                        SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002S.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.351863282972056
                                                        Encrypted:false
                                                        SSDEEP:96:pGGws5BDy2wGh6gEmdqXWY9ckRQyTqh82fr2:pGGwsq2wGI9mcXWY9ckRJm82fr
                                                        MD5:74CDB4A226A76284087A0EAE4D9BDD16
                                                        SHA1:67185324FF23359C9F501307119934FFD6FAC262
                                                        SHA-256:EAA58CDF4378FCDECD877E4039957483D3F210B78DBCBA6019C732EA02568904
                                                        SHA-512:78CECB5E18141B073A69B48AF31A7F4CF46A7DE6716AE94E89DFD0A2B605D8BA72E82A7D96E36783BB9FC7E89DAB8A710D742F72D2E10F639782D208C4D1BBD5
                                                        Malicious:false
                                                        Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZ............i.4...S[.$t.....i.4...S[.$t......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............."..5......".....N...^.................X....@.Z.H*.8I........f........................................I.qk..B.....LZ.............."..5......"..........."..5......".........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002T.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                        Category:dropped
                                                        Size (bytes):1873
                                                        Entropy (8bit):7.534961703340853
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                        MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                        SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                        SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                        SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002U.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.377958533038824
                                                        Encrypted:false
                                                        SSDEEP:48:ysMdZV3zT0K6IVtUEeYaX5Vva9F42omKBrdQVrua/BXxakDZ95:yssD/0K6IVWEAX509F7PKBRQ51jb
                                                        MD5:BB382ECC719B1DFB051F4B9746D2C965
                                                        SHA1:7090152766FF94FDB7E13565D233CBB6D0884046
                                                        SHA-256:4D3A73C3ACCCBDECDB8620AFD309E187A5EA18539CA9D12C0726910F5AD3CDB7
                                                        SHA-512:0F70E812D336CF6CDB9EC761B4203AFC657B588822C05594A961ED91EC2CCEB9E97013B72C160FC2EB70E595530F965E719C032063171C79DD0F496FFA9A6952
                                                        Malicious:false
                                                        Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.................T.".............T.".........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............O[..)J%.9&......N...^....................%.N...@...........Z........................................I.qk..B.....LZ..............O[..)J%.9&............O[..)J%.9&..........................................................................j.......T$c...............G.......H.......>............. .3...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002V.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                        Category:dropped
                                                        Size (bytes):5465
                                                        Entropy (8bit):7.79401348966645
                                                        Encrypted:false
                                                        SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                        MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                        SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                        SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                        SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000030.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                        Category:dropped
                                                        Size (bytes):3361
                                                        Entropy (8bit):7.619405839796034
                                                        Encrypted:false
                                                        SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                        MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                        SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                        SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                        SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000031.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.344347954645926
                                                        Encrypted:false
                                                        SSDEEP:48:qsg8i9e3tw2ntJTdED5+CXTp9+FoFrdQqrP7EmBXxblz3DxoMZF:qs8e99ntE0CX19+FkRQyPzvvx
                                                        MD5:291B1B45BAC4EF4B8B77D1180C125D15
                                                        SHA1:6A4FB9333B5417BA4195A5BA1F9E00DC7F086AA1
                                                        SHA-256:FE6EFDEF395AB299F77937D9374FF6FCC3429885EB91E83494F5D587D6E31A0F
                                                        SHA-512:F8622DB7FBDA6C0A0E5735931A9A6E4E250349B7FACFA036C13C78B151A783D31CC544CEB0BF5B9FA9C4DCEC438D7380E72764AA1E2CCF855829B4FFACFBE71E
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ................._Ib............._Ib.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............p.....B.&..V.....N...^...............^.I....H.PnQ..U.........f........................................I.qk..B.....LZ.............p.....B.&..V..........p.....B.&..V.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000032.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                        Category:dropped
                                                        Size (bytes):140755
                                                        Entropy (8bit):7.9013245181576695
                                                        Encrypted:false
                                                        SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                        MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                        SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                        SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                        SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000033.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.3530488105798835
                                                        Encrypted:false
                                                        SSDEEP:48:YusDsSmLvBDZtl/ghNEuVLAXA9uD7o9rdQqrzgDBXHNMnKZ:Y9DsPDZPgNEuVEXA9uXERQy2V
                                                        MD5:62F236F25C419D8494D57D4CB52B6132
                                                        SHA1:7B5F918F344FBED8273EE576BD0E74C5F72EB909
                                                        SHA-256:B6DD57F08C9763067828BC0BA0EDD6C65C8C43D21EA44163F7B328C8CCB913BB
                                                        SHA-512:BE56F515AD4EFE83A7D7F4948DD102EA95CEDC815DE4DD76DE0D50384C302DBEA9379ABC73ABBCB837BA66A5FB38F546A047B10CAAEDFE2C28795ACD7E6B9FFA
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ...........v.C...]H.R.M7...v.C...]H.R.M7.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............A......#.....K.....N...^...............}.p...E.]mh...C........f........................................I.qk..B.....LZ.............A......#.....K..........A......#.....K.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000034.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                        Category:dropped
                                                        Size (bytes):129887
                                                        Entropy (8bit):7.8877849553452695
                                                        Encrypted:false
                                                        SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                        MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                        SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                        SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                        SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000035.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.354790654903285
                                                        Encrypted:false
                                                        SSDEEP:96:Yxjs8aSRRxneEr7tXzn89ObF7ARQyFHZl:+s8aSR/rr7tXz89ObF7ARJhZ
                                                        MD5:F9AC748F90194F2F3E8EBF1E1FA38871
                                                        SHA1:E930773D1055F816B0B78989533593E402AEDD9F
                                                        SHA-256:B657FDBF04224964ADF2FDA2EE10DBD53E92A4CD0B846EA1F79F5DFEA776248B
                                                        SHA-512:C9AEBB2F3614DEAE2C88B57536E04580A26630F92EA32609092F2E7511ABE43609DD4BB1A82C7C18FC11CA66426A1125392679E0148962C6638FA845B9665483
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZd;......d;..%...&,.....d;..%...&,.....d;...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............z.zv....-e.i..G....N...^...............K..T..LA......M........f........................................I.qk..B.....LZ............z.zv....-e.i..G........z.zv....-e.i..G.........d;......d;......d;..........................................d;.j....d;.T.]..d;......d;...B..d;.H....d;...B..d;...>.)d;...J...................;........4...4...4.."..............d;..d;..d;...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........d;......d;.....#d;.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000036.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):84941
                                                        Entropy (8bit):7.966881945560921
                                                        Encrypted:false
                                                        SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                        MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                        SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                        SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                        SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000037.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.355644414224952
                                                        Encrypted:false
                                                        SSDEEP:96:Y1s8zUGZWLgkEPjX/DJG9Gq0RQyFoxpUJ8hXS3:msOZWUxPjX/NG9Gq0RJKx
                                                        MD5:EB054B2D0D2BFFB55195F4F20F2F8620
                                                        SHA1:75156D546E4CF42ED0F3880DB07828F15142E1A3
                                                        SHA-256:6A18D1B6CBFE556CCF02B110187D3ECDC88BFA3E968D8B6200EEC01E492871B5
                                                        SHA-512:54BEA91B52C265F4144B4ECF1F064DC87214F5D741465ACAAB00661BA4F207F55F90E3564DC9289D4D8927B18526DD35D18204B5758321F65DA38BF7C40190AC
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..5.......5.FfJ...x..Q....5.FfJ...x..Q....5..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............x...s't...0.`.......N...^..................<l.b@..%...R........f........................................I.qk..B.....LZ............x...s't...0.`...........x...s't...0.`..............5.......5.......5...........................................5j......5T.]....5.......5..B....5H......5..B....5..>.)..5..J...................;........4...4...4.."................5...5...5..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........5.......5....#..5............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000038.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):1569
                                                        Entropy (8bit):7.583832946136897
                                                        Encrypted:false
                                                        SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                        MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                        SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                        SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                        SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000039.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.333749272191344
                                                        Encrypted:false
                                                        SSDEEP:48:Ys0mQXJUatRRWkE+YlL6XHs9iB0o1rdQqr/yBXcY9sKd:Ysc2a9EplOXM9iB0cRQyKt
                                                        MD5:16BB67D7BE3B19473ECE440FD9C88532
                                                        SHA1:AB06FCB91DDD074A8E435A50A85261BF86D32D1E
                                                        SHA-256:D787A11BE86BEBAA32CE16E9C390146BEC5FAF0762FC3417D471002823F1041E
                                                        SHA-512:2EC8788F3E8EE16601B9991C1738CDF011DD9A2BEA26F6A923A8D201949B511BC903C12D3D584121090D0388A6975258EED720B464B0D476E0BDAF2361A3F85B
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZBdX.....BdX. r..;.%. ...BdX. r..;.%. ...BdX..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............R.A.5J...58...i!....N...^................m?.J1!L..r..k..........f........................................I.qk..B.....LZ............R.A.5J...58...i!........R.A.5J...58...i!.........BdX.....BdX.....BdX.........................................BdXj....BdXT.]..BdX.....BdX..B..BdXH....BdX..B..BdX..>.)BdX..J...................;........4...4...4.."..............BdX.BdX.BdX..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........BdX.....BdX....#BdX............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003A.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):40035
                                                        Entropy (8bit):7.360144465307449
                                                        Encrypted:false
                                                        SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                        MD5:B1DDD365D87605F96D72042CB56572F6
                                                        SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                        SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                        SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003B.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.629831759134101
                                                        Encrypted:false
                                                        SSDEEP:96:Rs6DVXnaBE3/nXrh9O2qxmRQyJej2qYZP2oKJ:Rs6RXnH3/nXF9O2qgRJJej29ZP29J
                                                        MD5:DD0F2942B8B9EB11C71CB79C5CD1A96D
                                                        SHA1:097F4BE688FC4BB197CB2CC5F1C2FA46EDEB09F3
                                                        SHA-256:D8D22DFD4D416AA6728E9B0EFD6A2DE7709C4BBE8576F6B5FFE0B5EEA4AEB357
                                                        SHA-512:527CF4DBCB020DE92FB21467616487BF055DCE05FD60E3F5DD57D88B7BAEF66E0B3CE310989866F307DD20FE9A58988DE3126B5C9D908FC989DFE289D7A22DF8
                                                        Malicious:false
                                                        Preview:2...>...........v...~...................................................................................................................................2...>...f.......v................................I.......I.qk..B.....LZ............D..!..].O.l....D..!..].O.l.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................>....F.F.Om.....N...^................Sd>V.ND..l8{G.b........f...................................:....I.qk..B.....LZ................>....F.F.Om.............>....F.F.Om.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003C.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                        Category:dropped
                                                        Size (bytes):242903
                                                        Entropy (8bit):7.944495275553473
                                                        Encrypted:false
                                                        SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                        MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                        SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                        SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                        SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003D.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.345146902076292
                                                        Encrypted:false
                                                        SSDEEP:96:YBsMXSXjXdmW5EXMRWMXgcM9wdKcRQyoBRXjXmX97XSXMX9:KsMCztmvXMR1Xs9wdKcRJoBRz2Jic
                                                        MD5:70EA99FA7F3801C4FD4C8A1D51C260E6
                                                        SHA1:0CEBD018236140F12979910AEF26368F395EBE14
                                                        SHA-256:B5B392377AC8DA15B767F7C8B0441C95DCA604FBE46A5B02A757A2A2D142F1C1
                                                        SHA-512:861457C571A785C09063ADEDE31EAB914FE3F2B2D7BB65B941B60AD349851FB5E330623C5B5A1EE26E02456BBBA983EBCAF19C41557F1D567872D0AA6240C2F3
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ............3...8=V...S....3...8=V...S.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............5..S..V..."........N...^.................<`.iA...X............f........................................I.qk..B.....LZ............5..S..V..."............5..S..V..."............................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003E.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                        Category:dropped
                                                        Size (bytes):70028
                                                        Entropy (8bit):7.742089280742944
                                                        Encrypted:false
                                                        SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                        MD5:EC7811912ACA47F6AEB912469761D70D
                                                        SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                        SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                        SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003F.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.315664392044572
                                                        Encrypted:false
                                                        SSDEEP:96:GsoJWTO5dE5V7XHxHV9ergRQyH47XKDq19JKOoT:GsBTRX7XH9V9ergRJH47QQ
                                                        MD5:C509AF2BDDD2C12E7B1B34C29A552A09
                                                        SHA1:5227CCD2F830E5ABEEB6452D9394F3AE4D644197
                                                        SHA-256:62E721F1EF19C805082886ED1364D1E140466A274D6CD5AFEC145E8E2912660B
                                                        SHA-512:C20EF70373E5731B4D8ED74F219C117086312EE27D20DAD50809C718C70ABD7F2F1DD00D1D902B9A1727BD81202EDDBF643E5319076C3A42A2FF16AF61215793
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.1.......1...C...W!*{|t..1...C...W!*{|t..1...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................~.[.3.g.QP .....N...^................eK.u.kJ....Q.;........f........................................I.qk..B.....LZ...............~.[.3.g.QP ............~.[.3.g.QP ...........1.......1.......1...........................................1.j.....1.T.]...1.......1...B...1.H.....1...B...1...>.).1...J...................;........4...4...4.."...............1...1...1...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........1.......1.....#.1.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003G.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                        Category:dropped
                                                        Size (bytes):24268
                                                        Entropy (8bit):6.946124661664625
                                                        Encrypted:false
                                                        SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                        MD5:3CD906D179F59DDFA112510C7E996351
                                                        SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                        SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                        SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003H.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.3463594239806485
                                                        Encrypted:false
                                                        SSDEEP:48:XCsDn72rC+t9AJEr0iXO+92ZOolrdQqrD9C6CBXotpRbV:Ss32rbYJEjXO+92ZOERQy06CQb
                                                        MD5:FF145F472F395E48B24A8FBC1F625388
                                                        SHA1:52515B8AE77193DA60E53F52265C2B85C25CAF4C
                                                        SHA-256:F428092B051314ECEA44D853615CE027ABEC6C410224F819FB2880338628AC8A
                                                        SHA-512:0DEB39281867195ED77ABB727706087E6202B9B63B7AA816C183F9143C92AF92C8A749B50C23709AA5683EAB372AEFF5A0EB43B24398348D4588F5F13B8E86B3
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ............!.....X{...g....!.....X{...g.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............{.......y.....k....N...^.................-..x.E..W...~P........f........................................I.qk..B.....LZ.............{.......y.....k.........{.......y.....k........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003I.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):47294
                                                        Entropy (8bit):7.497888607667405
                                                        Encrypted:false
                                                        SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                        MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                        SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                        SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                        SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003J.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.4701241703414425
                                                        Encrypted:false
                                                        SSDEEP:48:wsHemYkatZ6EwLyFLBXK9Cgzo9rdQqrLBhSBXWzJOLkxrxR:wsjYkauEwWXK9CwcRQyPSYPx
                                                        MD5:4AF451C6F66F2A47E92146C373ABDED3
                                                        SHA1:75FE1125FC06B091CD9BB565A3A3D3FFF3D05AAF
                                                        SHA-256:DB063673BC8306B5994FBD0CBD2692B1616C3B1150CC31B5D5E644D4194ADB32
                                                        SHA-512:7C8DD7E8BFFEE6B4D726C56894A1F14AAF052EFB620E3183683CD1BF0D4FA63B324347445EE34B5F8DC5DE2AB629CC6BACFF7720E38BF92C8881BC4FE475F27B
                                                        Malicious:false
                                                        Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ'.].....'.]b.}I...t#..y.'.]b.}I...t#..y.'.]..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............AR......FN.U..C....N...^................(|T`+.O..E...V........f........................................I.qk..B.....LZ............AR......FN.U..C........AR......FN.U..C.........'.].....'.].....'.].........................................'.]j....'.]T.]..'.].....'.]..B..'.]H....'.]..B..'.]..>.)'.]..J...................;........4...4...4.."..............'.].'.].'.]..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........'.].....'.]....#'.]............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003K.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):347
                                                        Entropy (8bit):6.85024426015615
                                                        Encrypted:false
                                                        SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                        MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                        SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                        SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                        SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003L.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.329765908083406
                                                        Encrypted:false
                                                        SSDEEP:96:kBs6M3rrnnWod3ELXY9y44RQy8aspOgc3uRvGEUw:cstnWoCLXY9y44RJjG
                                                        MD5:0B4B6156F1C6E70BFF16967DF750A489
                                                        SHA1:D40B24B0EC5AC175C1F866895752F48E831208DE
                                                        SHA-256:579693026F4617F426D83C3487FAB570B8F6DC8700A54E631AA1A345CD693CB8
                                                        SHA-512:59C1AA9C01FC24B7AE1F76ACAE8A2761A84C220CB49065174878BAAD86D80853156763D63F06927DB66BA8FB9958B84DABF22AB06B63B79A5B716ADF9C8CD783
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z......................................<.JY....W;...I.......I.qk..B.....LZ...<.JY....W;.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............u|w.....(/.xE.Q.....N...^..................r...N....2..s........f........................................I.qk..B.....LZ............u|w.....(/.xE.Q.........u|w.....(/.xE.Q.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003M.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):827
                                                        Entropy (8bit):7.23139555596658
                                                        Encrypted:false
                                                        SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                        MD5:3E675D61F588462FB452342B14BCF9C0
                                                        SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                        SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                        SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003N.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.327499952071354
                                                        Encrypted:false
                                                        SSDEEP:96:RY1sr1Y5NKdPIEXn5X79gz21mRQyswLgpwQv:RY1sr1aKV1Xn5X79gz21mRJZuwQ
                                                        MD5:5A0A5AFED347C8588B35FBF5E31D959C
                                                        SHA1:13E2F5E41225B0560E00DD6A6B0636D47E821292
                                                        SHA-256:45417F7695EBD804FDABF111CBC8A11DE32F837B6A12CD00D0D6C69BCB4DDF28
                                                        SHA-512:5DCDD4ABFF8E31C74601538E58ADD475FACC10491415E1C5D37C5B224007A643604D180A2298F642EE45BD13CEAD28198366CE659AD09AB61CD73C2D4A71E1D5
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ...........$+...:oi.......$+...:oi.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............w..)...'.K..W.....N...^...................ps.B.....b.9........f........................................I.qk..B.....LZ.............w..)...'.K..W..........w..)...'.K..W.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003O.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):4410
                                                        Entropy (8bit):7.857636973514526
                                                        Encrypted:false
                                                        SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                        MD5:2494381A1ACDC83843B912CFCDE5643B
                                                        SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                        SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                        SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003P.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.295617622704575
                                                        Encrypted:false
                                                        SSDEEP:96:Y/lsdCAjdpHEZnf0wXjlH9ackRQyCRszeBUzHOy:esdCABKB0wX19ackRJaszeBUzuy
                                                        MD5:0F7C8BA86FD4F34F870D318ACEAB50C6
                                                        SHA1:D720177286C438FB12AA5E2185AA7D8FF28E5239
                                                        SHA-256:1AEB53D40793EEB785962BB60FEB3B870E80D7E2CE76A1DFFDB56493EFE32B77
                                                        SHA-512:A4E69E7481081160673DBAA0ABC8F789BC7C5480AA2096EE65FCC412C084EAAD89D371F75757322D6C221C21DF819DD53BB79C351B680F7657489017941F2510
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..Z.......Zemt...G...lV...Zemt...G...lV...Z..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............>...0...&|kp.......N...^................q.m.uD..m}.o..........f........................................I.qk..B.....LZ............>...0...&|kp...........>...0...&|kp..............Z.......Z.......Z...........................................Zj......ZT.]....Z.......Z..B....ZH......Z..B....Z..>.)..Z..J...................;........4...4...4.."................Z...Z...Z..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........Z.......Z....#..Z............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003Q.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):136726
                                                        Entropy (8bit):7.973487854173386
                                                        Encrypted:false
                                                        SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                        MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                        SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                        SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                        SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003R.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.33967179591153
                                                        Encrypted:false
                                                        SSDEEP:96:msmZ2w6TaEKHFlXUAl9usb9KRQyUz29RCRlFP6R+zQ:msdwO3AFlXUAl9usb0RJUCM
                                                        MD5:F3A9E61722F792676A395D75856E9721
                                                        SHA1:7CD5D4D3DE9EE35548BCACBFCAEF2E60827E1C7D
                                                        SHA-256:F35C60DFD261555D65145BA7E25E90EA6029A69E2B65B3E89D2BE06530C467AD
                                                        SHA-512:6F810DBDB6330E203531036AE5C02CDD7C3F63D214D65BE4987A05ECD512CDAC54DF152BFE239424B7ED6C72B86385B4ADEE3DFDFDCBD05BD5024CE3FA0D7F13
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZu.......u......*....w.u......*....w.u....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............G.{...'.z.......N...^.................yg&2.L.6.qL+o.........f........................................I.qk..B.....LZ..............G.{...'.z.............G.{...'.z............u.......u.......u...........................................u..j....u..T.]..u.......u....B..u..H....u....B..u....>.)u....J...................;........4...4...4.."..............u...u...u....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........u.......u......#u..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003S.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):5136
                                                        Entropy (8bit):7.622045262603241
                                                        Encrypted:false
                                                        SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                        MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                        SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                        SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                        SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003T.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.337868081575162
                                                        Encrypted:false
                                                        SSDEEP:48:zWz2BsRp4It9nHoYatwFlePEBvXYf9iwo2WrdQqrquCgBXs5g2Lt97JcOBZ:g2BshoYarExXQ9iwgRQy4gfm
                                                        MD5:E39184E79279CE86E2431976CD01A86C
                                                        SHA1:80A0E9C9D96B0BCBF4085AA6F1B7490B2E094C97
                                                        SHA-256:FF87050499774BF00166CC7167FB681065D1A3D6322605F7A7190E004AB13718
                                                        SHA-512:77E64AF980978B29F241EE1823B82B9BFFF0ECCC747B2313425B02CDC792017B2C8B219DBE08BB036A2B98807D4962115D48C1E36937E451C007D0579CB2C7B2
                                                        Malicious:false
                                                        Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ..k.......kug.2.....?.....kug.2.....?.....k..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................u......HprJ....N...^................0..T..H................f........................................I.qk..B.....LZ.................u......HprJ.............u......HprJ...........k.......k.......k...........................................kj......kT.]....k.......k..B....kH......k..B....k..>.)..k..J...................;........4...4...4.."................k...k...k..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........k.......k....#..k............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003U.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):52945
                                                        Entropy (8bit):7.6490972666456765
                                                        Encrypted:false
                                                        SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                        MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                        SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                        SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                        SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003V.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.398971525962246
                                                        Encrypted:false
                                                        SSDEEP:48:zW6s9Zc6H2teXQEbL4XXEXTH0xo9C9313rdqrb6XBXAo2/IwF:JsMK2MAEbnXTUxo9C9FRyoVa
                                                        MD5:1B61D48138F80FD68A7EEC7FD2C55F6C
                                                        SHA1:999BAE3ECBA68F5A5D08A006AEBBB0CB925333A3
                                                        SHA-256:318D41C4118796A20D27167542E882093B05E2D43E7CC47D20B0F026715D48DC
                                                        SHA-512:8138B0AF7FE79C552C9BE7E39B60601ED50F70C1A70A052B9614366E2B4CD9F0FCE1EAE78F7A7B1FAD7F100B6810C44C875984655AF64D83394BF634A56B80CB
                                                        Malicious:false
                                                        Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ.D*......D*.D.M......L.^.D*.D.M......L.^.D*..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............R7..{..-..........N...^................\Zml6.G.l}.7..........f........................................I.qk..B.....LZ.............R7..{..-...............R7..{..-................D*......D*......D*..........................................D*j.....D*T.]...D*......D*..B...D*H.....D*..B...D*..>.).D*..J...................;........4...4...4.."...............D*..D*..D*..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........D*......D*....#.D*............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000040.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):79656
                                                        Entropy (8bit):7.966459570826366
                                                        Encrypted:false
                                                        SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                        MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                        SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                        SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                        SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000041.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.463917570880493
                                                        Encrypted:false
                                                        SSDEEP:48:T0FsJGfH690OIs1l+tA52JEWnXql9X7o9XVVolrdqr21RLtRXqbwW39045c0rdLF:MstIs1l+SoElX7o9XVVERy2Lx0fX
                                                        MD5:79C4B1B2108493A4515B7052AE6274C3
                                                        SHA1:28CFD22C9AB3AA4B3EBE183AB8200393D9742A96
                                                        SHA-256:0D1BD2C1028183141766A1B2A2DA68FACBED38D0B9C513374A2C410FDCB633B3
                                                        SHA-512:7907785D5D1D63064BFCB54052F5B60225C6CCC16CBBEB4E94209E0F3EC16EF6981F6A1B16F19050CF68A6AAA7A60A9B14AF1DA784D69A040A0CC4D0D52A1295
                                                        Malicious:false
                                                        Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ............3......X6*.....3......X6*......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............qE......R...u....N...^.....................M.....X.........f................................... ....I.qk..B.....LZ............qE......R...u........qE......R...u........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000042.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):40884
                                                        Entropy (8bit):7.545929039957292
                                                        Encrypted:false
                                                        SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                        MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                        SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                        SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                        SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000043.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.349254423218165
                                                        Encrypted:false
                                                        SSDEEP:48:Yu7nHGsdJQsng5q0t0tQWuvxEf9+HXPvawS93vKoFrdqrXuRXRwejn0SFou9l:YKHGsmq0t0mzxEF+HXXVS93iERy+b
                                                        MD5:9EE2A4539F94E91690D9ABF5321C8E49
                                                        SHA1:5135AEB2DECE51F443A7F1BCE7A5B1F2DA092C5D
                                                        SHA-256:8962D2C5A9801FF6563E8EB52A89EF3CDBFC54874F47DC6D0E1565E41139D38E
                                                        SHA-512:A136358AF51A848ED8B80C297EEC435A11E2F01802CA49008BC1901895240AFC793DE8CF27CEE6F278582106EC5132318AF70440A5BB85E27C353AD438AEFB1C
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.b.......b..G........v.b..G........v.b...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................?!N........N...^..............."...l..J...4...V........f........................................I.qk..B.....LZ....................?!N....................?!N..............b.......b.......b...........................................b.j.....b.T.]...b.......b..B...b.H.....b...B...b...>.).b...J...................;........4...4...4.."...............b...b...b...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........b.......b.....#.b.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000044.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                        Category:dropped
                                                        Size (bytes):68633
                                                        Entropy (8bit):7.709776384921022
                                                        Encrypted:false
                                                        SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                        MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                        SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                        SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                        SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000045.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.4321615225334465
                                                        Encrypted:false
                                                        SSDEEP:96:5OsjTLjGOLk/Eg3kmXBXJfP+9TAYRyYPBULKmHyxGr:5Os/GOTg3kmXBXJfW9TAYRyYBk
                                                        MD5:7E09108B9C5D12961891CD751006E80A
                                                        SHA1:FC3126FDD60A6B333F7C8BD1575ED727FDFECABF
                                                        SHA-256:F71081516D76472626D42572B2E58CA62AB868DDF50E9B61F2B416139D5FA0DA
                                                        SHA-512:FBFB80A119FBBEE153F6AA54B51C14694697371E56E48B43430063DA9C97BB2ED66E2BC54A82B8BC1FBB004F03DB9B8F4F9D339DE31E184318C76284882C29CC
                                                        Malicious:false
                                                        Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ...........x0.q."I..{..S...x0.q."I..{..S.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............d....C.Lm..u....N...^...............[..B.CZD...8..[X........f...................................$....I.qk..B.....LZ..............d....C.Lm..u..........d....C.Lm..u........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000046.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):11043
                                                        Entropy (8bit):7.96811228801767
                                                        Encrypted:false
                                                        SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                        MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                        SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                        SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                        SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                        Malicious:false
                                                        Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000047.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.345824124936783
                                                        Encrypted:false
                                                        SSDEEP:48:UsfpQu1xzUmhItjqJEQLTIXDI9zJdWoxrdqrTaxsU/RXICk9v1GY3tQIzMY:Usf513hIoEQAXk9zLWoRy2e1G2aIz
                                                        MD5:B2E5E9BAD6473457E2AD98BA7164B76D
                                                        SHA1:9CEAB16752DFFF7227D8A7F054F58527C0F52B0D
                                                        SHA-256:E5A2CC81AFA7862FC26F1A13D3F56C61502A65A8EBDD4F8D4A0465601B0EE8BA
                                                        SHA-512:2EC6F6385683BAC045E035CD8D4A237B9469F500377645914D07BEC3BC3C78C003CC1CB3936F4285FD07591D3FC7F583FD30AF49ECB4919976162FDDCDE40C54
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..........>.c......"gv...>.c......"gv....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............~.R.h..!.Y?.......N...^.....................-O.....U..........f........................................I.qk..B.....LZ.............~.R.h..!.Y?............~.R.h..!.Y?.......................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000048.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):647
                                                        Entropy (8bit):6.854433034679255
                                                        Encrypted:false
                                                        SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                        MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                        SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                        SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                        SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000049.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.361528730031641
                                                        Encrypted:false
                                                        SSDEEP:96:CsPoZTNBbXEjFFXmje9fzGgRyKbf4Zmc:CswZTNOxFXCe9LGgRyK74Z
                                                        MD5:87D951B5DA071E4B93F2D96FA425BAB4
                                                        SHA1:9006EAA4ED21544DAA5787F119E63BF7D5A6082B
                                                        SHA-256:BAE789F90A07066FC5C9C53E6D9627EF00AAAD0CADF2D9B327B9C520C8882A8A
                                                        SHA-512:DC72F21D0775791FC1609315740281985134F18F34A15D960805B6B07D7B08E38BEF9A418374334A805227335B7D03F5B00E72B6A54EDBBEF6F6B9404FEB3B9D
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZA......A............zA............zA...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............c.'.......:...S....N...^..................PqC..j. S..........f........................................I.qk..B.....LZ............c.'.......:...S........c.'.......:...S.........A......A......A..........................................A.j....A.T.]..A......A...B..A.H....A...B..A...>.)A...J...................;........4...4...4.."..............A..A..A...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........A......A.....#A.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004A.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                        Category:dropped
                                                        Size (bytes):52912
                                                        Entropy (8bit):7.679147474806877
                                                        Encrypted:false
                                                        SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                        MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                        SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                        SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                        SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004B.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.310824547293536
                                                        Encrypted:false
                                                        SSDEEP:48:6su9wLMAlr1tVNEkYDJXL9HzxG7o5rdqr7cRXx1aMXNVITuK0l:6st11NEkAXL9TxG7ARyAvr5
                                                        MD5:B583A5806E39127AE7211C1B7E69C308
                                                        SHA1:F16F1459A4D298FF4C1463AA4FE70CE11D45094E
                                                        SHA-256:B627B0305D60C5D395CDB094C8064DA37A7B0DC0C380CD8F53F5CBEDFBB6B4F6
                                                        SHA-512:8071817F3551D6E1CAF220706607D796F09C149D7508C1AC1BB7644619D401A82B68E96DF86A9551C5138B6C0DA3B266A481398E56F71AB1A829856FA34BFB85
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZi.7.....i.7.)..;......<i.7.)..;......<i.7..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............;.@>..z.#..........N...^...............q.V.>pI.._.............f........................................I.qk..B.....LZ............;.@>..z.#..............;.@>..z.#...............i.7.....i.7.....i.7.........................................i.7j....i.7T.]..i.7.....i.7..B..i.7H....i.7..B..i.7..>.)i.7..J...................;........4...4...4.."..............i.7.i.7.i.7..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........i.7.....i.7....#i.7............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004C.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                        Category:dropped
                                                        Size (bytes):27862
                                                        Entropy (8bit):7.238903610770013
                                                        Encrypted:false
                                                        SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                        MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                        SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                        SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                        SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004D.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.509931387101828
                                                        Encrypted:false
                                                        SSDEEP:48:asuLaS63mIeMtuqtzE5zfiXCfI9T6xo9rdqrnorWk6RXHR8NTVZp:asI63DTIEE5LiXCA9T6xkRySWk64Z
                                                        MD5:608C2F64A6CBDD33BE2BBECFABC0ADDC
                                                        SHA1:13E829D9B24EFF3D2AD8273E178B071B393A5ACD
                                                        SHA-256:ED88B7B61C0D8CF987CF1C2F120AA717A26B56128696D3AEAE1E87742B1B40DF
                                                        SHA-512:4DF7C370137FF81BB75EAE98535257E252D65757221DE25A67F5F36D1A8E09319FFA67584678351D420C91CEF13A0A6C9594A27650FFCA36EEDB3456B69E86F6
                                                        Malicious:false
                                                        Preview:2...>.......r...v...f...................................................................................................................................2...>...N.......v................................I.......I.qk..B.....LZ#.......#........b..K.%.#........b..K.%.#....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............Z.^1..'.5 ........N...^..................d.NLJ...2.}.........f..................................."....I.qk..B.....LZ..............Z.^1..'.5 ..............Z.^1..'.5 .............#.......#.......#...........................................#..j....#..T.]..#.......#...B..#..H....#....B..#....>.)#....J...................;........4...4...4.."..............#...#...#....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........#.......#......##..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004E.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):977
                                                        Entropy (8bit):7.231269197132181
                                                        Encrypted:false
                                                        SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                        MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                        SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                        SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                        SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004F.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.361335556707609
                                                        Encrypted:false
                                                        SSDEEP:48:ZasakoRQAIntAze9MiE3VpLD6XgWq9jnohjrdqr68RGRXqk9zAG1:ZasQRQAIneQDE3TaX1q9jnCjRy3RGHL
                                                        MD5:0D42643D90CED77D5CEB532C2455748D
                                                        SHA1:38874D4FC8B1646CA5AE083B9CE6D135B66563D0
                                                        SHA-256:6E228A2011A9C4ADFDAFEBAB50B0E93A86817ECFCF18DB7511E08B43CDA8B695
                                                        SHA-512:1150685F3B572E6DCAC188AAA796BF7D0BEB1F240D40BB50B2400697D41884632975016A0E089A2C20B6BA86521C12F9A7198ED3A2EB087425E96EF844CD8393
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.........a..x.1..:R?...a..x.1..:R?.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............%=^. gP.+#...F......N...^................\Jq` DB...m.w^........f........................................I.qk..B.....LZ............%=^. gP.+#...F..........%=^. gP.+#...F......................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004G.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):34299
                                                        Entropy (8bit):7.247541176493898
                                                        Encrypted:false
                                                        SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                        MD5:E9C52A7381075E4EBC59296F96C79399
                                                        SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                        SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                        SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004H.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.302597527301553
                                                        Encrypted:false
                                                        SSDEEP:48:6xsEQpsjtlngt7NfEHSFLUBXZnvB9T4oRrdqrqiRXHkDSKJZRkQDqFYlu:2sjEtlngbEyFYBX5B9T4wRyVQzi
                                                        MD5:0B803F5BC393BE2C49C92F7A9B65A433
                                                        SHA1:EB4F8C563E19F90C21C6AB56DFEE58BEE35A4504
                                                        SHA-256:B2403BF69026DFE1C2DB31E999741DCF6E590CADF10B7B7DE44013A84B8F1ACA
                                                        SHA-512:F18790A1278E931C94F85C8EFF12504782823661B8B1CE2A5CB17616A296D737EF6C47D90C13376CAF8AA07385ACB3C6E25F4F83A0855CE89F2008651CFA2E84
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ+1e.....+1eJ.....-....o+1eJ.....-....o+1e..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................N.N'..RP.}E......N...^................h...,M...-1.=.........f........................................I.qk..B.....LZ...............N.N'..RP.}E.............N.N'..RP.}E...........+1e.....+1e.....+1e.........................................+1ej....+1eT.]..+1e.....+1e..B..+1eH....+1e..B..+1e..>.)+1e..J...................;........4...4...4.."..............+1e.+1e.+1e..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........+1e.....+1e....#+1e............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004I.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):10056
                                                        Entropy (8bit):7.956064700093514
                                                        Encrypted:false
                                                        SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                        MD5:E1B57A8851177DD25DC05B50B904656A
                                                        SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                        SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                        SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004J.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.360918718276376
                                                        Encrypted:false
                                                        SSDEEP:48:6sBfe1JAOtROEXh2aLwxXo2x9jzoVrdqrQXCSRXiLBg+4jpqLBgmY1a:6sWAO6EfAXom9jzkRyQZN6
                                                        MD5:0F089D9B2C86203BF2D8D2690DC4D161
                                                        SHA1:1CB8DBE456070E6C6F8D02AAB652A40BA1A7CC05
                                                        SHA-256:390EF5509CCDCC35F623DB8C7C49573DFC6C9E1B0301B8C947A7257017A75729
                                                        SHA-512:F69EBBD967DF8C414916C3DC1EAEFECAEF2E2414C27084EE3FBF51DA6892075C1739579A3B6929D62B75A2D491C759BC292BA4DF9E5420CAA8109D055EBE65D7
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ............/..`Z..6....../..`Z..6.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................?...v...5.....N...^.....................b@..M.J..S........f........................................I.qk..B.....LZ..................?...v...5...............?...v...5.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004K.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                        Category:dropped
                                                        Size (bytes):84097
                                                        Entropy (8bit):7.78862495530604
                                                        Encrypted:false
                                                        SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                        MD5:37EED97290E8ECB46A576C84F0810568
                                                        SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                        SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                        SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004L.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.344773650945381
                                                        Encrypted:false
                                                        SSDEEP:48:jsn3S0jOYDtW3Lsd4PEMxmPXtV9THohrdqrNhRX85Qo8fZvnt:jsidYDEY4PEjXtV9THgRyDiO
                                                        MD5:5E070D77BE0D8C3F021D17963A4B7480
                                                        SHA1:B9D22A61110BCC581F6257F0E33420DB21727007
                                                        SHA-256:A575666E4891FFEAE6E8149A1B6287E555F383372C791026B8F27A3CF20D4904
                                                        SHA-512:BA3060304A53BE347BCA3B38A2EE5FBCCF4A6A9339F0F29A75DAFA3E9AA08C8A5F2208ABD652A5B7E3BCCADFD9B8E9AF5C0E10F0A7735064126D80752046DD04
                                                        Malicious:false
                                                        Preview:2...>.......L...v...@...................................................................................................................................2...>...(.......v...t............................I.......I.qk..B.....LZ?.......?..,.>..;..{....?..,.>..;..{....?....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............",.l..%....+c1....N...^................G....B..............f........................................I.qk..B.....LZ.............",.l..%....+c1.........",.l..%....+c1.........?.......?.......?...........................................?..j....?..T.]..?.......?....B..?..H....?....B..?....>.)?....J...................;........4...4...4.."..............?...?...?....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........?.......?......#?..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004M.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                        Category:dropped
                                                        Size (bytes):64118
                                                        Entropy (8bit):7.742974333356952
                                                        Encrypted:false
                                                        SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                        MD5:864EEA0336F8628AE4A1ED46D4406807
                                                        SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                        SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                        SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004N.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.328888607667362
                                                        Encrypted:false
                                                        SSDEEP:96:JABskYdB2L0EoXL9nj5cRyv87bdsasRYm:GBsP2VoXL9j5cRyS+/
                                                        MD5:85108A9FD9CC04F1ED945CB0BDD15336
                                                        SHA1:63B1119C9D57150C18AAF912D720A7958C4B5090
                                                        SHA-256:BACA156F70DEE839D449C66C627F052BAF849EB47C9A32ED32794D38E6C2494A
                                                        SHA-512:B8E7F9AB8E4C4F8066B245556725CD45DE39595ABBF531C62517F093B46116233A5F5D8442843EE050AF3AF54C0437D4F409A4202EF84E160006C671511E7FD3
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..;.......;r.8!.$d....'...;r.8!.$d....'...;..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............+;......&TG.....N...^...............`......I.......E........f........................................I.qk..B.....LZ..............+;......&TG...........+;......&TG............;.......;.......;...........................................;j......;T.]....;.......;..B....;H......;..B....;..>.)..;..J...................;........4...4...4.."................;...;...;..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........;.......;....#..;............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004O.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                        Category:dropped
                                                        Size (bytes):65998
                                                        Entropy (8bit):7.671031449942883
                                                        Encrypted:false
                                                        SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                        MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                        SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                        SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                        SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004P.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):3.2291579758968694
                                                        Encrypted:false
                                                        SSDEEP:96:ms92g2lhDM2+WEcIqvXmK9jGAqN4R0jqe2lx3iV:mswzlhDMTcFXmK9jq4R0alJU
                                                        MD5:125E5DF7977D71FE576EFEDAA984633A
                                                        SHA1:ADBE8192EE01D282F4FC65FA13AA51D4E8CAA146
                                                        SHA-256:EDE104827343E96648AB5B6F20F542FAFDEFB2289D783D66BDB7128D90A03584
                                                        SHA-512:23332A997BA401FB3D26BA16DDEB3C676CDF9078F186260FF046F0942724A0934629CA960DFBD1608212AAB5D0E7601BAC02487382A627568380CE82F13CECF1
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>...j.......v................................I.......I.qk..B.....LZ............y'..&f ..v.o....y'..&f ..v.o.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................7.0....O......N...^...............k.'....N.......]........&...................................>....I.qk..B.....LZ.................7.0....O...............7.0....O..........................................................................j.......T.a...............D.....H.........N.......?.#.....9...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7...........Op.b..F.$..i.................;........4...4...4........................#...............................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004Q.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):32656
                                                        Entropy (8bit):3.9517299510231485
                                                        Encrypted:false
                                                        SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                        MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                        SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                        SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                        SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                        Malicious:false
                                                        Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004R.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12824
                                                        Entropy (8bit):7.974776104184905
                                                        Encrypted:false
                                                        SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                        MD5:2628353534C5AD86CBFE57B6616D46DD
                                                        SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                        SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                        SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004S.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):32656
                                                        Entropy (8bit):3.9517299510231485
                                                        Encrypted:false
                                                        SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                        MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                        SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                        SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                        SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                        Malicious:false
                                                        Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004T.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12824
                                                        Entropy (8bit):7.974776104184905
                                                        Encrypted:false
                                                        SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                        MD5:2628353534C5AD86CBFE57B6616D46DD
                                                        SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                        SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                        SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004U.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):32656
                                                        Entropy (8bit):3.9517299510231485
                                                        Encrypted:false
                                                        SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                        MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                        SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                        SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                        SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                        Malicious:false
                                                        Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004V.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12824
                                                        Entropy (8bit):7.974776104184905
                                                        Encrypted:false
                                                        SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                        MD5:2628353534C5AD86CBFE57B6616D46DD
                                                        SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                        SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                        SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000050.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.31766576692259
                                                        Encrypted:false
                                                        SSDEEP:48:YuysPqTssJDvPturEya7JnXt9TtjdFrd3rtxLrjRX/9pWM35Hrh:Y9sMvP2EyaVnXt9TtPRbLrjx
                                                        MD5:FC3A35B2181AC3C83A57128054E9005B
                                                        SHA1:2A828846CE11ED421992D9DD2D69A5C165FFC00E
                                                        SHA-256:EDA2138CEBACE9B93925D87F48305109859909A81A5D15019B47DA6CE748F782
                                                        SHA-512:E44511290994C3D41F06860FAF03249B119A5F5B0AA31447877C93C9AF9DC557A7859D6F253D533F78C72C91FE69FD04E5CF521C8506DD4E6126787163F6220E
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZM.......M..2.%G.$.;.nt@.M..2.%G.$.;.nt@.M....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............d'.C.u.(J.e.......N...^...............jZ...EN.Z...c........f........................................I.qk..B.....LZ.............d'.C.u.(J.e............d'.C.u.(J.e............M.......M.......M...........................................M..j....M..T.]..M.......M....B..M..H....M....B..M....>.)M....J...................;........4...4...4.."..............M...M...M....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........M.......M......#M..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000051.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):39010
                                                        Entropy (8bit):7.362726513389497
                                                        Encrypted:false
                                                        SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                        MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                        SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                        SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                        SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000052.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.445232611029839
                                                        Encrypted:false
                                                        SSDEEP:96:BsUefmqwwB6EEOJXL49QqgRbkS7bD+1CsEW:BsUefmxw4R8XL49QqgRbkSPD+1Cs
                                                        MD5:F29057E6DF196C548A3FDC6F3AA25805
                                                        SHA1:F4D3EC011270314B63E87E55E20376F48D4A057B
                                                        SHA-256:162A4778CCAA084483E28CDE3E500A6550D62A4C40AED08D7AAF949925A0AFE9
                                                        SHA-512:E074183FFE72867AB030203716D389FC7C9536C82B96D4102B70FAD7DBFCD25B034E944B00E9333CE109E08ACA009373D0555C59CAD12CA7416FA59196119197
                                                        Malicious:false
                                                        Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ..a.......a...f.=m.....a...f.=m.....a..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............W......RF.....N...^..................q..E.....h.........f........................................I.qk..B.....LZ..............W......RF...........W......RF............a.......a.......a...........................................aj......aT.]....a.......a..B....aH......a..B....a..>.)..a..J...................;........4...4...4.."................a...a...a..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4...........a.......a....#..a............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000053.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):25622
                                                        Entropy (8bit):7.058784902089801
                                                        Encrypted:false
                                                        SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                        MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                        SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                        SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                        SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000054.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.308717676764423
                                                        Encrypted:false
                                                        SSDEEP:48:YuusCGIgAdHnotPibEHGKiXU9cdj41rd3rUudxjdXniQrv3UWKFQRxv7:YBsoHoVcEm5XU9cdARbDzv9
                                                        MD5:0ABB047A84348BEB6432C844A0C81D6C
                                                        SHA1:57CCC4737067C98BBBE3805C0C7DF077E0E67631
                                                        SHA-256:AFB23A0ADF33C2DF08DF164AAEF4A36157ACD1F22AA901BD995CA891728666E2
                                                        SHA-512:FACEFA99A15E3DAC57D5E90A72B5B9D9FABDA6DD8D2A4CE7F1666FF9F86EC9C702E7C956DEDF4D6A9A99D94AA683564E7B9A5BD35D984944F341504F847F7A9A
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ...........p.3..9R....'....p.3..9R....'......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................9x...P......N...^...................4..B......}|........f........................................I.qk..B.....LZ....................9x...P..................9x...P..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000055.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):2033
                                                        Entropy (8bit):6.8741208714657
                                                        Encrypted:false
                                                        SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                        MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                        SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                        SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                        SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000056.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.366207826468873
                                                        Encrypted:false
                                                        SSDEEP:48:F0soUf36OwLtBj7gEkJL6cXxYYSc90Qj4lrd3rMx6TdXODtjZZd:F0sd67LD/gE8jXGYf90QIRbrTiZ
                                                        MD5:B851198710CDFAD1C6C5992CA364A169
                                                        SHA1:926CCC510AAAAF744A53F97F58B105FDA046E1C0
                                                        SHA-256:D48AAA756A73E50D315DB8002F7E026AFFE17D6E8DFD5CA1CBDB458A945B8131
                                                        SHA-512:24EF2FE124E05B7601779939E2D9C3E20ACF76B24309F1261B129F39C2782C04F5554AADA131B60F934BA70EAFB6C526AB4A4565BFF22E0622F507CCC0294E4D
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.%......%.....60J2.u.,.%.....60J2.u.,.%..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............d....S.8_.b..I^....N...^......................B.r.Y............f........................................I.qk..B.....LZ.............d....S.8_.b..I^.........d....S.8_.b..I^..........%......%......%..........................................%j.....%T.]...%......%..B...%H.....%..B...%..>.).%..J...................;........4...4...4.."...............%..%..%..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........%......%....#.%............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000057.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):55804
                                                        Entropy (8bit):7.433623355028275
                                                        Encrypted:false
                                                        SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                        MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                        SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                        SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                        SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000058.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.474198989940033
                                                        Encrypted:false
                                                        SSDEEP:48:Asn/l1MM5tEx3OEbzYLXS6L9Uqj4dPrdMrrgdXq2kwZA9:As/MM56x+EYLXS6L9UqwRME/a
                                                        MD5:398D531EFF90B275502005C15A7E0472
                                                        SHA1:AAB06783FC7504281118E515AB2E28DD9338EED8
                                                        SHA-256:37B5C382CFBE3C35B568181B88781C41E96D8C5FA90C73EB81EDEE6F1D31F139
                                                        SHA-512:AD2744C11DA74784EAB8CF0262AEF58EF1B44807F5BBE1AFA226DA68E5B42D10E58914D470F410AA453436C2D55401F9E42B61A810F9DE7B251D88A9AC64C522
                                                        Malicious:false
                                                        Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZH......H.5h.a.>..L....H.5h.a.>..L....H...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............@...R).....P.......N...^...............NB+x.cG...O=..........f........................................I.qk..B.....LZ.............@...R).....P............@...R).....P............H......H......H..........................................H.j....H.T.]..H......H..B..H.H....H...B..H...>.)H...J...................;........4...4...4.."..............H..H..H...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........H......H.....#H.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000059.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                        Category:dropped
                                                        Size (bytes):59832
                                                        Entropy (8bit):7.308211468398169
                                                        Encrypted:false
                                                        SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                        MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                        SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                        SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                        SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005A.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.334070778442466
                                                        Encrypted:false
                                                        SSDEEP:96:JBsMOiyDHJTWEuXB9OPh0RMrTi1kupzXc:vsMOiyDHJHuXB9OJ0RMrTi15pz
                                                        MD5:EECB0C305DCD7F2B62B6F433D9A45939
                                                        SHA1:0FB8DCD57C7503B5F587E45D0A8CC35A9BDE8DEB
                                                        SHA-256:FB53B1FEBF0559D4C75EEE0056A8348E9CEC265F3C9B58339315FD1C87373BB4
                                                        SHA-512:912B6F347D7B20C0C78F17C3F17533AEDAAC8076E36EB0E15A7D26F291ADB126FE79FE2F9E4517F44FE0672B2A2EE66E1A9CA98C40A3AE424EBEBE62316246DE
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ...........;<.G.%.l./*.p...;<.G.%.l./*.p.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................M....5.8[b.%....N...^................*H..#A.>.d..b.........H........................................I.qk..B.....LZ................M....5.8[b.%............M....5.8[b.%........................................................................j.......T.^...............B.......C.......>.......|..... .3...................;........4...4...4.."...........................z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005B.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):33032
                                                        Entropy (8bit):2.941351060644542
                                                        Encrypted:false
                                                        SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                        MD5:ACF4A9F470281F475EA45E113E9FB009
                                                        SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                        SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                        SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                        Malicious:false
                                                        Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005C.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12180
                                                        Entropy (8bit):5.318266117301791
                                                        Encrypted:false
                                                        SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                        MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                        SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                        SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                        SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                        Malicious:false
                                                        Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005D.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.3098410995157455
                                                        Encrypted:false
                                                        SSDEEP:48:ZXR0sFYUsqIvzptQyIT/EPEczowLVEKXPEKK98sXp5i+rdMrW3mQXbH0v0M9a04S:ZXCskvzpT+EsAowJXPEJ98Gy+RM4m/
                                                        MD5:5A204ABD5B1F871D08FE7520B551C347
                                                        SHA1:7308E389CD51DF67837B03CC4930DF28D29A0B30
                                                        SHA-256:F71C0266BD89E6E0069E6CAA4F705792EA18E5C7BEE9D431BD6C384ED276F61C
                                                        SHA-512:A1BDF143EB1FDE77938F79D6E40B35246F04853F68AAFB7EE46E846FAEFF578881566CD95CACBB3EC005FBD2CBDE5064D4CBF5C6E4ACF840486A1AEFD736622E
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZi.(.....i.(L.q..(.g<.I..i.(L.q..(.g<.I..i.(..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................o..1.."......N...^..................J+..C..A..G.3........f........................................I.qk..B.....LZ..................o..1.."................o..1.."...........i.(.....i.(.....i.(.........................................i.(j....i.(T.]..i.(.....i.(..B..i.(H....i.(..B..i.(..>.)i.(..J...................;........4...4...4.."..............i.(.i.(.i.(..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........i.(.....i.(....#i.(............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005E.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):2104
                                                        Entropy (8bit):7.252780160030615
                                                        Encrypted:false
                                                        SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                        MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                        SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                        SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                        SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005F.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.360035371275351
                                                        Encrypted:false
                                                        SSDEEP:96:GskvTGxFJBRE2YX7sVq9NEERMxU4tZUTYH8CoSktSDq1:GsXxF/uhXI89NEERMxU
                                                        MD5:C4BEC77F5568FD0D9E39461E06E19B0E
                                                        SHA1:75372196984B77682C16A0CF47804F88F23C2E05
                                                        SHA-256:C0D50A75DE00F43F86E04607EB8E4638EF6D7A44ACBAAD1AFF8BF04E5AFAA0DB
                                                        SHA-512:08B6CB9858069215C28A56FC73940824E1482524A7EA447FB9D14F1980C7FDA637C26C350F5D6EB196299B5E75D2DF8622CD7A30F132C77C0A3A6AA3AF8BD935
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.(*......(*s....6...w.T..(*s....6...w.T..(*..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................Q%.8:z#........N...^................=.X..pD.J.....9........f........................................I.qk..B.....LZ...............Q%.8:z#...............Q%.8:z#..............(*......(*......(*..........................................(*j.....(*T.]...(*......(*..B...(*H.....(*..B...(*..>.).(*..J...................;........4...4...4.."...............(*..(*..(*..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........(*......(*....#.(*............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005G.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):14177
                                                        Entropy (8bit):5.705782002886174
                                                        Encrypted:false
                                                        SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                        MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                        SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                        SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                        SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005H.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.352359780343253
                                                        Encrypted:false
                                                        SSDEEP:48:YsKoUBx1Lt89pEYXL7dXBgXRGTWg9hsy0pyxrdMrJEkOFXVlm9x+y1:Ys4P1Lu3EQF+XRGTB9hMERMmkOlGZ
                                                        MD5:80E60DA4E661CE230DA24F76CDFF17A2
                                                        SHA1:5A1F177BEC613B839C3E0DC74311E1C2AF8362A1
                                                        SHA-256:6E0D02B20209F01E6D9AA7D31D4B9EAE33C7EE7013CB3AA00FCEC6474B084547
                                                        SHA-512:EAC6405A49FD4454E8E0EB057E8706387CA1F84AC21B827DC830D180FD93493EC9016BA9BEE95D9AE55D403A5C666378FA0F46C46B847F867C34E7E88F1F6F3E
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.w.......w...78......H..w...78......H..w...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............,.Ab._.'.........N...^................e.".DXH. .XQ>.........f........................................I.qk..B.....LZ.............,.Ab._.'..............,.Ab._.'...............w.......w.......w...........................................w.j.....w.T.]...w.......w..B...w.H.....w...B...w...>.).w...J...................;........4...4...4.."...............w...w...w...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........w.......w.....#.w.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005I.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                        Category:dropped
                                                        Size (bytes):36740
                                                        Entropy (8bit):7.48266872907324
                                                        Encrypted:false
                                                        SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                        MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                        SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                        SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                        SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005J.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.455748173057066
                                                        Encrypted:false
                                                        SSDEEP:96:J3E3MsDPLlL89PELZXSw9tM8RMrP6+5c:JaMsDLlLFLZXL9tM8RMrCZ
                                                        MD5:6A7465DADEDFEF4EE7AF09A5D7B26905
                                                        SHA1:41432D02B5360E4A775713238C2E1201BC1BD7FA
                                                        SHA-256:C68FD9E74A9B38E95F0FDF6C7A8436067451FEEEDC97F1124329E0FB54AC1B3C
                                                        SHA-512:884B716D8C52B350DC18DA53CD4768AFC9B146820BC6AA488E3826A393B8D8750C0108AFDBA6D511210802272B55753E59245B5858222D74F45A23BC3C4CA232
                                                        Malicious:false
                                                        Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZ.T.......T..V....p...%b..T..V....p...%b..T...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............Q..1.....=.......N...^.................Z@=.G..2.ctW*........f........................................I.qk..B.....LZ..............Q..1.....=.............Q..1.....=.............T.......T.......T...........................................T.j.....T.T.]...T.......T...B...T.H.....T...B...T...>.).T...J...................;........4...4...4.."...............T...T...T...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........T.......T.....#.T.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005K.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):53259
                                                        Entropy (8bit):7.651662052139301
                                                        Encrypted:false
                                                        SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                        MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                        SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                        SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                        SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005L.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.341395754357882
                                                        Encrypted:false
                                                        SSDEEP:48:dss3byq2uZcptqOgpEXDJYGXs2t9p7swpylrdMrx8SnFXCdpqChzN:GsuzUcpMpEXpX/t9pVYRM6SngNz
                                                        MD5:F2199A233AA75FF8271E1A1FBD643A1B
                                                        SHA1:35D353733360164CE142323B32044ECECECB848B
                                                        SHA-256:72C91F78CA32A4363268A73C1554823FB20E528C6111F7858DE75BFCA75DE214
                                                        SHA-512:3B979E7CA357A9DB3FD2E93C613503250A42F54F6A01A8497D75602CB10DD37B11F4F2DBE5E5B2A704B8972C115D36DAAD55CE8161D7CEE26F12BFF6A2B02177
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.................D.k..~..........D.k..~......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............$.......2W..vH....N...^.................:...H.T.............f........................................I.qk..B.....LZ..............$.......2W..vH..........$.......2W..vH........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005M.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):60924
                                                        Entropy (8bit):7.758472758205366
                                                        Encrypted:false
                                                        SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                        MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                        SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                        SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                        SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005N.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.342765884969952
                                                        Encrypted:false
                                                        SSDEEP:96:UsM5EDs7bE1QX4yQ9BNgXRMlrjlFyjidc:UsM5isUKX49BNARMlrjlFyjMc
                                                        MD5:45E63B9E8D167C461B9412B159D4DD1E
                                                        SHA1:B1E9C78090EC3FA895DD0CC1A3A974DB9C8457FD
                                                        SHA-256:82C9AADB5D8DB95B175E7CABF341BCA1C1E48075C16E66388D9355AEF3C80D57
                                                        SHA-512:54274CA169DE800BBE77907A403644799271E750F6C1E2DFF7A4A8DADCF8D6A645D76C4531AF43EBD98145A0C23DB147460F55FB65C8836F9177EB5CA86D68E6
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.........."....).dZ....."....).dZ......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............z.p#|....w........N...^..................5.{'O....>..-........f........................................I.qk..B.....LZ..............z.p#|....w..............z.p#|....w........................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005O.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):6.740133870626016
                                                        Encrypted:false
                                                        SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                        MD5:E96BE30D892A5412CF262FEE652921CA
                                                        SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                        SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                        SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005P.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.346064165418962
                                                        Encrypted:false
                                                        SSDEEP:48:Ze5sW8EQMt1BaEPA85M5X0I1L9l/s0pylrdMr5tpFXeoPIYEg:Ze5sIQM3kEPV8XH1L9l/p4RM3pFE
                                                        MD5:4FEB590A217F6FDA31AD6ACA98EEE828
                                                        SHA1:3774767C6B1274983F00AF5E5B21813199F933FC
                                                        SHA-256:D4BF7C046EBEF97FA5247A9B4E8509653E468D134C0A087ED08F7E62B8D5A551
                                                        SHA-512:3A7A379FA3178A69BB65E0AD9E2087A5F8C31CFCBD460300AFD324A713CBD587AF44DEE3CE0C2BFEF840A53B64DAF3D15715E4A14D43FD56EDFFA0E973E9182E
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZr.b.....r.b......%5.-.r.b......%5.-.r.b..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............8$..9Z..A.l........N...^..................\./lO...0.]..........f........................................I.qk..B.....LZ............8$..9Z..A.l............8$..9Z..A.l.............r.b.....r.b.....r.b.........................................r.bj....r.bT.]..r.b.....r.b..B..r.bH....r.b..B..r.b..>.)r.b..J...................;........4...4...4.."..............r.b.r.b.r.b..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........r.b.....r.b....#r.b............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005Q.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):1547
                                                        Entropy (8bit):6.4194805172468286
                                                        Encrypted:false
                                                        SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                        MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                        SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                        SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                        SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005R.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.3459266915649835
                                                        Encrypted:false
                                                        SSDEEP:48:esSWPe9WMZWEH9ztFZE058jOXFF9pUHpy1rdMrFhCFXJEc2WMZWutKWHWAmWYR:esnhTEH9zJEcXv96HIRMFwIsTuR2A7Y
                                                        MD5:885FCFC8C91F0AFF0A0991E764FCF479
                                                        SHA1:3C18FD0C1BC469F0A75976ACD5BFDDF20460C2EB
                                                        SHA-256:55A4CD0A95073B6FA88C0231DCDC9BA235EC133E0B57CAA5EE8D19E7BA3776DD
                                                        SHA-512:9951CACC8C7844988B1F3E8F1915270147D276F04183212348A55E06C7FD24EA46DA8C8FA3786ED691F6F765BAC198B09E85744BA3AA80D7BE5583265B6B8952
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.].......]..^1..1.2.J.x".]..^1..1.2.J.x".]...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............wu...4.%...97.x....N...^.................._SrG.S%..-.+........f........................................I.qk..B.....LZ.............wu...4.%...97.x.........wu...4.%...97.x..........].......].......]...........................................].j.....].T.]...].......]..B...].H.....]...B...]...>.).]...J...................;........4...4...4.."...............]...]...]...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........].......].....#.].............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005S.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):95763
                                                        Entropy (8bit):7.931689087616878
                                                        Encrypted:false
                                                        SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                        MD5:177DD42CA99CAA2CCBF2974221680334
                                                        SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                        SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                        SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005T.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.334345870701198
                                                        Encrypted:false
                                                        SSDEEP:96:+sVrHvAgLu+pkEy0zX/9C8YRMmGo6vsNRR6254poOaH:+sVrHvAb+zy4X/9jYRMmGo6vsNRR6255
                                                        MD5:3E0039E45E5DA1D1CD13536353EB0F76
                                                        SHA1:948F80B69C4AB7CF17B32BF89BD408D18DFDBEAC
                                                        SHA-256:116143FEAB05B3527E99A93E72D427B1ACC54CF5A2A46AC80F244CA0E57D584C
                                                        SHA-512:640FC31446D93B0B7F1FE3B2DF732C5FA85CF9B21D7F8F37D5CD40F5AF134392C618C8F074C27B2CD9B4A1069237042DF21BBE9C84E5CE56C6601F693A83580C
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.g.......g..J..."5Z......g..J..."5Z......g...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............-.r.....R..?......N...^...............t.J3.i(O..]k.}..........f........................................I.qk..B.....LZ..............-.r.....R..?............-.r.....R..?............g.......g.......g...........................................g.j.....g.T.]...g.......g..B...g.H.....g...B...g...>.).g...J...................;........4...4...4.."...............g...g...g...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........g.......g.....#.g.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005U.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):67991
                                                        Entropy (8bit):7.870481231782746
                                                        Encrypted:false
                                                        SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                        MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                        SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                        SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                        SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000005V.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.35016289753648
                                                        Encrypted:false
                                                        SSDEEP:96:2DssNYNsNt5wvwEddX4/9G74RM7E097jNsNFN1NvN5:gsK5kNddX4/9k4RM7tJ
                                                        MD5:E3C64CAD23DA542C49AF8D0F85F41380
                                                        SHA1:DA084F73BC668967DE6A1461D3D2CBFFC26899BD
                                                        SHA-256:E732C25698F99F943F0C35E0A1D5DEE8437114E98A28A752A3B90A98A06D2EF1
                                                        SHA-512:C125BF2B3E7FF1A6F601F6C2FBF94CBD99D7E837F00E7E359542CE67CBE6D31E7F9A8B9DAD5106A0469003FBC41D675A2D04F9B3D15109171A59F8512EBE8F3C
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.n2......n2.YE2.!..a.....n2.YE2.!..a.....n2..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............J...0..,P..|/......N...^................V..rEM................f........................................I.qk..B.....LZ............J...0..,P..|/..........J...0..,P..|/............n2......n2......n2..........................................n2j.....n2T.]...n2......n2..B...n2H.....n2..B...n2..>.).n2..J...................;........4...4...4.."...............n2..n2..n2..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........n2......n2....#.n2............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000060.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                        Category:dropped
                                                        Size (bytes):22203
                                                        Entropy (8bit):6.977175130747846
                                                        Encrypted:false
                                                        SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                        MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                        SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                        SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                        SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000061.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.422614231839554
                                                        Encrypted:false
                                                        SSDEEP:48:mJAsbyTZfAMtBTE15LTk8XPod89hUtpy5rdMruUq3FknFXbZk4BCNnJ0g:mJAsmfAMTED08XPod89itERMWWnA0
                                                        MD5:E1049B4E36636BA37EA4565EAFABFBB3
                                                        SHA1:04D6F6F7DF6C6F6B68148A0B77FEF117BE8440D7
                                                        SHA-256:BCCE8CB66D31FB92CEE343B628CB33B34270C654F1B7764012015B9470C9E525
                                                        SHA-512:5AB158CA5074FA8D29AE4EBA77D23FE4DD4FE57A31E58403A636D4AFDC179FE0AF61E26EBF7165BAF66EC8216878CCE49E7EE70361830297EFEF5166B65A107D
                                                        Malicious:false
                                                        Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZg.......g.......#.r..P..g.......#.r..P..g....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............j........!...U.....N...^...................2|J.. .2..~........f........................................I.qk..B.....LZ.............j........!...U..........j........!...U..........g.......g.......g...........................................g..j....g..T.]..g.......g....B..g..H....g....B..g....>.)g....J...................;........4...4...4.."..............g...g...g....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........g.......g......#g..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000062.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):15740
                                                        Entropy (8bit):6.0674556182683945
                                                        Encrypted:false
                                                        SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                        MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                        SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                        SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                        SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000063.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.346610878320135
                                                        Encrypted:false
                                                        SSDEEP:96:aswg+H0iBsEjXDXH9uwIxBRMEkWHig2ig0igYiigzig2ig5Higpig:astriHjXDXH97gRMsHf2f0fYifzf2fh5
                                                        MD5:CEECDFAD2F471D38B9906F0BB7D5DE00
                                                        SHA1:4988E7E52A5CBC1D156850AF568A47FEB23AEC37
                                                        SHA-256:5C058C43D01089DDC3200EDDCA53B58B32752CD9C093788518957B875E5BACF3
                                                        SHA-512:C06D636B8885E5B58903ADF1D74909C7C8465F66F1AC3858C61ED9475AF2C404D6A87F9D388486DECF14729E039B565F43EDD208BEE9A62836FDADD1255B5149
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ...........................................I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................%._|.0g..-Q......N...^.................>a.eE..6.............f........................................I.qk..B.....LZ...............%._|.0g..-Q.............%._|.0g..-Q..........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000064.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):86187
                                                        Entropy (8bit):7.951356272886186
                                                        Encrypted:false
                                                        SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                        MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                        SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                        SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                        SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000065.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.686016974975554
                                                        Encrypted:false
                                                        SSDEEP:48:eGmsbciE6u2toie1EdzbULiBhrAkXo719RU8pylrdMreER6FXEJv83n2gplj:4sK6u2eHEtUkJRXox9S8IRMj6ov0pV
                                                        MD5:B18F94B5BF7BA2446E708E2190129668
                                                        SHA1:AC6696AB85238F5B17358E4D9C8A893AEC2FD503
                                                        SHA-256:171AE3E1E857AD01267310FADB6C12B65D4FA2DB9530D4BC2772B7CCF7CF5F4C
                                                        SHA-512:1B168BBB9BA33349DB06CA29F0AC86489068FA19C4573728468F3409E2FB09EADE59889B58544341A4540512ADA399AB515DFC5470A5814C2D00D153A9C6899A
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>...t.......v................................I.......I.qk..B.....LZG.<.....G.<..!.......G.<..!.......G.<..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............A...k..|.i........N...^................|.Py.O....+)..........f...................................H....I.qk..B.....LZ..............A...k..|.i..............A...k..|.i.............G.<.....G.<.....G.<.........................................G.<j....G.<T.]..G.<.....G.<..B..G.<H....G.<..B..G.<..>.)G.<..J...................;........4...4...4.."..............G.<.G.<.G.<..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........G.<.....G.<....#G.<............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000066.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):11197
                                                        Entropy (8bit):7.975073010774664
                                                        Encrypted:false
                                                        SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                        MD5:DDC3CC30794277500EFE4BC6667EC123
                                                        SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                        SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                        SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000067.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.349538164087316
                                                        Encrypted:false
                                                        SSDEEP:48:8zvs+1JVTQyWTFtxLgElLUHcXqc9SGU0bpyFrdMrWZXFX4ZAHBWlUe:8zvsosyWBrMElIcXqc9SZ0b4RMOXhhi
                                                        MD5:4738D4AE44B152AAAFA52752A06EB16F
                                                        SHA1:CFFC35AACFD3AA0173330E2ECAB8DBD3C4CB0B45
                                                        SHA-256:566FB4D6D3189FDBE61E1BA3EC867E474AA71E92E9E99A23AEECBA502298EC0B
                                                        SHA-512:96D99B58DC3582620361D86212AD198A940854BBBC7ED74941541929B8B75F943B256E009BBDEBFC9DAC7BEDBA868E22F8425BA34093E81BCA43B4DFEC4B7623
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZu.=.....u.=v.....)&...YHu.=v.....)&...YHu.=..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............e..&."....5/8s.....N...^......................C................f........................................I.qk..B.....LZ.............e..&."....5/8s..........e..&."....5/8s..........u.=.....u.=.....u.=.........................................u.=j....u.=T.]..u.=.....u.=..B..u.=H....u.=..B..u.=..>.)u.=..J...................;........4...4...4.."..............u.=.u.=.u.=..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........u.=.....u.=....#u.=............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000068.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):19920
                                                        Entropy (8bit):7.987696084459766
                                                        Encrypted:false
                                                        SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                        MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                        SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                        SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                        SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000069.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):2.9276043667258893
                                                        Encrypted:false
                                                        SSDEEP:48:LAQiAPsd11OsiXOtBjoeE1Lf9NVSL6MhwPXwF9JszpyZrdMrH3TFXTpVNzH0yi+W:0QjPs6XOjfE15N0fcXwF9Ji0RMHDQ/
                                                        MD5:6D32A3CF9F6A51EE151359796FA7DC7F
                                                        SHA1:5CB033F92B34EAB92E4773A899577EFD8D4D8B11
                                                        SHA-256:73121031D067E34C85EA29C98202F2196BC6D4AE079367CA74C91677A8032B46
                                                        SHA-512:180DA5BA62FB45CF492B696E4F8D5D1A301724D149F557F96023A5F09012595855449A72FF01EA4A63108B361BC42A5808DE51F09F3DC4751DA38AD7A777F376
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>.......H...v................................I.......I.qk..B.....LZ.............I..h..........I..h..........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............z-'.}3.,-..........N...^................."..^*J.9.0...@........f........................................I.qk..B.....LZ.............z-'.}3.,-...............z-'.}3.,-..............................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006A.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):179460
                                                        Entropy (8bit):7.979020171518325
                                                        Encrypted:false
                                                        SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                        MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                        SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                        SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                        SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006B.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.360364626685672
                                                        Encrypted:false
                                                        SSDEEP:48:5x2sPvzCIg8PKtM6F+E4QSXAA19Zs+8epy9rdMrNhVHP9FXS8Awgg:qsTg8Cm6sEKX99ZdIRMBHldg
                                                        MD5:D96FEADE3D8EC4547D14CC3D38AED13E
                                                        SHA1:52FF5C8EEF367942BADFB18942C3336B2333B9F2
                                                        SHA-256:521C45C827A8361A114673A13C24EDD8C053130F01597114B4E80B6D6BAFC06B
                                                        SHA-512:E963A4C79232EC9FC14C2D2856A83A35FD3CF4402804F980EBEEDA1449640903832F68EA1EDEF0F0D2DB51422DC7A68AF144AC49097F8318EBDE07A54FDC0DF3
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.|[......|[.}..".t.7.n..|[.}..".t.7.n..|[..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................3E...Kw!....N...^................y..g.<D...../........f........................................I.qk..B.....LZ....................3E...Kw!................3E...Kw!..........|[......|[......|[..........................................|[j.....|[T.]...|[......|[..B...|[H.....|[..B...|[..>.).|[..J...................;........4...4...4.."...............|[..|[..|[..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........|[......|[....#.|[............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006C.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):109698
                                                        Entropy (8bit):7.954100577911302
                                                        Encrypted:false
                                                        SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                        MD5:8D804A60E86627383BED6280ED62F1CF
                                                        SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                        SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                        SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006D.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.340399294791769
                                                        Encrypted:false
                                                        SSDEEP:48:msBKpwQI2kdAtxGE3yTRX79hW8sopylrdMrFU2FX8hV9Q7dZPftG/lh:msOkAyEqX79ZNYRM9iI+
                                                        MD5:3D58DBC63D959A61A0515F953754C1B0
                                                        SHA1:D683870AFB0B7F752A1C21A25CBB713EEC78FCE3
                                                        SHA-256:8F73E0BF1B737DC38212E74FCFE30DA7884406743829DC6A385B225CC55DD938
                                                        SHA-512:92167EF15795955B2C3C83544EFB02A22997B7DE8A6C23149AF419420917D9FC90952AC1B656D5DEECC91E4117B05FAF66A5EFFE77BB1D5CEF7E2592519EF802
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................h.......h...B-.....%....I.......I.qk..B.....LZ.h...B-.....%....h...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............N..f.?..'.s.........N...^...............cu+.'gHN.Q.k:Y%.........f........................................I.qk..B.....LZ............N..f.?..'.s.............N..f.?..'.s...............h.......h.......h...........................................h.j.....h.T.]...h.......h...B...h.H.....h...B...h...>.).h...J...................;........4...4...4.."...............h...h...h...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........h.......h.....#.h.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006E.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):41893
                                                        Entropy (8bit):7.52654558351485
                                                        Encrypted:false
                                                        SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                        MD5:F25427EFECFEE786D5A9F630726DD140
                                                        SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                        SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                        SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006F.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):3.35154007662505
                                                        Encrypted:false
                                                        SSDEEP:48:VNmEfGH5OtlO8jnDbPUErl7E/wkA/Qr3XbXh4S5SyR:PqOtfDDb8EGoF/4X
                                                        MD5:8B22372ECE4DB3D2F492C7BC85B64678
                                                        SHA1:C7DFFCCF20E2716DE50EAA217EF3780ADED07EFB
                                                        SHA-256:8AD8737E2EE65B6C089E1969A68CF93419F08DA723338DE0DEF74C6EE73B7D5A
                                                        SHA-512:627E831F710264518A891F194DB9C0D37591E94E569E418FA79EEDE4B337E174475979C6AB85C137633D083EF27441548D76AAF9CA51AABA32B1C90290FC3AB1
                                                        Malicious:false
                                                        Preview:........0.......................................................?...............................................................................................h.......................................k.*.....k.*.......][/.D.t}......t}..S.N."...D..;c:]..^....I..DE;c:.&".gX..,.N...:.&".....e8.*6]1.`..............k.*.....k.*.................................................k.*..w..k.*X....k.*..4..k.*.....k.*..$....xT(P...t}T.9.....T&d................4..(.....x.(.....;c:.....;c:]..^....I..DE.t}......t}..S.N."...D..2...v...4.......................k.*.;c:..t}...........................t}.........c..,0...e...B4.$........[.-...I.......9.....................................B......q...........e8.*6]1.`.........B......q.......xEX.LF...QO!.R..x..t}..S.N."...D.W.t}.....>...............&".gX..,.N...:....e8.*6]1.`...............................;c:..c..,0...e...B4.$..............E........................................0...........e....4..................T.o. .D.o. .L.i.s.t........s.)..O@

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006G.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):3.948831145154349
                                                        Encrypted:false
                                                        SSDEEP:192:d/sIF9dwsw3CtXgkTZkvRzHrzjpjjLtOn7B9/hd6n:e1WFURzlMP7
                                                        MD5:856B4F7BCAC1A2602154A4DE47A684BD
                                                        SHA1:49890C9BF23043FD0FA58FEF9A7539412487FEA6
                                                        SHA-256:572954F275930B9D0AB02629A1937B1038C6E1F69D7484793DD3DBA4DE8F98D7
                                                        SHA-512:37E84FBEF58538211112EFE04B9987FD4C490581D99F41DEBA67D4537DD4DFB158A78937E45D95A1071784C2242A9880F94FF56FA665B0F21B4850F53C975669
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>.......|...v...H...@!...!...................I.......I.qk..B.....LZCy..;...Cy..=....I......Cy..=....I......Cy...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................E.......>\*.....N...^.....................7N..W...f"........h...L...............................D....I.qk..B.....LZ................E.......>\*..................................Cy......Cy......Cy..........................................Cy.j....Cy.T&n..Cy......Cy.....Cy.H....Cy...K..Cy......Cy.$........Cy.-Cy.JCy...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.5............(Cy.#Cy.8Cy...z...,4. .......$>........4...4.@..7.....................D..n4..o4..p4...4. .F

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006H.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                        Category:dropped
                                                        Size (bytes):68633
                                                        Entropy (8bit):7.709776384921022
                                                        Encrypted:false
                                                        SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                        MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                        SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                        SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                        SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006I.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):2.6142189745768403
                                                        Encrypted:false
                                                        SSDEEP:24:5WBHedCDJ0WUlm5Afo1uTUlFw7wyyu85UlU/uoUliP41vyu2gUlOTV:5WAdCIlm5AwkIlq7rBlUmBljf2plq
                                                        MD5:007E5542757507DF93FDD6C1A2B4229B
                                                        SHA1:AB29C4BA945CF2A2BD6FD12D63241D0C83BB277A
                                                        SHA-256:73821E117BBBC4FDD9BF368F11C68AC2EA1BBC821B89EB9731B09E311D218DE0
                                                        SHA-512:AB47D267170FF0B5599AD872DBB0177F2F8A8038607CBB08859C0D92F77778DD918AD412DE125A80B44651BED25183DEB615066EDFA95E4D82EB9DEDCC98E574
                                                        Malicious:false
                                                        Preview:...........................................?..........................................................................................................................................................................C..i................b.YC....w....3.%...'.a.HK..3....K.^R0..F....{l..K..'P......`E....'P...........................................................................n.....`.........8.......T.......Z.......a.......r....................4..~...1...(...(.......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.T.e.m.p.l.a.t.e.s.\.1.0.3.3.\.O.N.E.N.O.T.E.\.1.6.\.S.t.a.t.i.o.n.e.r.y.......S.t.a.t.i.o.n.e.r.y.........1.......S.t.a.t.i.o.n.e.r.y.................1... ..$....S.t.a.t.i.o.n.e.r.y.........!.......!.]j...~ #......K.......K.^R0..F....{.2...............0.....................!...K..'P...........................'P..c..,........................'P..c..,0...........d.B...H...3.f..........................1... ..$....S.t.a.t.i.o.n.e.r.y...

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006J.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):4.091836619635258
                                                        Encrypted:false
                                                        SSDEEP:192:lrMSIL3UwweM1JTXbEbFw/gctTgJQXKvEb87GXOlw2A53RJAWrDjorkHt95tmVJj:xMjw/5f87YxRJlvO4
                                                        MD5:E31E34347036070BFA14CE2946588249
                                                        SHA1:6964B6BE6449A25BDCAFB00F1E43754B9B670264
                                                        SHA-256:268D41BC26D92EEEAE2EB30E247A6DE407B09EC279EC5876F6700241F3A98254
                                                        SHA-512:300603B631D2A2CA836592787AA40B30359F313642B850CC86CA08BF3AAA299FB123FC10EFE0B5B401B531887F94C12F7703C508E91C35BE63D44EA565463AA1
                                                        Malicious:false
                                                        Preview:^...>.......L...d... .... ...9..^...>...........d...h...@...@;...........................................................................................................................................I.......I.qk..B.....LZ..1.....9i....f...R.sG-./L.......WsG-...9i....f...R....I.qk..B.....LZ.I.................................................................sG-$....sG- ....sG-$....sG-..)..sG- ..... .N.&.....'...@.....'.2...z...,4. ...."......$>........4..`..7......L.o.w. .P.r.i.o.r.i.t.y.......................:.....z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.2.3...........sG-..z... ..$........................................2..7.........1.h...?.......?...?....rA\.-?>...o.u.t.l.i.n.e.L.o.c.I.D...o.u.t.l.i.n.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.4........?ff.A......'.%.....z...,4. .......$>........4.@.4..`..7.....................D..n4..o4..p4...4. ..1........*.........%.#...'.&...9.....

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006K.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                        Category:dropped
                                                        Size (bytes):59832
                                                        Entropy (8bit):7.308211468398169
                                                        Encrypted:false
                                                        SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                        MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                        SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                        SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                        SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006L.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):3.241455626926095
                                                        Encrypted:false
                                                        SSDEEP:384:HgS5y+Qap+39ln6k0e8DwZHXPRJekQGUqI4t:Hgey+Qap+Nln6k0eKwdPRYkQGUqI4
                                                        MD5:A55459C4AD9AC5DEBD4B0B95D1E38AEA
                                                        SHA1:6B9338DC27BE49A82B440EEBB662C216E7A61817
                                                        SHA-256:C810E72E73062AB293B49FDF03893EA9610447615801BE6C06C0543E64568BB9
                                                        SHA-512:24E99C8B9097FEB85AA4510D692D3D42241B7528CAE225A82E5C41DB2F0696D351EC1C1C24E1E2202BFCE20888D11775D068DDEBB6BC5B015EAEB53271E97E13
                                                        Malicious:false
                                                        Preview:2...>...........v........ ...-..2...>...B.......v.......@....,...........................................................................................................................................I.......I.qk..B.....LZ....P.......S..%2....M....S..%2....M.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............I[.....'..f......N...^...............c...[j.M.\`..>.............................c...[j.M.\`..>.........c...[j.M.\`..>...........I[.....'..f..................................................................................................j.^.....T'......................-..................... .L.........3...I.....z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.6................3...9.....z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000006M.bin (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):53259
                                                        Entropy (8bit):7.651662052139301
                                                        Encrypted:false
                                                        SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                        MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                        SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                        SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                        SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Matlab v4 mat-file (little endian) 8, rows 975182774, columns 0
                                                        Category:dropped
                                                        Size (bytes):72
                                                        Entropy (8bit):2.3903321328919267
                                                        Encrypted:false
                                                        SSDEEP:3:btl9aaHtyRRtfglxR7l:btlXHtGVgn
                                                        MD5:A522199300444DC8F970FD5582093800
                                                        SHA1:FC2334E42D6F18117FDD6CBFDCF3C0316D4091FD
                                                        SHA-256:CCD3A731F644E1C486A737F45ADAD8CC1EECCC8A2FD7C7027E369B4E91B18D73
                                                        SHA-512:9FDC449D55F1217E3FEE3BF2D777E65EDBB9416E0683871FD380C6C3B274DD85D1771C3AFAFED7C1807EF4AE9CF45BC1DEBF7937C27C35665E35CE2309741E6E
                                                        Malicious:false
                                                        Preview:...... :............8..................................@....0...........

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000001.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):0.04401584019170665
                                                        Encrypted:false
                                                        SSDEEP:3:RRk//:Lk
                                                        MD5:CD74ABACE8A00B17BD8107BC5982C21E
                                                        SHA1:D53193CF8A43D766FBFA52976192F44D6B0F79B2
                                                        SHA-256:B670BC07C9CB554511180DCF3F6A2C7818E8CE6E67B84784F0EA4D35EC61D516
                                                        SHA-512:1B48A37FCF0F9FB9ED9B31A8F3E36596689BF1EEC6F41F5EFA3C728121944919CE7A81F0379A108D80AA051CFEF07DC296F9C0691FC8855983B2F29EC15C7FEF
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000002.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):0.49201515921564265
                                                        Encrypted:false
                                                        SSDEEP:6:NTclq6d/Dd9l/lNPRGwJ66Xliw1EVrzla:Vcs2/BH/lNPkeiQE/a
                                                        MD5:AE618485532F3315D676CF4E2AC1289B
                                                        SHA1:128893093C0DCFCC337881A8709DF41998811D9D
                                                        SHA-256:66D858F52CF8AE913596359931C63864F039CD49C9167F16F8A68013802E640D
                                                        SHA-512:BDD75339F93CDE2ED320A7B1E77F7A76CDB115B881A57AF9A451367162B217C5FE6C04179C680A2F2680133FE71F37337FB976AB72E205E98675F21CC4BB5209
                                                        Malicious:false
                                                        Preview:2...>...........~........................................................................................................................................................................................?v......?vBd.K.................................?vBd.K.........?v...................................................?v..........................................................?vP..............................................................................5........m;.H....7.5N............g'..........~...cG.F..........N...^.............................................................................................................~...cG.F..................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000003.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.841066101558332
                                                        Encrypted:false
                                                        SSDEEP:48:fMSHVxz3Lfxyw0LiQ0XhBlkw0LpxHVCL7wEwLN6p:fMS1xjjxyLD0xgLlx1C4Ewp6
                                                        MD5:2A8DFEE5CCB63A460E16AA4CA907003D
                                                        SHA1:05C71DB005F3BB7122A9CB371F2B2F40B519A975
                                                        SHA-256:A3A8FD70DE1EB7231C487A9F3C27FC4D30EAD7BBCB23CB55D0A4FB7AF4BD8B7E
                                                        SHA-512:D66BC9F1B0401950807358007C7B628277B34A0B2553C66B67DDBBF054EC83E86FC9B212452BFA3F40E0171364FA627934DC7BDFCF6A7ECE1A49509161D0EA60
                                                        Malicious:false
                                                        Preview:j..@4...l.......X.......................................................................................................................................j..@4...........X...............................:.......:.. /..H..lr..}.1#Y.....1#YX.I.5.%)-...1#YX.I.5.%)-...1#Y...6n^...!)..M.....6..S../0C.:...R4H..S...........1#Y.....1#Y..................................................6.......6n^...!)..M...1#Y.....1#YX.I.5.%)-...2...^.......................,...:.....6...:.1#Y..U...s...S.......:..T.7..1#Y.....1#YX....1#Y..2..1#Y..o...U.T.N...s.T%t..*..T$.......:........S...c..,0...e...B4.$..........C@RQ.H..B......Y.....................M[......M[(.l!.?....E...U.......U..HJ.E..2.j.gU.U..HJ.E..2.j.gU.U..*....Z.G..p.wa.u*....s.L^#.G.=d8.=...s......>.................6n^...!)..M....S../0C.:...R4H..s.L^#.G.=d8.=........s........6..c..,0...e...B4.$...........I...M.....0...............................0...........e....4..................T.i.t.l.e.......|{....B.l...R......(....Y......(...D...L.e.c.t.u.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000004.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):4.746703246966562
                                                        Encrypted:false
                                                        SSDEEP:192:Xs367AhwBothbXe4nRiF3x5G+aPungLd690DMzV:cwuthTjnRiJn0dC0DM
                                                        MD5:1234A95F90D4F15B57ADA298F0E98F25
                                                        SHA1:591C0449556615194AA474FBAB073336152C7EA9
                                                        SHA-256:36C266C4F6A7A22421BA6FBD4DC7157069665113FB67B8A1D7A11164C7D574D6
                                                        SHA-512:0522A0E3AEF02F064705A9930694AA5B95009666203D02C62CB7A0A1007197F46F506297F8548F65F05BED1709E026FFD9EE99C60E0EF2211001AD968A7829A2
                                                        Malicious:false
                                                        Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ....4......F.kT..].........F.kT..]...........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................".L.?..J..V....N...^...............<r...J...................>...............................$....I.qk..B.....LZ................".L.?..J..V............".L.?..J..V........................................................................j.......T%;..............W.....H.........+.......S...............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....................:...k.....z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):40884
                                                        Entropy (8bit):7.545929039957292
                                                        Encrypted:false
                                                        SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                        MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                        SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                        SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                        SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):4.400547912384879
                                                        Encrypted:false
                                                        SSDEEP:192:fsklO2Ulq+1gHJKJgu8LKw7RmJ8UCFfuR5F6HgXkpvsRkn1Ju6NC679HoK7vT7sd:UklxB+kJKJt4KwEJDCFg5EKkxsRknju9
                                                        MD5:043786707ADCF5C5FA64083D501CB647
                                                        SHA1:E8D894F40590EFA097104499A0160D16297C8DE5
                                                        SHA-256:8594219BC51C53AAFB384DE5A2DC654639B660E94FDF6C973DB5D3DDB222DB61
                                                        SHA-512:447C2FBAEAFD83176572054A999908FFFF5263D86D74B73D9A85BA9225272DBDFE84C861A86A06330A47119DD715AD806B1F149E6C2F20876E5EF13B502CBB38
                                                        Malicious:false
                                                        Preview:2...>...........v........ ...)..2...>...B.......v.......@....(...........................................................................................................................................I.......I.qk..B.....LZ....H.......<.<.!...G.......<.<.!...G........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............l..Qm.6....j.1....N...^..................r..D.+"{................................................"....I.qk..B.....LZ..............l..Qm.6....j.1................................................................................................j.".....T................T............. .A............ ...........3...:...8.....z...y.. x.. ........ ..$...$........D..........7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.5........................Z4...........................................4../4......p.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                        Category:dropped
                                                        Size (bytes):24268
                                                        Entropy (8bit):6.946124661664625
                                                        Encrypted:false
                                                        SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                        MD5:3CD906D179F59DDFA112510C7E996351
                                                        SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                        SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                        SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):4.616686530304321
                                                        Encrypted:false
                                                        SSDEEP:192:3s81xkInBS/T42tSm4hjLuQrP4QsHOVx+DByXif7Rpcz1mZxmLhI19WMRcoN:881KOBS30mGjqQEQsHf9Mif7RplxUhIH
                                                        MD5:26A8988581EC569931C98FD0BD2D9370
                                                        SHA1:FF90F8A8E6B275A76DDF52FA2682F834EF716223
                                                        SHA-256:3046B50C60B0F00E12F03B55DAE08C9305D366C856A2A29DB3E4EEE611127728
                                                        SHA-512:2F203DE1F3A5CD89CECA6BFC136804E032CCB01D68720800F820E22A69BC5749F96B2AAACCB88AABA62F85D1798D711138A3AB1E618D62629B9E4A1E906DCA70
                                                        Malicious:false
                                                        Preview:2...>...6...z...v...N.... ..X,..2...>...........v.......@...H+...........................................................................................................................................I.......I.qk..B.....LZ.>|.N....>|...,.?.n."..F.>|...,.?.n."..F.>|..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............u]K.............N...^...............P>.p.e$H..uN..i............P....................................I.qk..B.....LZ..............u]K...........................................>|......>|......>|..........................................>|j.9...>|T.....>|......>|..s...>|H.....>|..0...>|..`.&.>|..........>|3.>|:.>|A.>|8.>|..z...y.. x.. ........ ..$...$...............7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.1................Z4...........................................4../4......p.........

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):39010
                                                        Entropy (8bit):7.362726513389497
                                                        Encrypted:false
                                                        SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                        MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                        SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                        SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                        SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):3.9660625176986475
                                                        Encrypted:false
                                                        SSDEEP:192:Q+sS9vptNCvq+noi+pcBRezt7EGGlp530Vk83wq0HOQYMUqlkzXffWAKT4N:4avPNTYoxpcBRexYp0VkWwq0uQvvIffN
                                                        MD5:CAAA480B50DAA1DE25A1A40104F984D8
                                                        SHA1:53E4CACA6B2D212B0D9C4AC22541F43D046DA7F1
                                                        SHA-256:2911566CA44FFF2F1AB0164A574055D61B78A398EDBF304F2550E3722F3EDDEB
                                                        SHA-512:16B2E61977D68701C8B229569E532F9D33EA884620D86D676FCB8F1344343E7D63779EE6F95A5620FA9012D89459B1B3391BA36F1382D42DB32FE888EC9012EE
                                                        Malicious:false
                                                        Preview:....>.......B...v.......0 ..x#......>...........v...^...@...h"...........................................................................................................................................I.......I.qk..B.....LZ..............D...[~.B........u.*<..3.~...........D...[~.B.......I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'.............r...=r...1Q...N|....N...^....................2F.]N...J.........b...8....................................I.qk..B.....LZ............r...=r...1Q...N|..........................................................................................................D...[~.B......8.........u.*<..3.~.2................................I..................................j.#.....T.G...............Q.....H...............$.7.................!.....z...,4. ............................"......$...7...............T.u.e.s.d.a.y.,. .J.u.l.y. .2.8.,.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):59707
                                                        Entropy (8bit):7.858445368171059
                                                        Encrypted:false
                                                        SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                        MD5:47ADB0DF6FDA756920225A099B722322
                                                        SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                        SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                        SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):3.8406994543386848
                                                        Encrypted:false
                                                        SSDEEP:192:gsKuWbawIRiKUb1GXFyRljdVuCDU0K9gfEjg/MGDe2Cp/2V5:FFb8KURYFyRliCtSgchG
                                                        MD5:A404F5EEA3F5A397069CFDB1124E5AAE
                                                        SHA1:86666701E90F8EFF0803F0B882731926A22C95D4
                                                        SHA-256:53A0EED94E58955CA09AA86C0CA39F8621CB7D3023F74A04CC1198D918A80AEE
                                                        SHA-512:32599B991EBBAC106119808D4F8D3DB867645922417E1EEA7CB3CF49EC42756CB6E2D718500F2F8230CD5229AA102AE68D0CA6AE511B25EFB007E19EF3E14090
                                                        Malicious:false
                                                        Preview:2...>...........v........ .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZ.1O.<....1OI uq.....v...1OI uq.....v...1O..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............@.&.R.C./.pU.. .....N...^...............l...V.eD..~ZU..............................................D....I.qk..B.....LZ............@.&.R.C./.pU.. ...................................1O......1O......1O..........................................1Oj.....1OT.T...1O......1O..|...1O..;...1O..h...1O......1O .W.....'.1O2.1O..z...,4. ...."......$>........4..p..7......S.u.m.m.a.r.y.........................1O3.1O8.1O..z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.9..............1O

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                        Category:dropped
                                                        Size (bytes):27862
                                                        Entropy (8bit):7.238903610770013
                                                        Encrypted:false
                                                        SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                        MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                        SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                        SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                        SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):5.412659850194684
                                                        Encrypted:false
                                                        SSDEEP:384:PFeVMt3JbX9FnGNahxg4XdIotcbvibnbMIWAOrYqV0sPuZ8MzDzhd7yrz8y/DVQI:X5XGNEgRjbpgW0uKGzXS
                                                        MD5:D63746770E45DBBDDA8254BAF706B015
                                                        SHA1:EC22895974FBFB26339D8AD6FAC76275E5ED7F90
                                                        SHA-256:80A948773EA08F37CB42721968BC8070181F8FA8638E298072F606805CBBAE1A
                                                        SHA-512:5814AA8F3A52D709231E869E9170FDBDD3552633919DDC474928CC7106801C32D6EF83AB4974D4A4B49D850B9F62AD05905C09AB4EF0719258AA7BD46CF10B8A
                                                        Malicious:false
                                                        Preview:...@....|...............8@..H ..pM.........@....,................K..H ..0L.................................................................................@....D................L..H ...L...............N.......N..;..D....].g)..............mH..z,......lh...!..4......l.Y=Z.*MU.9...d..:Y=Z.l......7j...W.@l..............K.......K..................................................N.T....k..T.x.....T#5..k..T.....%T%.....5T$.....KX......K..............0...........e....4.........................A..:4E.2..p1......(...`.i.....(...(...B.a.c.k.g.r.o.u.n.d. .-. .Y.e.l.l.o.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.1.9...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e...k.......k......O...l..^..%......%...DF...$].t.2...............P...........(....N...k...........%...+.5.................0...........e....4........................yf.....F.Q.........(...pO;.....(.......S.t.a.t.e.m.e.n.t...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.105903117947926
                                                        Encrypted:false
                                                        SSDEEP:96:UsDoibzkx7wDEEauiXH298TT4RL9Vei9i9zeii/Wcbi4i9l7iii:UsDPbzkx78RauiXH29IkRL9VZE9zed/b
                                                        MD5:A7E600951D5A2FE9B2CD4FA379EF76A6
                                                        SHA1:E1ED123A8570EE01FBB7F877D91C7D05050EC73A
                                                        SHA-256:D757484B1A6FE4F30294346A7C66FF1C1677373B7010EE06ED62FD2E2CCD2B85
                                                        SHA-512:8E1ACB9D85DB25E7A7540A18789C05AEF3C09FB1B531FC0504EDAD6747388858FDED89D79177F370E33323C552D3D986B2733A4FD754CF352C40717623995B4C
                                                        Malicious:false
                                                        Preview:2...>....... ...v....................................................?....?.............................................................................2...>.......|...v...H............................I.......I.qk..B.....LZ..........j...=.P.'.....j...=.P.'......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............>)}.qf...i ?6.......N...^................E|..b.N..=............f........................................I.qk..B.....LZ............>)}.qf...i ?6...........>)}.qf...i ?6.......................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.10915089760799
                                                        Encrypted:false
                                                        SSDEEP:48:kssAE7U8721tRtEEfmLXk9GhITo/rdqraIQ8CdXQDsNkjMYlMa:5sT21ZEEcXk9OIT2RyAsiulM
                                                        MD5:03814BC353B26376A173EC4C6F21E970
                                                        SHA1:29C7FF767D7F65BEF6E9AFEC57E9A77B2A4E4FB3
                                                        SHA-256:80F2A33AB13791E857DE594C06E87367109F00C9C2F72E03942FD4F61208BF9E
                                                        SHA-512:E4239D25EAFE3D58D3C59E0B31C6CCFB45642D44ABF05430E68ACB05CA26735AE72B56A6EF2C0253DF5995B2E39D602ABF3268357D0C3DBC303AA4614D1CE955
                                                        Malicious:false
                                                        Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ/......./...V...*.|..1Q./...V...*.|..1Q./....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................bG.....h...<....N...^...............g....wO...A)5.}........f........................................I.qk..B.....LZ................bG.....h...<............bG.....h...<........./......./......./.........................................../..j..../..T.]../......./....B../..H..../....B../....>.)/....J...................;........4...4...4.."............../.../.../....z...y.. x.. ...........$........4......7...7........................;........4...4...4........./......./......#/..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.079390889526473
                                                        Encrypted:false
                                                        SSDEEP:48:AQsXdlAFXqptiNoK4E3pOXA9YD/7cTobrd6rLIVSdXtC/+4pMg:FsKqpY+vE3YXA9YDjcTqRin/uM
                                                        MD5:CC4743C95FB03682A36F350B6B6FCA79
                                                        SHA1:ADAB1B3B28FCC134BBFA1CFFEFB2ED54D7008CF4
                                                        SHA-256:EB62E64201BFD7B63DCB29ED04AFDBA02665651354769FB0BAB526ABF502ED8E
                                                        SHA-512:AE70618987BD95919491B20AD28DA1F4EEAD93975606B7728D0084655C3394C5F6F3F023406C93F2AC6932FBDFDD45AE3B17000832BD5DD077FCDC2BD492B70A
                                                        Malicious:false
                                                        Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ..Q.......Q.y......I<.....Q.y......I<.....Q..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............Q.#.t9..8*.^......N...^....................*A....HoTz........f........................................I.qk..B.....LZ............Q.#.t9..8*.^..........Q.#.t9..8*.^.............Q.......Q.......Q...........................................Qj......QT.]....Q.......Q..B....QH......Q..B....Q..>.)..Q..J...................;........4...4...4.."................Q...Q...Q..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........Q.......Q....#..Q............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.051033163539858
                                                        Encrypted:false
                                                        SSDEEP:96:qGsS/1EiOQNWOEnXc9UaTwRrEfWNu7i74:xsS/1ZOQ+nXc9UaERrEfWNwi
                                                        MD5:541ACCA11C914132695E016B508F4246
                                                        SHA1:C7C6AEC6605E4E9E820E422BE16EB8C0784E377B
                                                        SHA-256:B6E2FAA1108D8A7A643CEDC04B3F01FE27655543D164CC645AA6F474F8F42F75
                                                        SHA-512:AEF9C5939AF7A95EED4BF27F7E6AD3D6FF6B34F22D812C04F774111039A39C25270B65E1CD25AAA66402F26F644B9B0AC5B979E0DA2B45CDBD171300B95CA45F
                                                        Malicious:false
                                                        Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ..........v.h.5.L..C.....v.h.5.L..C......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............v..-..a.x.GdP....N...^..................LB..J..u....(........f........................................I.qk..B.....LZ..............v..-..a.x.GdP..........v..-..a.x.GdP....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.06904370228519
                                                        Encrypted:false
                                                        SSDEEP:48:NshC6rfJJtAo7qcEHhUXQ9D4TTo+rdqruOhIfdXVdZe7yJwg:Ns9rfJJqo7bEHiXQ9UTT/RyuOC+mw
                                                        MD5:8E37831C70BF51778434D2B166EEEF61
                                                        SHA1:3AF58B9A6B5D86C07EA8F40199621AEAEEEF4649
                                                        SHA-256:2E718C184063E204FF2B10886F4A4E75E51EDE7DD62DEA015CB552F3AE7002B0
                                                        SHA-512:86CB9C393F7FB741C2C585D4F2C8CC0D71B6F87EC45FE407B8D721CEC2CFFC7A800932B0378FB21D9A56A69D5B057A76AD1FAB290DCDE18E54BD50C43E0A6A02
                                                        Malicious:false
                                                        Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ0.......0..>...&r.....Y0..>...&r.....Y0....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............6...../Qd..?.S....N...^................CcS..#M..o.............f........................................I.qk..B.....LZ.............6...../Qd..?.S.........6...../Qd..?.S.........0.......0.......0...........................................0..j....0..T.]..0.......0....B..0..H....0....B..0....>.)0....J...................;........4...4...4.."..............0...0...0....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........0.......0......#0..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.072373213545486
                                                        Encrypted:false
                                                        SSDEEP:96:6sTNtgDgSoS87qECXs9GYNTJRPd3N2NYQN8NLN2N0eN5N:6swgXtLCXs9GYNtRPd
                                                        MD5:BC8610BC541E9089484E3220C76DEC28
                                                        SHA1:63ED65687F0992163054124A0ECCBA5415FE00FB
                                                        SHA-256:6489CFEC97F2D8E6F3594A730442F725D080702C7F155531641E157B36D05BE9
                                                        SHA-512:21C96279B335DB5654FD2FA2A958524BCFE944184455016D465018FF7C7D7ED3BA1D67A6A63DE7E8ED5BFBD1872CDAA6CC4C1ACFEBF24152A224F1B008E5653F
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZSw'.....Sw'..A_..T.*.5.qSw'..A_..T.*.5.qSw'..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............SK.'...>'....5....N...^..................!..H...~>.?c........f........................................I.qk..B.....LZ.............SK.'...>'....5.........SK.'...>'....5.........Sw'.....Sw'.....Sw'.........................................Sw'j....Sw'T.]..Sw'.....Sw'..B..Sw'H....Sw'..B..Sw'..>.)Sw'..J...................;........4...4...4.."..............Sw'.Sw'.Sw'..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........Sw'.....Sw'....#Sw'............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000L.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.0791803993377656
                                                        Encrypted:false
                                                        SSDEEP:48:Yy4seqbfHy3ydzEteWEYwSXc9M+ATonrdmrjIMdXcOwLReuG1wZRz/:es63CzELEYXXc9M+ATSR2HE
                                                        MD5:BCC872BFBC08213790296F1F777AFEFD
                                                        SHA1:B2AA084E308ADFBC070A5B3FEE1BF512C7D9CDD9
                                                        SHA-256:FF63B093A6C7ED680CCEB1196161BD1F844FAA4433C01154CCE0511F4C365BE6
                                                        SHA-512:5AA06E90E55B0D9DBE11657E59F9DC3CB1C8B1B3368F7B5B52CF47D2083D60B176F1AFA4CA598ADF009FC6509755F701C63E66CDDAA598B15C7EEB5FA4126386
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ............52.+.5e..|....52.+.5e..|.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............a.V.|`R....F..#.....N...^................-p.B7.I...'...9........f........................................I.qk..B.....LZ............a.V.|`R....F..#.........a.V.|`R....F..#.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.099829822769758
                                                        Encrypted:false
                                                        SSDEEP:48:Y9sa89Rw5xD6t2ZsEn6r1Xu/9GqLjJToYrdvlxrIIVdX7xRe+pF:OsI5xD6bEYXu/9phTZRHnUi
                                                        MD5:2BFDBBF25990103AC2D731E32B74C044
                                                        SHA1:B8E70C5A9333E033594518FF832120CD5419C98D
                                                        SHA-256:B3D3FA78684EE6D51C0A72F3B38E27C91461707592782B769B8846B6738E927D
                                                        SHA-512:74CBAD18DF4C9B55829AE70033BF6FD7A06EDAF96B02FC8C5C0FCBC6FE2FDE25D2C4EA479A9A84AB8BA19B4FCCA1F0EC420B632BF3263F717BB77AA8B0FBD7FA
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ................)...6..........)...6.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............uQ......%....zE.....N...^.................V..C.(1...Z........f........................................I.qk..B.....LZ............uQ......%....zE.........uQ......%....zE.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.082720714333792
                                                        Encrypted:false
                                                        SSDEEP:48:YeCC2sEcrpCx8OXFRtEtmEXgZUXo9lUqP1ToUrdPrSmIlvdX3tRESppF:OsmxzXjTEXg6Xo9l/NTFRjoLp
                                                        MD5:B02163F21A0B245AAD9DD1C7EB1B3215
                                                        SHA1:7522E34FA4E7EC7EA80AC3D0A23DA663C808C78F
                                                        SHA-256:6860F9373EA0E9223CC506A69C08B2CD2CF5A3EC801F506BE57648E5520E72E1
                                                        SHA-512:D88EB7612A196349F29BB344ED66626ACE50E82742CD2D81B6D7B4ADE3B36DA3D44712D6DA8CE6C654EA898DC70C0581689F6EC64BAA68300B49F2E0466DC5C8
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZl0......l0.......2[.c%.l0.......2[.c%.l0...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............W....4...N\......N...^................>.'.7.H..r*$.n.........f........................................I.qk..B.....LZ..............W....4...N\............W....4...N\...........l0......l0......l0..........................................l0.j....l0.T.]..l0......l0..B..l0.H....l0...B..l0...>.)l0...J...................;........4...4...4.."..............l0..l0..l0...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........l0......l0.....#l0.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.100251642131259
                                                        Encrypted:false
                                                        SSDEEP:48:Yxs55Xrnqu5XB5X09rp2tftOGE8WXro997ToqrdQr2IA2dX/pb4GR55XB5X4XJrW:6s7NtfDEXXk997TPRIPlN4LMD4+y5
                                                        MD5:1F84346EED37C1BD8BB7CAC049F1B5E8
                                                        SHA1:C179BF97136107CFF9A8DB6F3A3CCD6159CAEF86
                                                        SHA-256:C07CB554877182F672565336253259A2ABA5AADCB755A2591043A65B692098C3
                                                        SHA-512:CB17B65148EDE2A3B7B0DB54D2473B2A643F4404C6C33AEB0A223EDCE4512D7F3EB6AE5C1EE1A281E18E9339F154404C241C4966882B1E0A5D9D193969511593
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ................3._.............3._..........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............u.I.../QCv..}.....N...^...............+Z..q.cG.X.m..Z.........f........................................I.qk..B.....LZ..............u.I.../QCv..}...........u.I.../QCv..}.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.071259685194758
                                                        Encrypted:false
                                                        SSDEEP:96:ys28chq+fEfJXI9qkgaT/RfZFOU93Oo6J:ys28chAhXI9RDbRfZFOU93OFJ
                                                        MD5:157B3E9B2E4421F9063C8DF72C23C8E0
                                                        SHA1:5441FEB77FFF3C837B89498FAD05EA88A21431C8
                                                        SHA-256:768A4E4FCED3626FA94C51C5D00C4341F75B0DA7497BE9C4D3E0AF608B3AC955
                                                        SHA-512:4D2C6B3BEB9418D29158D9F17B8E2A483B9039D4B98B326F56AF83AB5AEC0015515F97B94563DEBDE671208D808571364CB78CF103A4F28512EFF7B55B502C76
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ:@%.....:@%6..l.&..o3;.t:@%6..l.&..o3;.t:@%..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............a<....=8../-....N...^...................2.cL.s...|W.........f........................................I.qk..B.....LZ..............a<....=8../-..........a<....=8../-.........:@%.....:@%.....:@%.........................................:@%j....:@%T.]..:@%.....:@%..B..:@%H....:@%..B..:@%..>.):@%..J...................;........4...4...4.."..............:@%.:@%.:@%..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........:@%.....:@%....#:@%............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.07982268814633
                                                        Encrypted:false
                                                        SSDEEP:48:YHxsQNEgfNuqwytGPImaEFnMXs9jE6NTocrd2trAISSdXnYGRr+QPV:ysWuqwyYINEFMXs9JNTJReQSFP
                                                        MD5:43F4096639BD32BEBAD786D5F9EDCF31
                                                        SHA1:B492859388B0FFACA1AB43D784182882ED7D1AE1
                                                        SHA-256:EE5C12FE239989FC76FA12223514100A9C741C143A381136D6611A4428154365
                                                        SHA-512:52905EFD29461DCF44F24C87FCA80581E7D147941A6A94012970A6AEAE606E2F8E84292E9B4B00B37199B56F193E02E380FCEA56F5D3841FCED581D446222F85
                                                        Malicious:false
                                                        Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ............l....z&..x$....l....z&..x$.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............l;.K...,...2.s\....N...^.................~H.P.K.&.............f........................................I.qk..B.....LZ.............l;.K...,...2.s\.........l;.K...,...2.s\........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.080036265652111
                                                        Encrypted:false
                                                        SSDEEP:48:9zsyuMZR2tEwtoEtqgXwGg9lcXDTo+rdfokrZIfdXhixlkGh+AxAN6ta:9zsoR2ZoEXXwh9lcXDTfRfHu2W4
                                                        MD5:17B4D5032E36C27F7D58AF815EBF3186
                                                        SHA1:C86F8F7CF964385CDEB925CFA39FA4FE63B9D09C
                                                        SHA-256:7B8FAD544F8655679C6D93EC57D70BC121FE5494C90AA741FCBA93B9261CA38A
                                                        SHA-512:ECF72C89407C92537E0603228993ECC2EDA3BF5AED92F223760FF90079AA12A43615C0CCB083B23500D8E03322539FC0FB2B77E0F296D71BF0032BE26620C7EE
                                                        Malicious:false
                                                        Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZlo......lo...z.....7..x.lo...z.....7..x.lo...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............T...$......../J....N...^...............5.M....E.O...E.........f........................................I.qk..B.....LZ............T...$......../J........T...$......../J.........lo......lo......lo..........................................lo.j....lo.T.]..lo......lo...B..lo.H....lo...B..lo...>.)lo...J...................;........4...4...4.."..............lo..lo..lo...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........lo......lo.....#lo.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.076309798578333
                                                        Encrypted:false
                                                        SSDEEP:48:0qs8PwAEnqQjtnZtMEno3RsX5ds9Dq/2ToJrdlrKICdXmd8kFqeHXUa:FsuQjJMEusX5ds9+2TARpGzWE
                                                        MD5:7CBBB6F9087A7401A95194CBD6FBB944
                                                        SHA1:B7466A1D42F2AC0531F609D46CF69150A5EF8D64
                                                        SHA-256:B611B88BEA8B42301281D6ECACD4C7DC9B5E6F4B9560F30AB6F1C204F219E84A
                                                        SHA-512:2DD49715D371E6E6846C910CE5A1158BA5F214E4BCB911D90BF87FC376726A0B045912F8266A5AD4E922A11E036E526747C6C1A1E074452335A83B38CC4BB00C
                                                        Malicious:false
                                                        Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ..f.......f.w.w...<1..q...f.w.w...<1..q...f..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............K.u....&....Q....N...^...............h.j....F.....k{.........f........................................I.qk..B.....LZ............K.u....&....Q........K.u....&....Q...........f.......f.......f...........................................fj......fT.]....f.......f..B....fH......f..B....f..>.)..f..J...................;........4...4...4.."................f...f...f..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........f.......f....#..f............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.0916924563671815
                                                        Encrypted:false
                                                        SSDEEP:48:20sXl/1qiTmtY8tMEdLX0p9iMkToYrddrvIFdXO0ekH/Aa:20s3qiTmdMERXw9iMkTxRRCUqA
                                                        MD5:2FB9BC4C422FEA5C7C60F94C7F8C44F8
                                                        SHA1:DDB5B93D9BD921AF6E6FA315606177F389166512
                                                        SHA-256:6473EDF86F9D87F707CF02F16AFD60FAB72BCF31D6CC9B49B27AA262E46384DA
                                                        SHA-512:9948583D636DD74E06F9AEFE6A4893211049A5E1E0688A7699A5714F026F11E54EFAD3C2FE2E99AB02A4820071B8EDB5EB81024E18FA853334FB66707D93F983
                                                        Malicious:false
                                                        Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ.(r......(r..;..=..1..v..(r..;..=..1..v..(r..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............u.v.g.U.&.R..+H)....N...^...............[..).`.L.0.q.PSR........f........................................I.qk..B.....LZ............u.v.g.U.&.R..+H)........u.v.g.U.&.R..+H)..........(r......(r......(r..........................................(rj.....(rT.]...(r......(r..B...(rH.....(r..B...(r..>.).(r..J...................;........4...4...4.."...............(r..(r..(r..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........(r......(r....#.(r............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.1352686004047525
                                                        Encrypted:false
                                                        SSDEEP:48:90sWvTMUA10ts8YEtkXc92x6F0ToBrdjr6IWdXGrzy+pig:90sXUA10ihE+Xc92gaTERvi4
                                                        MD5:597F86EE1CF7D4FFC9B2CE67A8A6FFDA
                                                        SHA1:39FF7A61C34222F7927BD3A8AE531B392D0688FE
                                                        SHA-256:3D3CAD9CE88C50DC086D03D8122180615DAF342E0CD2E69B4809AC290F7E53D7
                                                        SHA-512:627163719C7543EBAB3603D1859C441220BB81E6B7E5624468CC9672B426C31094AEC4162DE76B9452168D201818E8AC2BB9049933CB77E8441329F72CA2D269
                                                        Malicious:false
                                                        Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ.&|......&|.....%........&|.....%........&|..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............?......#YP.g[.]....N...^.....................F...2...v........f........................................I.qk..B.....LZ.............?......#YP.g[.].........?......#YP.g[.]..........&|......&|......&|..........................................&|j.....&|T.]...&|......&|..B...&|H.....&|..B...&|..>.).&|..J...................;........4...4...4.."...............&|..&|..&|..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........&|......&|....#.&|............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.173977396709758
                                                        Encrypted:false
                                                        SSDEEP:96:FW5sSLDe/YmdSEPQXE9WTXRIOjaXqxarnH:+sKDe5ZYXE9WjRIOjaXqxaDH
                                                        MD5:A4EAB37F81D089E00691DB9A37B73DD1
                                                        SHA1:09C6F3418AEE77A1528545B14650E9A3294C0CA5
                                                        SHA-256:AFAB3C05DA23178133C82A05C0A574208562738B8E79FF9068791503088DEF41
                                                        SHA-512:FA5F444E54C60BADCD6B015ECB8E77A886018515BABA679DE55B494CFFB564BB890EB9453AA263ED838B045CD3DF76CE7734CC3C4A1E457E1FE8C111FC602DF4
                                                        Malicious:false
                                                        Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ9X+.....9X+?\;.....}....9X+?\;.....}....9X+..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'....................$n..L.Z.....N...^..............."u...N.M......g[........f........................................I.qk..B.....LZ...................$n..L.Z................$n..L.Z..........9X+.....9X+.....9X+.........................................9X+j....9X+T.]..9X+.....9X+..B..9X+H....9X+..B..9X+..>.)9X+..J...................;........4...4...4.."..............9X+.9X+.9X+..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........9X+.....9X+....#9X+............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.128826681978425
                                                        Encrypted:false
                                                        SSDEEP:48:dsjnJieyH0UfD+tsDKEBAC+r2Xs9F6axJTo2JrdSrgITFdXckakwdEkJB:dsfkfD+NEBA7aXs93THJRKf6F
                                                        MD5:3269FD5C9726AAD4CBEB17E04F322F50
                                                        SHA1:7D0DF65A8DFA886E44EE6E7827A311B53EFA0ACE
                                                        SHA-256:6A0D7126DE1798082A9EB73F884717DC3EF014C8CF40497A125960AD59B458E6
                                                        SHA-512:15714C56E5BE7AD7483B812A950425A497B89E4517EE26316237AA7043A0A58F7184EFDF04A8569980F5CEEF65066FD40C33C7D9FB6C4A9F1E9D9D50576E8B92
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.........../n...>..N.C.../n...>..N.C.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................ruy..!...N".L....N...^...............<g..*..D.,..............f........................................I.qk..B.....LZ...............ruy..!...N".L...........ruy..!...N".L........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.138051296918725
                                                        Encrypted:false
                                                        SSDEEP:48:W8sA9PBhX4YZoC3jtA+E7CWTX09LuToLrdSrSIlSdXMSYhX4FSYpLp5:W8s6NZoqj9E75X096TqRKESG
                                                        MD5:6A41C5D0F6D4DC2C229861DFF9EA4C02
                                                        SHA1:0CE3BA66E8F10778279CDF811F5AD0B0D0BA4F71
                                                        SHA-256:D1102208B4A5572595FA070478FEA21128429D6C13F5D47FEE944587CE8500E7
                                                        SHA-512:39D39C7BB23C97DBB6B670521403A8223C6694F1E7932C34A1DE0FC0B2AA1E95C577349501B8AD1809E67B888F837821B452E48FC4D9D061A7D85ED0405A2549
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ_.I....._.IsW.....l.$2Wo_.IsW.....l.$2Wo_.I..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............wr..;Q......k......N...^..................KI.QE.O..............f........................................I.qk..B.....LZ............wr..;Q......k..........wr..;Q......k..........._.I....._.I....._.I........................................._.Ij...._.IT.].._.I....._.I..B.._.IH...._.I..B.._.I..>.)_.I..J...................;........4...4...4..".............._.I._.I._.I..z...y.. x.. ...........$........4......7...7........................;........4...4...4........._.I....._.I....#_.I............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.1316116955569
                                                        Encrypted:false
                                                        SSDEEP:48:xs+YHaPVU3YptfUOEEC/tX091E/2sTo5rdSr+QIKdXO7U5WVK4DWSkrbDKdq:xs+/VU3YpxEEIX09IzToRK+00VKXSkj
                                                        MD5:2308F0EB44ED4B25151BBE2022A96E69
                                                        SHA1:F2DCB2F34CBA7BCF7405482AE13956DB05EA0A4C
                                                        SHA-256:C11C6D0C309D26F0AC779E073C12458380E9C1592C5B2C2E454765EE03B3505B
                                                        SHA-512:08EBC52727131972290F79E21D7F08B4E075E158F28550352571B889FD1AA4B8B6DEE4CDF865B7DF7A8F5329216D8FB71182EA8146C6423A06C8756E7552D948
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZa.Y.....a.Y..(.."..".U..a.Y..(.."..".U..a.Y..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............f..-....?.N.R5.$....N...^................Y...q.H..i....$........f........................................I.qk..B.....LZ............f..-....?.N.R5.$........f..-....?.N.R5.$.........a.Y.....a.Y.....a.Y.........................................a.Yj....a.YT.]..a.Y.....a.Y..B..a.YH....a.Y..B..a.Y..>.)a.Y..J...................;........4...4...4.."..............a.Y.a.Y.a.Y..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........a.Y.....a.Y....#a.Y............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.1154769360714765
                                                        Encrypted:false
                                                        SSDEEP:96:K5as/RvSwsp5E2aGLXBGL96HTsRKyZvyJqoQ:9sXs0HGLXBGL98IRKy
                                                        MD5:7F17625C237A1EF7A178E74878E99C4C
                                                        SHA1:012F49E9A71781CE08CE49A0FD764C6EAC8F7E4E
                                                        SHA-256:043F7A18403AECA14C6359EAE353FA2C0256340A02465EE784E75325BCF395EA
                                                        SHA-512:885D9AF22A1ABADD49CBF5AD91096D8DAB51874D09A032083447F640CEFE226271D9EE0B04E80152E837B0E9050AB7EDD4507F46A2A8280B073D4B780F65A3DF
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.........0C......7#.::..0C......7#.::....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............&.R,....i..M>......N...^...................z&J....}# ........f........................................I.qk..B.....LZ............&.R,....i..M>..........&.R,....i..M>......................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.121742270857397
                                                        Encrypted:false
                                                        SSDEEP:48:zIoslwJA5iitQZduEG9CCZrXs9kAVfOTo7rdSrpLI4dXcm0qt:Nsx5iiegEibXs97mTyRKpfz
                                                        MD5:A7140B857DD152B98832046ECBB75BB8
                                                        SHA1:6CB270B34A4619680D7DDE0D765C63FAEA38C014
                                                        SHA-256:606B292A3F695E68294A8C4D774F724657EC3B95F5D4CDAE457CF7DDA6DCF893
                                                        SHA-512:BEE7F9C29F80738175F4D9393FBDF573E74067EFB40104E6D809C62C6EC250DFDE4C765FC8C12FD077559FE305D0FAE7AAD7C427614FF9953AB745CDCB5AB882
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................4.......4.t.+....f..r<.I.......I.qk..B.....LZ.4.t.+....f..r<.4...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$.'..T..b.D..!.....N...^.....................A.T+..u.<........f........................................I.qk..B.....LZ............$.'..T..b.D..!.........$.'..T..b.D..!...........4.......4.......4...........................................4.j.....4.T.]...4.......4...B...4.H.....4...B...4...>.).4...J...................;........4...4...4.."...............4...4...4...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........4.......4.....#.4.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.082768906106452
                                                        Encrypted:false
                                                        SSDEEP:48:9sJcQ1t5tIeEnpDCZPCXg97jEOTocJrdSrRITdXpkLI+F:9sj1t5tE1BXg90OTjRKuEv
                                                        MD5:7E288DE4DDB2A05F5064705A738FF8CC
                                                        SHA1:A1F6751C3E5C2620563A3185DD61C669C23079D5
                                                        SHA-256:FC8F47FB8854CC9547327A8227ED91037618E7F4278CC95C40AF42DFB675FCFF
                                                        SHA-512:D794D2FB530094BF46B981672F56164601FC7CF81F4CCA8DC00B73117E7FCE258EBD194C395489A48CB7E87189E882A9117A2DC5FE5D258E931C760526182162
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZu.v.....u.v.".4...?...n`u.v.".4...?...n`u.v..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............!.u...2...*.8....N...^.................Z.$..H...S..U.........f........................................I.qk..B.....LZ..............!.u...2...*.8..........!.u...2...*.8.........u.v.....u.v.....u.v.........................................u.vj....u.vT.]..u.v.....u.v..B..u.vH....u.v..B..u.v..>.)u.v..J...................;........4...4...4.."..............u.v.u.v.u.v..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........u.v.....u.v....#u.v............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.1186073962004
                                                        Encrypted:false
                                                        SSDEEP:96:Ussde8qAx+8SVEmnXAh9FTrjRKeyQ5u0q5khQ:UssvhBnYXAh9F/jRKey
                                                        MD5:A35B580DB94059BA1A688139B3B6AA21
                                                        SHA1:A970E90659A555E2181C322613F0E2BB375D81E8
                                                        SHA-256:77FA2141131E88DB2FB5128C8C076715C79DF06CD28470DA665E28B9CDB82EA2
                                                        SHA-512:81BB82AADA2D947AF86B8E0D7CBF821FFB19E004A49F58118CE6E4448C8A557B5CE5BBD4241DEA6219C4C7461842E2898D9728AAC3BE28C665D169C40537A80F
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZh.......h...y......z3..|h...y......z3..|h....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............8.....1T..u.......N...^...................h.O.a...k.........f........................................I.qk..B.....LZ............8.....1T..u...........8.....1T..u............h.......h.......h...........................................h..j....h..T.]..h.......h....B..h..H....h....B..h....>.)h....J...................;........4...4...4.."..............h...h...h....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........h.......h......#h..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.067338471295359
                                                        Encrypted:false
                                                        SSDEEP:96:KP0swOwIOzOUfYC+FVElCnXJa9L3TMRKmiTWIOzOXUOdOMOuO7D:M0syTl+MOXJa9L34RKmiim
                                                        MD5:CFDB84ADE94E69A631846DE2BA9A25F0
                                                        SHA1:8B6B9DF17C9A9112AECB3AF91330C4CA56E3A1EA
                                                        SHA-256:91D0BAB2FF8F223361575E9C7A40C6AC072E3457067C78AE17581F723189F30E
                                                        SHA-512:B1CF67E3F8B7BC408A2744A892F579402068DC6552300FFDD20234B4474F3ADDC300623B6A22D06387C7E45EA87C518718A77535FC3BA1559FB5F9746F4B6538
                                                        Malicious:false
                                                        Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ............&b...r.`]..1....&b...r.`]..1.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............({...h1..iua..X.....N...^...............gN...kD..x. ..`........f........................................I.qk..B.....LZ............({...h1..iua..X.........({...h1..iua..X.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.151220447168825
                                                        Encrypted:false
                                                        SSDEEP:48:K0sPhXyNrVuFHKtVo3sE6tiC+GicX7c9SRToRsrdSrvILdXJFy80Qpf3Z7SNry4Z:K0sArVuFHKHksE6c7bcX7c9OTLRKAd8
                                                        MD5:63F4611758F3A97107A1F0BAE70B808F
                                                        SHA1:11553FC1813257F70C3E41356B0CD56B4B475BF5
                                                        SHA-256:1CDA4499E06F8AE41111692B1ECE3E1A15243F734F985B8E9F2875EA946CEA60
                                                        SHA-512:5660CBDA5B0D8DA0B40DD602DE7723081C0C8DE424E091ADFE5315328561D617D00D5B6802F532F8BD5191A21F921F4057764DF57EC761F0FC8C4A3151749A9B
                                                        Malicious:false
                                                        Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZZ.......Z..^.9..$p.,E...Z..^.9..$p.,E...Z....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............R..v.N...KfFR.K.....N...^.................K.N.W.Q?<..........f........................................I.qk..B.....LZ............R..v.N...KfFR.K.........R..v.N...KfFR.K..........Z.......Z.......Z...........................................Z..j....Z..T.]..Z.......Z....B..Z..H....Z....B..Z....>.)Z....J...................;........4...4...4.."..............Z...Z...Z....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........Z.......Z......#Z..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.103479415983316
                                                        Encrypted:false
                                                        SSDEEP:48:QPsuCrW7IN06iJt9Z+EIWCCYyXA59deSTozrdSryIB6dX4DdMmF:QPsusNniJ38EPJXo9dpTyRKsQ
                                                        MD5:F1BB23E94B37F8EA805FB343E0057363
                                                        SHA1:8CCE7C5B371E2F410A595CBB5D161B0DE9F9148D
                                                        SHA-256:3CB2F9D073DA44A5298E0FDEFF0D6E8A697AA60427C902C9D8BCBBC09A06C996
                                                        SHA-512:CC0562BDB5A66D870AF183E35DBE0D9CB7D085B4CA851298B3855AEB59CBED3AC210C025CDDBAC73E50C611C8EC1DF94CF8F59234550242227009730F12F5481
                                                        Malicious:false
                                                        Preview:2...>...........v..."...................................................................................................................................2...>...........v...V............................I.......I.qk..B.....LZ.;.......;...).....P..s.;...).....P..s.;...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................R.....0.9J.......N...^................@.....L..n7@...........f........................................I.qk..B.....LZ...............R.....0.9J..............R.....0.9J.............;.......;.......;...........................................;.j.....;.T.]...;.......;...B...;.H.....;...B...;...>.).;...J...................;........4...4...4.."...............;...;...;...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........;.......;.....#.;.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001A.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.151871961050993
                                                        Encrypted:false
                                                        SSDEEP:48:tsemG+xV/R9gtqyyyEVC/NXo9FvhrTogrdSriIBdX3mhcIsuM8:tsBV/bgNEV4Xo9FlTVRK1m
                                                        MD5:A40380FFA70406086F711CCC29F9B333
                                                        SHA1:A6CF9BBC6BC6167119F8A45BB7A2AC50FC8FF6CD
                                                        SHA-256:EFE35402B525D61460CF94C841881978D45F3416BB5D5971576715BCCA70E796
                                                        SHA-512:485E618D0196A61D02FDDF6D91596D253834650180B9F0C65F5265A8E7DACE5A6BBEF9C03C4BCD756C45CFD69BC304398E4BCDC2FACED88B0F47C45A38382B98
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...........^I...7dM..g.M...^I...7dM..g.M.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............]./.o...Y..~..C....N...^.....................F...L..X.........f........................................I.qk..B.....LZ.............]./.o...Y..~..C.........]./.o...Y..~..C........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001B.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.128401568772349
                                                        Encrypted:false
                                                        SSDEEP:48:79sl8k/9VGtZ61AoInEsWCjtAXI9X5To6rdSrnhIjdXRBI8rOaG:79sb/9VGG1A3nEsWM6XI9JTTRK28a
                                                        MD5:6C6C01D6EB2D49CADA946DC67C88E51D
                                                        SHA1:6EB0954C7F8201790B98D66BD9D4662127E95447
                                                        SHA-256:06CCBE4AC36A33F37603C6B3F911EA7111A04CFAE344801B5F03483C694973C3
                                                        SHA-512:DA970EA4741DABFC524A6B84784ECCB0008CA9352E589D493AE69B6D351BE1065F5D9D4669854DDE930BB050685932A717C1AC1EBF526A93B68C2F718A04CE40
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZDL[.....DL[.%..../......DL[.%..../......DL[..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............:.......y.~...&....N...^................38...?H../.9Y..........f........................................I.qk..B.....LZ.............:.......y.~...&.........:.......y.~...&.........DL[.....DL[.....DL[.........................................DL[j....DL[T.]..DL[.....DL[..B..DL[H....DL[..B..DL[..>.)DL[..J...................;........4...4...4.."..............DL[.DL[.DL[..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........DL[.....DL[....#DL[............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.1395771087440325
                                                        Encrypted:false
                                                        SSDEEP:96:PD9sjgXBKF5ER3ciXY9z2TqRKMDXCkaYz:JsAKYxrXY9z2mRKM
                                                        MD5:639FCD7EC099B1A1038457BAE9799BB4
                                                        SHA1:8DE1B542F0AF57F14BA28DC231F92B7FCE5CEF07
                                                        SHA-256:6881B428C2EAC87543A31208D59BE4C38B6D152273ACABF437C80809DDFFA85A
                                                        SHA-512:90FDA8334DD610F73C2213BF91B54A12272542BB35B92931E504F980C8DAF147EC446F28BE6D8DE043DDF36E57EE1FEF792080F6358E127B828E24E01EA86D63
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.........:.........H/...:.........H/.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............i.>.h.)V..B......N...^.................E54.0A...5............f........................................I.qk..B.....LZ.............i.>.h.)V..B...........i.>.h.)V..B......................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.13298518869488
                                                        Encrypted:false
                                                        SSDEEP:48:eUslNK2yC3wr0t9+6bENAIWCp2hxXs9dZQTotrdSrswIWdXIpq9yCW9OfUynp:ZsWsw43ZbENA1s2nXs9wTgRKswur23
                                                        MD5:ACFE67EF3C1FC877D78037060728BCA2
                                                        SHA1:4F9A5CCD67BD0354C8B437F219757DD3821634B0
                                                        SHA-256:D828A16A99ECE3446E90BCDC3194BDC865B43EFA9A2BDF8796C7D945F6EE0A0E
                                                        SHA-512:80F3EC1AEF427F36D4DC683ADA120FB3F77FDA1384E09D3AC419E66B9E85FAFD2CC8680FCFCC15C01CE0076C07CBB46C8F8BE5B651856AF0EA90895259F9D1C9
                                                        Malicious:false
                                                        Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...........W....$/m|...#...W....$/m|...#.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............\..w......^..|`....N...^...............V....NjG...R.G ........f........................................I.qk..B.....LZ............\..w......^..|`........\..w......^..|`........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.12465237398745
                                                        Encrypted:false
                                                        SSDEEP:48:KT0sRHLyCdedRIOctjeAEyrCQSXc59szMciTozrdSrNIIdXEd0Q2dyZ5I14mZ:KAsmcOcNEyrCXo9AMDTeRK9p
                                                        MD5:C2E81F6B0C80955C8E987538BA4524A0
                                                        SHA1:74CE23FC59DB5E86A337274E620CB6680DD66061
                                                        SHA-256:B0F2917581FEACA7477ACC46BAC2B010D86AA338C7662019F90C7166CFD03228
                                                        SHA-512:CFB9670160575591A244AE467533F61BE95AB23E118B97DF4D6325BDB5A0BA95521D2A13E2288B0FC0B456C375BF04DECB21F909EE9EC366422743E0CCFD6EE3
                                                        Malicious:false
                                                        Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ..............@...F.."........@...F..".......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............@k..0.'....cT!....N...^...............".,...J.M..w9.?........f........................................I.qk..B.....LZ..............@k..0.'....cT!..........@k..0.'....cT!........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.157357352910793
                                                        Encrypted:false
                                                        SSDEEP:96:8qsgNNom9aEX5XO9JqCdTGRK9RzNUnMDOr9:zsZmFJXO9BdqRK9R
                                                        MD5:405F6AF464E9C568CB3ABB7ABB398077
                                                        SHA1:BA6D3A5A4C686E6D28DF6929353A4DAAE7F856B4
                                                        SHA-256:DEF272BFC8129A08FF77EBB30F089F9523711646DDBE015A09D657EA5AFAD1B9
                                                        SHA-512:E0B7CB0426FDC7CD3DD46FD5B90642FF4FDF0038BB51379AE658A08AA998810B263888BBA1CEF4CA31E415ABFA9277548F1957301D952E5282AEF440D886A00F
                                                        Malicious:false
                                                        Preview:2...>.......(...v.......................................................................................................................................2...>...........v...P............................I.......I.qk..B.....LZ{.+.....{.+|.]3...+$.$.){.+|.]3...+$.$.){.+..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................@..?....;.f....N...^................M.....M..._#..........f........................................I.qk..B.....LZ.................@..?....;.f.............@..?....;.f.........{.+.....{.+.....{.+.........................................{.+j....{.+T.]..{.+.....{.+..B..{.+H....{.+..B..{.+..>.){.+..J...................;........4...4...4.."..............{.+.{.+.{.+..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........{.+.....{.+....#{.+............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):3.567261571419766
                                                        Encrypted:false
                                                        SSDEEP:96:fEk6E3gLCwQEqselEG4IbIzEk8oFh8Pyc4I4xgEH4I/Cwt+yVyNfj1s:dD3gdtqXyObIgkxziyU4x9X/
                                                        MD5:CB06FE5BAA6316015EA7FEA99CFF0B94
                                                        SHA1:E889ADFD561EDAA1F3726EC0722F90E97A0B2B2F
                                                        SHA-256:09B55DF64D041100D7621DEAF9438B470E9D121CD85E1AD040DAB043B38F496B
                                                        SHA-512:B84D5249BD88F8321A611534C2A103248BDC93F1D307E40268DB1E0848E93AA6E479A2E97AC9CA6B2E306010F2956ED5A46719B4AD3E1758199FCCAA4A99A1DA
                                                        Malicious:false
                                                        Preview:\...L...............................................................................................?...................................................\...L...............,......................................~.8.E...We.<_.I.......I.....2....>..~..F....=.O..N.~.....^*.........@...^..<.......f....}.<.............^.......^..................................................*.......*L..)K....R&.,..^.......^*.........@..2.......^...@........................I....*..g.....4...............T)S....*T......^.......^X......^..J.....T.r..4..T)....a.T.2...............I...c..,0...e...B4.$...........GP..A..}.....J.....................g......g.~.[.*..u.]..a.......a..~..O....<.h....n.......<........g.~.[.*..u.]..g.O.rd.#<C...iW.{.O.r.....>...........<....<.......f....}.I.....2....>......,E..!##.............0...........e....4.............."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w.......B.^....F...r.QH.....(...........(..."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):4.580040587810368
                                                        Encrypted:false
                                                        SSDEEP:384:3SyRkwAu8YrNIRx3TIgXRtjHmNBCuEq7u0wg7DjkW/CaHWNP+UkeK1NqEvTGSZ5:3SyKwAu8Yr6RxjIgXRBHiAdqC0n7Djk0
                                                        MD5:A8F75B406D3B0DA479152A88A448C25F
                                                        SHA1:9466BBC2053C6CB1B25237DE0862050CEC697022
                                                        SHA-256:80E8F6ECA8CBE72CB211F8B7D85405975E344FCF37B9208181581BA2D99353DE
                                                        SHA-512:6EE511C8D829E422C0B038AE5465CD90FE73C035B722CD0434753892CDBAA060D4C86C8E0492056163607C0A9E00ECB6B1E592C9AD1346406464DF9EF80777D4
                                                        Malicious:false
                                                        Preview:....>...........v.......P@..` ...I..........>...T.......v.......PH..` ...H..................................................................................>...`.......v........H..` ...I..................x........VJ........f.I.......I.qk..B.....L....O.w......mD.........VJ........f.....I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'..............1.Z.}..4..EL.......N...^...................t..L..xuM.v~............J....................................I.qk..B.....LZ.............1.Z.}..4..EL...................................................................................................j.......T.<...............S.....H.`.........&.......'.....8.........3...8.....z...y.. x.. ...........$........!..7!..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3..............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                        Category:dropped
                                                        Size (bytes):22203
                                                        Entropy (8bit):6.977175130747846
                                                        Encrypted:false
                                                        SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                        MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                        SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                        SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                        SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):3.974066238330837
                                                        Encrypted:false
                                                        SSDEEP:192:TsSZ1UDLMza8XJlOR/DvjXop4N9UfwDSJ39+vdv:I5M+eJYR/wp4PUfwu3wvd
                                                        MD5:EE91B75E781F90AF1A347CEE65AAD2F4
                                                        SHA1:B83329AC39B8EF129B4E9FE39996032CECC23403
                                                        SHA-256:FFFC5D9BE9D195C40E8730843123507CD792ADD178AF9B0DCA2F7D28FCE6C878
                                                        SHA-512:27AD91A5D0132F8199E968B68BA4EA22C91CE27E537AC80F0A8B5BA84C6F37CF4D9317C9F0D532890FB32A7272705583E05E348CACB0ECCF5085A12648493EA5
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>.......Z...v...&............................I.......I.qk..B.....LZ.:..)....:.l.0[.'..c.....:.l.0[.'..c.....:...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................|v.....)rNp.....N...^................c.V..L.Ql..%M.................................................I.qk..B.....LZ...............|v.....)rNp............|v.....)rNp...........:.......:.......:...........................................:.j.h...:.T)....:.......:...L...:.H.]...:.......:...H...:...}.......Z4...........................................4../4......p...............C.a.l.i.b.r.i...................:...:...:...z...y.. x.. ...........$........4...!..7!..7................:.:.:.F.:.G.:...z...y.. x.. ...........$..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):52945
                                                        Entropy (8bit):7.6490972666456765
                                                        Encrypted:false
                                                        SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                        MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                        SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                        SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                        SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):3.507656969647932
                                                        Encrypted:false
                                                        SSDEEP:192:GsniIpgbz1Ja3n/R/CXSpQMK7Rt5DxBP0sbFXkYu1+9kO9oRnKYFmdcEBIDdbl:jniIKG3n/REKQn7Rt5LL01+9k+oRnncA
                                                        MD5:6B3E695B299CFB7C8585B97E9BC18031
                                                        SHA1:AA9251B9278D9586503073D07D26AFF2EE0CB085
                                                        SHA-256:1492021FA1E636770608D4694DDA1955C21D7747DD9A635BF0DC30B705C02754
                                                        SHA-512:4BB95B6CC256B00DF035B81AD191B8DEA9BED409BEE81261ECC0227FBF8929AC18AA88B60EA1C83AFAA52CFEDB5BBF9F9766167B69A28AA2B6764E757D8C6E29
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>.......@...v................................I.......I.qk..B.....LZ....9.......kh..=......r....kh..=......r.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............oo.w.Q.. D..9......N...^...............X.....I.......u............................................r....I.qk..B.....LZ.............oo.w.Q.. D..9...........oo.w.Q.. D..9..........................................................................j.......T.H..............\.....H.........3.......O...............Z4...........................................4../4......p...............C.a.l.i.b.r.i...............................z...y.. x.. ...........$........4...!..7!..7..................:...F.....z...y.. x.. ...........$......

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):25622
                                                        Entropy (8bit):7.058784902089801
                                                        Encrypted:false
                                                        SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                        MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                        SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                        SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                        SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):3.201557378929971
                                                        Encrypted:false
                                                        SSDEEP:384:Ss8dbtMeOGcofKq5vagHv2YRS7mOZ8e2Y+GHz7:Ss8dbtMAcKKq5v3Hv2YRwmOZf2Y+GHz7
                                                        MD5:E58784B3A02896A59721594B8ED75998
                                                        SHA1:D08EA8778948FE809B6602E9B6BC8721022DDFD5
                                                        SHA-256:43876DCEAAEE1C911DDFFB9C6D3A18E0A59511FA7962D38261739FF7622BF890
                                                        SHA-512:F91C776C9DDDD4C21A0AB30E7BC1A9E082B67BEE59B20CA4729EF63D6FAE16414FBDC75C6B7B0724C4597C8952F63057CE7ADB56336B84E0F294F1D95F857BD9
                                                        Malicious:false
                                                        Preview:2...>...........v.......0 .../........u.K....ST...............u.K....ST..........I.qk..B.....LZ................................2...>.......B...v........-..............v........-..8....................I.......I.qk..B.....LZ..h.T.....h.*.y...7H&.....h.*.y...7H&.....h..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............u.K....ST.........N...^................h..w..M.m...;...........................u.K....ST..............h..w..M.m...;...............u.K....ST........................................h.......h.......h...........................................hj.e....hT......h.......h.......h..a....h.......h.......h .H.......z.......R...................!..7......}.....W.i.n.g.d.i.n.g.s. .3.......................Z4...........................................4../4......p...............C.a.l.i.b.r.i....................h..z... ..$..............

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):15740
                                                        Entropy (8bit):6.0674556182683945
                                                        Encrypted:false
                                                        SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                        MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                        SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                        SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                        SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):3.774456952693695
                                                        Encrypted:false
                                                        SSDEEP:192:xsPHAJMx0rSM+XMlxcXDmtviC2RtTQycy+e012G904XAZO/c9P9cosUnUz:GPgI0rS9Q+DmtaC2RtUyn+SCjXAZEgFG
                                                        MD5:3DB4D1ED369E633159BD80171C2652EC
                                                        SHA1:5400DA6B6863333FCD33030751BB921351D3F144
                                                        SHA-256:ED5A2EB5322AFF32BB735088C3887A4DDDD594AF570AF49A3CA85A3D9C347406
                                                        SHA-512:2F2B57643B2629D223A8CD482274C9100AC39116B0A24E26096B079F16534C57501D29C70603675A628B8DEA16BF6A27252BC6BC995373820C890A0BC11B0FC9
                                                        Malicious:false
                                                        Preview:2...>...x.......v........ ..`!..2...>...........v.......@...............................................................................................................................................s...9...s....bR.......g..I.......I.qk..B.....LZs....bR.......g.s....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............zc.Q,.....&\pu......N...^...............:...;.jH..>.'>...................................................I.qk..B.....LZ............zc.Q,.....&\pu...................................s.......s.......s...........................................s..j....s..T.Q..s.......s....n..s..H....s....9..s....V..s............Z4...........................................4../4......p...............C.a.l.i.b.r.i..................s...s...s....z...y.. x.. ...........$........4...!..7!..7..............'s..%s...s....z...,4. ...........$>........4

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):55804
                                                        Entropy (8bit):7.433623355028275
                                                        Encrypted:false
                                                        SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                        MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                        SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                        SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                        SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):4.627427993661021
                                                        Encrypted:false
                                                        SSDEEP:192:MsQxtZjPZitStQlFQOgDEnrYqoWUweOyuHG1sCXPJPBeOFRtz8tmBAWW3Z89KCI6:RQxjktStQTQ2nrYqoWOfeGq8RLRtotm4
                                                        MD5:68E7382459B27D5309EE1547899322C9
                                                        SHA1:FA47626BDC2EEC4F69D5514E317AF44D32A319B2
                                                        SHA-256:98573E262F090D6EDB71CAE8E0A2E19E371481409FBD4DD2467828930DA6D03B
                                                        SHA-512:F6FF7528E2F7D6DA726C8F9D7A09D035EC57FE57D1AE90F36347C16EB6BE49BFCBF529EC66F4BE29A3A953F4A0D589077698D4D5937375A920AF165E1B76AB4D
                                                        Malicious:false
                                                        Preview:....>.......>...v.......0 ..h+......>...........v...Z...@...X*...........................................................................................................................................I.......I.qk..B.....LZz.m.....z.mP.....Z......z.mP.....Z....._z.m..I.qk..B.....LZ.I....H.9.$H......<...H...........I.......I...................................................I.t.....I................................................................4..'...'..............T....:E...W.......N...^...............aa.$k..J.......9.................................................I.qk..B.....LZ.............T....:E...W....................................z.m.....z.m.....z.m...........................................H..|....H(......H(.z..z.mj.N..z.mT)...z.m.....z.m..b..z.m .......'z.m8z.m..z...,4. ...."......$>........4.."..7......A.g.e.n.d.a.:.........................Z4...........................................4../4......p...............C.a.l.i.b.r.i..................z.m.z.m.z.m..z...y.. x.. ..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001S.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):41893
                                                        Entropy (8bit):7.52654558351485
                                                        Encrypted:false
                                                        SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                        MD5:F25427EFECFEE786D5A9F630726DD140
                                                        SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                        SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                        SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):4.591271747603512
                                                        Encrypted:false
                                                        SSDEEP:192:Xs9F8vC22VXpF9Ew/WknrdUpbPev1L2JuH0kJJoXAje/sSRtvFjJR9uB8kY9u9hb:cj2QXpH9/WkpUpatL2JeDw7fRtFJR9uZ
                                                        MD5:30586F9DA5CB0EC318467A5426AA37CF
                                                        SHA1:7A891E4CDDC91DB6875ED1204EC5CC8BC795C7C6
                                                        SHA-256:2FF51BC513160D4203E2DCBE050583CC6F0C96599DC78F49C74BDCFEC4D28B50
                                                        SHA-512:F3B6BEFAD97FEBF9BFDBE05B803243A534A026795B4B4E6C26998DF63DEEC634F36B4FF99968A6090314B4BD4F0FB9BC21E57C37D32CB8CFE7E67FA1CF4A9761
                                                        Malicious:false
                                                        Preview:2...>.......,...v....... .. +..2...>.......|...v...H...@....*...........................................................................................................................................I.......I.qk..B.....LZ.{..G....{......9R/=.M#g.{......9R/=.M#g.{...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............X.~.g.:....6.....N...^..................r9M......C1........V...x....................................I.qk..B.....LZ.............X.~.g.:....6...................................{.......{.......{...........................................{.j.A...{.T.....{.......{..r...{.......{. .7...{......{. .........Z4...........................................4../4......p...............C.a.l.i.b.r.i...................{...{...{...z...y.. x.. ...........$........4...!..7!..7................{.;.{..{...z...y.. x.. ...........$......

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):14177
                                                        Entropy (8bit):5.705782002886174
                                                        Encrypted:false
                                                        SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                        MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                        SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                        SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                        SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):49152
                                                        Entropy (8bit):4.654521027583577
                                                        Encrypted:false
                                                        SSDEEP:768:LEaNbHlo5/bzSiId5xWKXljvHAP3VEbCO3jFesmLcaDTaFaOq:LNOTzpg5pXljvgPlEbD3j2
                                                        MD5:2B58FBB137EEEF0A02FE1400008362C6
                                                        SHA1:C9AA18A742854F11246B1EF03B2BE2D593597E0D
                                                        SHA-256:4E83287E646351ABD8D24C1683D1378DCCEE736FC1492A7D2E752BC5D11DCDA6
                                                        SHA-512:1C4C04AE804742ED41DE4BB799090105DA2F7A214DCA87A6A7BC53F9A3CB6F494B36D01AA66E3B7A6C9167688EA1F7A608139CCAFF186BFBF97C310ADD2A794F
                                                        Malicious:false
                                                        Preview:....Z....&......r%...&...... ...@.. `.............Z....%......r%..J&...... ...@.. `......................................................................Z....%......r%......x... ...@.. `..........d%......d%.V=^ZM...`8p&.].......]... .oI.........UA..%~...T,..,.UA.q....E..4O..'.U.q....=g. L`..VE8.....=g............v.......v.................................................d%.T.......T.G.....T....]..T"......T%..."."T.....S.T%....2T.?...........0...........e....4........................u.^s.Q.@.).~b.......(...@kO.....(..."...P.l.a.i.n. .a.n.d. .S.i.m.p.l.e...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.5.2...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e.........9.=.....9.=GT.....#..gc@..?.......?..(G.....5..2...B.......P...........N...H...d%...9......]...._..@].."."...................=..c..,0...e...B4.$........{p.....G...^...?@kO.....................w.......w3..UO..Z................L.}..FT..9...q.x.........9...0Po.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.396676979547422
                                                        Encrypted:false
                                                        SSDEEP:48:0so8GaKljYt+dHE8onXXfSN8xX9KuvcjrdhSrI258tXtkL9eNzgd:0sYaKlcIFE8KXXfEgX9JvORA38G
                                                        MD5:F720ECA7023972821E131031C2556254
                                                        SHA1:3811144252E7AF10409E0C293983AC629F9567C1
                                                        SHA-256:D281C7795D696F8352EEA9B134685C37BCAFAB7F2199DA8A7A40D1EBA51A1D03
                                                        SHA-512:3DB8146DAC40B87164D5BA787FE7A61752C4D33A432620A6676FA1CCF8EF1CF3B7128D31130020015F0A08D59738C7FB45B5CA0BE5D2DD17E8022A3B9A684721
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ................9............9.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............-%o.H..3..#...R....N...^.................8..TJ..=.L...........f........................................I.qk..B.....LZ.............-%o.H..3..#...R.........-%o.H..3..#...R........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                        Category:dropped
                                                        Size (bytes):12654
                                                        Entropy (8bit):7.745439197485533
                                                        Encrypted:false
                                                        SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                        MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                        SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                        SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                        SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.322748567244207
                                                        Encrypted:false
                                                        SSDEEP:96:nEs2Hy3HK1dEpYXq/la+91YuoRAn36lf:nEs2SXKMpYXEla+91YuoRAnK
                                                        MD5:73E2E15C213B5CF391B3791B87F988CD
                                                        SHA1:5219341774B3D4808289EA0ED04D5E1B57C8ED2B
                                                        SHA-256:98BDC30046562FB4F9A7154307ED49B9E98E54B9ED0546412E16E8E7983D1555
                                                        SHA-512:F9D611CEC256D0DDA1B7389457822444ECDC00B3E7CF6D1FF1B2F9C80EC6FABD525E2F2EBAA1DB0F839660FF4E876AAAF3CDC4C83AE59D41C4FBE552226413C8
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........T".7.'....t....T".7.'....t......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............|..'\.......n@!....N...^......................J.#.\.Jf.........f........................................I.qk..B.....LZ.............|..'\.......n@!.........|..'\.......n@!........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                        Category:dropped
                                                        Size (bytes):2695
                                                        Entropy (8bit):7.434963358385164
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                        MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                        SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                        SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                        SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.333584664649325
                                                        Encrypted:false
                                                        SSDEEP:48:cse7j86eEwBt14XsE/Eo+zXbCK+z9ndjcESrdhSr7T1Z7tX8U9ryWh:csu86FOpE/FOXc9djpSRA/kW
                                                        MD5:E2AA2A66BEB5D77987920A5A5E2CE959
                                                        SHA1:727C58FC5ED85DE1B12B4DF63981D484229C3665
                                                        SHA-256:5B746E0EC8C9A8C3342449BE5ED3B60715B7750C003BF7FA31C1D2BB308701D4
                                                        SHA-512:B561EBF92FA21C43061BDD91382592BF905B1325A817E7C32C2BE8C7A8250CFF4231F564CDB6E71D33C0C749ED5A2B2C95A4A40A64F5CE3B45713FA6005CF43A
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..9.......9.3...5."#..*N..9.3...5."#..*N..9..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............Z..k.V......'.....N...^............... ".8.J.A.dx..p!.........f........................................I.qk..B.....LZ.............Z..k.V......'..........Z..k.V......'............9.......9.......9...........................................9j......9T.]....9.......9..B....9H......9..B....9..>.)..9..J...................;........4...4...4.."................9...9...9..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4...........9.......9....#..9............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                        Category:dropped
                                                        Size (bytes):11040
                                                        Entropy (8bit):7.929583162638891
                                                        Encrypted:false
                                                        SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                        MD5:02775A1E41CF53AC771D820003903913
                                                        SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                        SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                        SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.504749763809627
                                                        Encrypted:false
                                                        SSDEEP:48:isyc5xUYt/SELtUEP3F7vNXy939s3NctrdHr9J4tXx3tSAkD32N1Anwn:isy7YtqELWEP3FTNXy9ts9ERLoeU
                                                        MD5:A0CA11433E4B5E166ECAC36CD6F41207
                                                        SHA1:03E442E3123872A0A2F5F0C9F088BF4E5A1CE490
                                                        SHA-256:4469266CD0D54F5462996C88BDCB82B14F31CF2A8ADCF75CA0C6F889853224EE
                                                        SHA-512:62486DC2BE1C336C673C22C4F75921C432F9F8BE57E586E49772E6C8B628E3AA1DD3E78B4282BBE6064A9C2E28A8A9DB5A4E8821F6A985AE79D2726D1C6AD360
                                                        Malicious:false
                                                        Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ..|.......|.#.\.?.........|.#.\.?.........|..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............E.U9.m...s...S.....N...^...............x.....5N.:I...,c........Z................................... ....I.qk..B.....LZ.............E.U9.m...s...S..........E.U9.m...s...S............|.......|.......|...........................................|j......|T%c....|.......|..G....|..H....|..>....|.......| .3...................;........4...4...4.."................|...|...|..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4...........|.......|....#..|............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                        Category:dropped
                                                        Size (bytes):2268
                                                        Entropy (8bit):7.384274251000273
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                        MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                        SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                        SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                        SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                        Category:dropped
                                                        Size (bytes):784
                                                        Entropy (8bit):6.962539208465222
                                                        Encrypted:false
                                                        SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                        MD5:14105A831FE32590E52C2E2E41879624
                                                        SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                        SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                        SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):2.727216536579633
                                                        Encrypted:false
                                                        SSDEEP:96:xsZrAukUbVkBRPvWELnX79PpSM73RQ5jyRD:xsZUfUuTTLnX79PYM73RCj
                                                        MD5:2494993B1F5660C6E2212F1868EF8BDF
                                                        SHA1:849A4E86C926ECF8D8E5D2E2D5B75736EE757A1A
                                                        SHA-256:1D0C9E4CE500F69E1D0C543678FE84E09F65C11FF67D5BA654BD22937A146C30
                                                        SHA-512:CE69E8682F420B6042D0ECE3192C1A495F376591302733DAE38B61556CBAB4B799C7DBD6A4499CF426A3E2D92FEE4B5187503544C47B75E72039A4C743895C48
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>...........v................................I.......I.qk..B.....LZ)......)..........M.$.)..........M.$.)...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............."|....Cx..W.....N...^.................5.|..H..E..{..............................................^....I.qk..B.....LZ............."|....Cx..W.........."|....Cx..W..........)......)......)..........................................).j....).T.l..)......)...Q..)...Q..)...>..)......). .3...................;........4...4...4.."..............)..)..)...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4.........)......).....#).............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                        Category:dropped
                                                        Size (bytes):3009
                                                        Entropy (8bit):7.493528353751471
                                                        Encrypted:false
                                                        SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                        MD5:D9BD80D40B458EDB2A318F639561579A
                                                        SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                        SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                        SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                        Category:dropped
                                                        Size (bytes):2266
                                                        Entropy (8bit):5.563021222358941
                                                        Encrypted:false
                                                        SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                        MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                        SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                        SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                        SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.296415114798667
                                                        Encrypted:false
                                                        SSDEEP:48:YuzIZs3Lv5LZ8tI3tEghXIN9u4q6KohrdQqrBEb6/mBXJp2mYj7ip2m4Hu:YFsFLZ8q9EUXIN9u4q6KYRQy46/mj
                                                        MD5:4916704F560A1AD41CF2008A0C266171
                                                        SHA1:67D89A8677D783A105549C0D87D2EBC6893EECED
                                                        SHA-256:4355AB5C767D32DF4CCC1091537E3C5072B0A78C6F0FBE16FEC04A720620E4EE
                                                        SHA-512:92D45802871AD8C8BD34122BAE00C5E970772F346FD800E8A33DF519536231B136A66381CA73CD20CD3E0515F586BB5B22757C193CE7B4DD0B7E9C64521B5781
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.l}......l}n.{l.......{.l}n.{l.......{.l}..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................A..<.9......e....N...^................Fd....E.+L.upt.........f........................................I.qk..B.....LZ...............A..<.9......e...........A..<.9......e..........l}......l}......l}..........................................l}j.....l}T.]...l}......l}..B...l}H.....l}..B...l}..>.).l}..J...................;........4...4...4.."...............l}..l}..l}..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........l}......l}....#.l}............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):99293
                                                        Entropy (8bit):7.9690121496708555
                                                        Encrypted:false
                                                        SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                        MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                        SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                        SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                        SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.334923732537697
                                                        Encrypted:false
                                                        SSDEEP:48:YuxN2sYSd1ti8Di8ethUtEVpyYbXub9eVx7oZrdQqrshVBX9blqtuNQgiIzJh:YVshDi8e4EPtbXub9qBQRQys7nL
                                                        MD5:C4EC9A9490DD7E7A2AE8B8D58B0DA8C7
                                                        SHA1:4C6FC73BC85175FCC18BA387189A77EC6B8AD6A6
                                                        SHA-256:5EDA3AC7995A257AD8F562F8B2CA45D3D50445B7EF9C016756BEF82DDB9B72F0
                                                        SHA-512:6DCC5158CE87D8B90985FBFD307D475FC41694DB09147EA0F3E6D25464546F030EA56DEF1B5EB60AB459556C65B70FF3056DB898CDC09A4D87D8237780E6B885
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ(.C.....(.CU`.*...z.j.n.(.CU`.*...z.j.n.(.C..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............GG...... 4k.yo....N...^..................V.i.E...Ln..........f........................................I.qk..B.....LZ..............GG...... 4k.yo..........GG...... 4k.yo.........(.C.....(.C.....(.C.........................................(.Cj....(.CT.]..(.C.....(.C..B..(.CH....(.C..B..(.C..>.)(.C..J...................;........4...4...4.."..............(.C.(.C.(.C..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........(.C.....(.C....#(.C............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                        Category:dropped
                                                        Size (bytes):2898
                                                        Entropy (8bit):7.551512280854713
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                        MD5:7C7D9922101488124D2E4666709198AC
                                                        SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                        SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                        SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.329076159425967
                                                        Encrypted:false
                                                        SSDEEP:48:6s2Pk6U/EutbCESh7qXI49clNAoDZrdQqrRWjWCSJBXOI152QIg:6sH6U8u8EShGXx9cIMRQyRpJZwQI
                                                        MD5:BBC00BDD57A605C2412CAE48DEEA4C6E
                                                        SHA1:327B36B2C2B1E7B2DAF9E113EFA975AE921BE8B3
                                                        SHA-256:17F2888710FF39AC37BD8F6568411AB05C01F4EEA10D3E072AB4190BFA651FA1
                                                        SHA-512:F0544E8C6FD9578996E7C5911C316D992232D29A3978D6480F2E6548BC8248C1E008977A7144FDC92584CD1C1D433DB30654C3C3BB640C0302D54FD0681ECFAD
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................F.......F..[.^.-...8;.N.I.......I.qk..B.....LZ.F..[.^.-...8;.N.F...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................]....:...Hm......N...^.................QFz..N...z............f........................................I.qk..B.....LZ...............]....:...Hm.............]....:...Hm............F.......F.......F...........................................F.j.....F.T.]...F.......F...B...F.H.....F...B...F...>.).F...J...................;........4...4...4.."...............F...F...F...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........F.......F.....#.F.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                        Category:dropped
                                                        Size (bytes):29187
                                                        Entropy (8bit):7.971308326749753
                                                        Encrypted:false
                                                        SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                        MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                        SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                        SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                        SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.335046226652172
                                                        Encrypted:false
                                                        SSDEEP:48:4sfeLMI/Uj5DT+t2nEYYOt7w1XzHw9WRoBrdQqrYN0wBX/E9vIIHB/Z9:4sFDT+mEYY6UXzHw9OQRQyM0wA
                                                        MD5:EC3767319F9D57D508F89F5C4060EDF2
                                                        SHA1:D8C5577208836D7DE7D3209B83E22A71936F6468
                                                        SHA-256:BB1CB7ADE879C93840A81683485FA8BB188DD708BC03C950C7E2179BCC8C52AC
                                                        SHA-512:4DCA47BEDBC7432AF7A0F3DD0BC6026F38EB310F888C57E9A2AE3162515AE3AC09C31538CD92EA0A6C8EFF5AB7847855518209DC1B3205B84D4FE91475388FE8
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.hZ......hZ...........5.hZ...........5.hZ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............#.B'.WN.4.Y........N...^...................0.]K.s..$=C@........f........................................I.qk..B.....LZ............#.B'.WN.4.Y............#.B'.WN.4.Y..............hZ......hZ......hZ..........................................hZj.....hZT.]...hZ......hZ..B...hZH.....hZ..B...hZ..>.).hZ..J...................;........4...4...4.."...............hZ..hZ..hZ..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........hZ......hZ....#.hZ............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                        Category:dropped
                                                        Size (bytes):4819
                                                        Entropy (8bit):7.874649683222419
                                                        Encrypted:false
                                                        SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                        MD5:5D6C1F361BC04403555BE945E28E53FC
                                                        SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                        SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                        SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.39590017641225
                                                        Encrypted:false
                                                        SSDEEP:96:aBsWu5IMl8mrEVVZX1R19sQRQyklXlkL7oa9:as/l8lbZX1L9sQRJ4Xy
                                                        MD5:0D52C8452DCF3C3A64D563D234FE3F36
                                                        SHA1:0CDDB260D9E02168319911CC880A9698943A5A66
                                                        SHA-256:8C977A364B325CFD9B7CCCE1AB7A74DD0A1AB71170E77EB29633A72676393927
                                                        SHA-512:70BE7AF66EBB55B54D367D058F9C7049A12E2A8D05DFE620A0EDFEE967EC098590C55F27CF63511270A095C09A69316A7D2EF21320EB230F5038BC2AA5817BF3
                                                        Malicious:false
                                                        Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZY;......Y;....{.....=..Y;....{.....=..Y;...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................^.....6.?T.....N...^...............k/#.\*.G.Vf.=6.X........f........................................I.qk..B.....LZ.................^.....6.?T..............^.....6.?T..........Y;......Y;......Y;..........................................Y;.j....Y;.T.]..Y;......Y;..B..Y;.H....Y;...B..Y;...>.)Y;...J...................;........4...4...4.."..............Y;..Y;..Y;...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........Y;......Y;.....#Y;.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                        Category:dropped
                                                        Size (bytes):1717
                                                        Entropy (8bit):7.154087739587035
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                        MD5:943371B39CA847674998535110462220
                                                        SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                        SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                        SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.314144314353937
                                                        Encrypted:false
                                                        SSDEEP:96:g5sAX8e2aDmgEKd5XXwm/9nvsRQy0jP5QuI:KsjeWK7X19vsRJgP5Q
                                                        MD5:A0A59583329CA502120AE41A75759B70
                                                        SHA1:469E7A6720AB1A5E6ABB6ECAC2B50B9F5CB59068
                                                        SHA-256:49FF61B20CDEACC717CEF041B09A0F66CE521F3A857025AB3BD7F842F2124490
                                                        SHA-512:D448285929AA4B5AC076AC31E1931B1D6286E7C2FACE86D69FB4855203A3D9C6CF9404529114ED4C554E4EF21CD9BA241269A332E3A2D253623FABB00146BFB1
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|.......................................2.a..."..Ih.I.......I.qk..B.....LZ....2.a..."..Ih.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............]D.:...8.g..z.....N...^......................D....F...........f........................................I.qk..B.....LZ.............]D.:...8.g..z..........]D.:...8.g..z.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                        Category:dropped
                                                        Size (bytes):3555
                                                        Entropy (8bit):7.686253071499049
                                                        Encrypted:false
                                                        SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                        MD5:8A5444524F467A45A5A10245F89C855A
                                                        SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                        SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                        SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.336213860618122
                                                        Encrypted:false
                                                        SSDEEP:48:5as1msFL7WlmtEyfyxElrXY6y9z23HoRrdQqrbwOfBBXJbk9IjIlJ:cs1BPWlmaQqEhX09zeHARQyEYBp8l
                                                        MD5:D93650520EB62C8B8FE63E2F56368D55
                                                        SHA1:1EDD938FDB159FC0AF7056C9A28F04A7A9EAC0CF
                                                        SHA-256:DDD0544A48DA3EF9AE1F8ADA4C893396EB5C02584837EC59F1B5D74C0C223C89
                                                        SHA-512:D40C08C3EF47A6DFE502A1E7DD5CDD2F340143B57625F1EF43EE3176DCC2FEE15E06CBD80BA88D05510C0B096A9E9FAADF2974AC6F6EC847E4C0C4E303C0FB9D
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.|3......|3.....+h.7.T...|3.....+h.7.T...|3..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.......................). .....N...^...............\1H.^.D...r!P..........f........................................I.qk..B.....LZ......................). ...................). ...........|3......|3......|3..........................................|3j.....|3T.]...|3......|3..B...|3H.....|3..B...|3..>.).|3..J...................;........4...4...4.."...............|3..|3..|3..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........|3......|3....#.|3............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                        Category:dropped
                                                        Size (bytes):3428
                                                        Entropy (8bit):7.766473352510893
                                                        Encrypted:false
                                                        SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                        MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                        SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                        SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                        SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.379007806099797
                                                        Encrypted:false
                                                        SSDEEP:96:8sjLEwqGQEXNrx7Xo99oRQyyZXByOYXBi/u:8sXEw5XNtXo99oRJyZXByOYXBeu
                                                        MD5:46BE636A1960F89B8451F9ADB199233B
                                                        SHA1:B91864D16825695C135F25D7B9B44FA5DCB62C2B
                                                        SHA-256:43860D9DD5FE2910B1AA9A04A18F85E7623229D3AAA81B32032A880B1C350E9B
                                                        SHA-512:509489BAE9DCE6E83500FCDB20CCCF194F81D937E7EB2277CFF6F9434F3C228BA68FD953EEC763E60035028D84C32CCDBF332832E84F3931880FFC830B079DC2
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........%{.....B.z_4...%{.....B.z_4.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............|...Z.?,..[K.=....N...^................S..i..D.!....0.........f........................................I.qk..B.....LZ..............|...Z.?,..[K.=..........|...Z.?,..[K.=........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):65589
                                                        Entropy (8bit):7.960181939300061
                                                        Encrypted:false
                                                        SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                        MD5:8B48DA9F89264D14B83FF9969F869577
                                                        SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                        SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                        SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.351863282972056
                                                        Encrypted:false
                                                        SSDEEP:96:pGGws5BDy2wGh6gEmdqXWY9ckRQyTqh82fr2:pGGwsq2wGI9mcXWY9ckRJm82fr
                                                        MD5:74CDB4A226A76284087A0EAE4D9BDD16
                                                        SHA1:67185324FF23359C9F501307119934FFD6FAC262
                                                        SHA-256:EAA58CDF4378FCDECD877E4039957483D3F210B78DBCBA6019C732EA02568904
                                                        SHA-512:78CECB5E18141B073A69B48AF31A7F4CF46A7DE6716AE94E89DFD0A2B605D8BA72E82A7D96E36783BB9FC7E89DAB8A710D742F72D2E10F639782D208C4D1BBD5
                                                        Malicious:false
                                                        Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZ............i.4...S[.$t.....i.4...S[.$t......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............."..5......".....N...^.................X....@.Z.H*.8I........f........................................I.qk..B.....LZ.............."..5......"..........."..5......".........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                        Category:dropped
                                                        Size (bytes):1873
                                                        Entropy (8bit):7.534961703340853
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                        MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                        SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                        SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                        SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.377958533038824
                                                        Encrypted:false
                                                        SSDEEP:48:ysMdZV3zT0K6IVtUEeYaX5Vva9F42omKBrdQVrua/BXxakDZ95:yssD/0K6IVWEAX509F7PKBRQ51jb
                                                        MD5:BB382ECC719B1DFB051F4B9746D2C965
                                                        SHA1:7090152766FF94FDB7E13565D233CBB6D0884046
                                                        SHA-256:4D3A73C3ACCCBDECDB8620AFD309E187A5EA18539CA9D12C0726910F5AD3CDB7
                                                        SHA-512:0F70E812D336CF6CDB9EC761B4203AFC657B588822C05594A961ED91EC2CCEB9E97013B72C160FC2EB70E595530F965E719C032063171C79DD0F496FFA9A6952
                                                        Malicious:false
                                                        Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.................T.".............T.".........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............O[..)J%.9&......N...^....................%.N...@...........Z........................................I.qk..B.....LZ..............O[..)J%.9&............O[..)J%.9&..........................................................................j.......T$c...............G.......H.......>............. .3...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                        Category:dropped
                                                        Size (bytes):5465
                                                        Entropy (8bit):7.79401348966645
                                                        Encrypted:false
                                                        SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                        MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                        SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                        SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                        SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                        Category:dropped
                                                        Size (bytes):3361
                                                        Entropy (8bit):7.619405839796034
                                                        Encrypted:false
                                                        SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                        MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                        SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                        SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                        SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.344347954645926
                                                        Encrypted:false
                                                        SSDEEP:48:qsg8i9e3tw2ntJTdED5+CXTp9+FoFrdQqrP7EmBXxblz3DxoMZF:qs8e99ntE0CX19+FkRQyPzvvx
                                                        MD5:291B1B45BAC4EF4B8B77D1180C125D15
                                                        SHA1:6A4FB9333B5417BA4195A5BA1F9E00DC7F086AA1
                                                        SHA-256:FE6EFDEF395AB299F77937D9374FF6FCC3429885EB91E83494F5D587D6E31A0F
                                                        SHA-512:F8622DB7FBDA6C0A0E5735931A9A6E4E250349B7FACFA036C13C78B151A783D31CC544CEB0BF5B9FA9C4DCEC438D7380E72764AA1E2CCF855829B4FFACFBE71E
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ................._Ib............._Ib.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............p.....B.&..V.....N...^...............^.I....H.PnQ..U.........f........................................I.qk..B.....LZ.............p.....B.&..V..........p.....B.&..V.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                        Category:dropped
                                                        Size (bytes):140755
                                                        Entropy (8bit):7.9013245181576695
                                                        Encrypted:false
                                                        SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                        MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                        SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                        SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                        SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.3530488105798835
                                                        Encrypted:false
                                                        SSDEEP:48:YusDsSmLvBDZtl/ghNEuVLAXA9uD7o9rdQqrzgDBXHNMnKZ:Y9DsPDZPgNEuVEXA9uXERQy2V
                                                        MD5:62F236F25C419D8494D57D4CB52B6132
                                                        SHA1:7B5F918F344FBED8273EE576BD0E74C5F72EB909
                                                        SHA-256:B6DD57F08C9763067828BC0BA0EDD6C65C8C43D21EA44163F7B328C8CCB913BB
                                                        SHA-512:BE56F515AD4EFE83A7D7F4948DD102EA95CEDC815DE4DD76DE0D50384C302DBEA9379ABC73ABBCB837BA66A5FB38F546A047B10CAAEDFE2C28795ACD7E6B9FFA
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ...........v.C...]H.R.M7...v.C...]H.R.M7.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............A......#.....K.....N...^...............}.p...E.]mh...C........f........................................I.qk..B.....LZ.............A......#.....K..........A......#.....K.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                        Category:dropped
                                                        Size (bytes):129887
                                                        Entropy (8bit):7.8877849553452695
                                                        Encrypted:false
                                                        SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                        MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                        SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                        SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                        SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.354790654903285
                                                        Encrypted:false
                                                        SSDEEP:96:Yxjs8aSRRxneEr7tXzn89ObF7ARQyFHZl:+s8aSR/rr7tXz89ObF7ARJhZ
                                                        MD5:F9AC748F90194F2F3E8EBF1E1FA38871
                                                        SHA1:E930773D1055F816B0B78989533593E402AEDD9F
                                                        SHA-256:B657FDBF04224964ADF2FDA2EE10DBD53E92A4CD0B846EA1F79F5DFEA776248B
                                                        SHA-512:C9AEBB2F3614DEAE2C88B57536E04580A26630F92EA32609092F2E7511ABE43609DD4BB1A82C7C18FC11CA66426A1125392679E0148962C6638FA845B9665483
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZd;......d;..%...&,.....d;..%...&,.....d;...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............z.zv....-e.i..G....N...^...............K..T..LA......M........f........................................I.qk..B.....LZ............z.zv....-e.i..G........z.zv....-e.i..G.........d;......d;......d;..........................................d;.j....d;.T.]..d;......d;...B..d;.H....d;...B..d;...>.)d;...J...................;........4...4...4.."..............d;..d;..d;...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........d;......d;.....#d;.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):84941
                                                        Entropy (8bit):7.966881945560921
                                                        Encrypted:false
                                                        SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                        MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                        SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                        SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                        SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.355644414224952
                                                        Encrypted:false
                                                        SSDEEP:96:Y1s8zUGZWLgkEPjX/DJG9Gq0RQyFoxpUJ8hXS3:msOZWUxPjX/NG9Gq0RJKx
                                                        MD5:EB054B2D0D2BFFB55195F4F20F2F8620
                                                        SHA1:75156D546E4CF42ED0F3880DB07828F15142E1A3
                                                        SHA-256:6A18D1B6CBFE556CCF02B110187D3ECDC88BFA3E968D8B6200EEC01E492871B5
                                                        SHA-512:54BEA91B52C265F4144B4ECF1F064DC87214F5D741465ACAAB00661BA4F207F55F90E3564DC9289D4D8927B18526DD35D18204B5758321F65DA38BF7C40190AC
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..5.......5.FfJ...x..Q....5.FfJ...x..Q....5..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............x...s't...0.`.......N...^..................<l.b@..%...R........f........................................I.qk..B.....LZ............x...s't...0.`...........x...s't...0.`..............5.......5.......5...........................................5j......5T.]....5.......5..B....5H......5..B....5..>.)..5..J...................;........4...4...4.."................5...5...5..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........5.......5....#..5............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):1569
                                                        Entropy (8bit):7.583832946136897
                                                        Encrypted:false
                                                        SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                        MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                        SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                        SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                        SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.333749272191344
                                                        Encrypted:false
                                                        SSDEEP:48:Ys0mQXJUatRRWkE+YlL6XHs9iB0o1rdQqr/yBXcY9sKd:Ysc2a9EplOXM9iB0cRQyKt
                                                        MD5:16BB67D7BE3B19473ECE440FD9C88532
                                                        SHA1:AB06FCB91DDD074A8E435A50A85261BF86D32D1E
                                                        SHA-256:D787A11BE86BEBAA32CE16E9C390146BEC5FAF0762FC3417D471002823F1041E
                                                        SHA-512:2EC8788F3E8EE16601B9991C1738CDF011DD9A2BEA26F6A923A8D201949B511BC903C12D3D584121090D0388A6975258EED720B464B0D476E0BDAF2361A3F85B
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZBdX.....BdX. r..;.%. ...BdX. r..;.%. ...BdX..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............R.A.5J...58...i!....N...^................m?.J1!L..r..k..........f........................................I.qk..B.....LZ............R.A.5J...58...i!........R.A.5J...58...i!.........BdX.....BdX.....BdX.........................................BdXj....BdXT.]..BdX.....BdX..B..BdXH....BdX..B..BdX..>.)BdX..J...................;........4...4...4.."..............BdX.BdX.BdX..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........BdX.....BdX....#BdX............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):40035
                                                        Entropy (8bit):7.360144465307449
                                                        Encrypted:false
                                                        SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                        MD5:B1DDD365D87605F96D72042CB56572F6
                                                        SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                        SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                        SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.629831759134101
                                                        Encrypted:false
                                                        SSDEEP:96:Rs6DVXnaBE3/nXrh9O2qxmRQyJej2qYZP2oKJ:Rs6RXnH3/nXF9O2qgRJJej29ZP29J
                                                        MD5:DD0F2942B8B9EB11C71CB79C5CD1A96D
                                                        SHA1:097F4BE688FC4BB197CB2CC5F1C2FA46EDEB09F3
                                                        SHA-256:D8D22DFD4D416AA6728E9B0EFD6A2DE7709C4BBE8576F6B5FFE0B5EEA4AEB357
                                                        SHA-512:527CF4DBCB020DE92FB21467616487BF055DCE05FD60E3F5DD57D88B7BAEF66E0B3CE310989866F307DD20FE9A58988DE3126B5C9D908FC989DFE289D7A22DF8
                                                        Malicious:false
                                                        Preview:2...>...........v...~...................................................................................................................................2...>...f.......v................................I.......I.qk..B.....LZ............D..!..].O.l....D..!..].O.l.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................>....F.F.Om.....N...^................Sd>V.ND..l8{G.b........f...................................:....I.qk..B.....LZ................>....F.F.Om.............>....F.F.Om.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                        Category:dropped
                                                        Size (bytes):242903
                                                        Entropy (8bit):7.944495275553473
                                                        Encrypted:false
                                                        SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                        MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                        SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                        SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                        SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.345146902076292
                                                        Encrypted:false
                                                        SSDEEP:96:YBsMXSXjXdmW5EXMRWMXgcM9wdKcRQyoBRXjXmX97XSXMX9:KsMCztmvXMR1Xs9wdKcRJoBRz2Jic
                                                        MD5:70EA99FA7F3801C4FD4C8A1D51C260E6
                                                        SHA1:0CEBD018236140F12979910AEF26368F395EBE14
                                                        SHA-256:B5B392377AC8DA15B767F7C8B0441C95DCA604FBE46A5B02A757A2A2D142F1C1
                                                        SHA-512:861457C571A785C09063ADEDE31EAB914FE3F2B2D7BB65B941B60AD349851FB5E330623C5B5A1EE26E02456BBBA983EBCAF19C41557F1D567872D0AA6240C2F3
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ............3...8=V...S....3...8=V...S.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............5..S..V..."........N...^.................<`.iA...X............f........................................I.qk..B.....LZ............5..S..V..."............5..S..V..."............................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                        Category:dropped
                                                        Size (bytes):70028
                                                        Entropy (8bit):7.742089280742944
                                                        Encrypted:false
                                                        SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                        MD5:EC7811912ACA47F6AEB912469761D70D
                                                        SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                        SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                        SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.315664392044572
                                                        Encrypted:false
                                                        SSDEEP:96:GsoJWTO5dE5V7XHxHV9ergRQyH47XKDq19JKOoT:GsBTRX7XH9V9ergRJH47QQ
                                                        MD5:C509AF2BDDD2C12E7B1B34C29A552A09
                                                        SHA1:5227CCD2F830E5ABEEB6452D9394F3AE4D644197
                                                        SHA-256:62E721F1EF19C805082886ED1364D1E140466A274D6CD5AFEC145E8E2912660B
                                                        SHA-512:C20EF70373E5731B4D8ED74F219C117086312EE27D20DAD50809C718C70ABD7F2F1DD00D1D902B9A1727BD81202EDDBF643E5319076C3A42A2FF16AF61215793
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.1.......1...C...W!*{|t..1...C...W!*{|t..1...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................~.[.3.g.QP .....N...^................eK.u.kJ....Q.;........f........................................I.qk..B.....LZ...............~.[.3.g.QP ............~.[.3.g.QP ...........1.......1.......1...........................................1.j.....1.T.]...1.......1...B...1.H.....1...B...1...>.).1...J...................;........4...4...4.."...............1...1...1...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........1.......1.....#.1.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                        Category:dropped
                                                        Size (bytes):24268
                                                        Entropy (8bit):6.946124661664625
                                                        Encrypted:false
                                                        SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                        MD5:3CD906D179F59DDFA112510C7E996351
                                                        SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                        SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                        SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.3463594239806485
                                                        Encrypted:false
                                                        SSDEEP:48:XCsDn72rC+t9AJEr0iXO+92ZOolrdQqrD9C6CBXotpRbV:Ss32rbYJEjXO+92ZOERQy06CQb
                                                        MD5:FF145F472F395E48B24A8FBC1F625388
                                                        SHA1:52515B8AE77193DA60E53F52265C2B85C25CAF4C
                                                        SHA-256:F428092B051314ECEA44D853615CE027ABEC6C410224F819FB2880338628AC8A
                                                        SHA-512:0DEB39281867195ED77ABB727706087E6202B9B63B7AA816C183F9143C92AF92C8A749B50C23709AA5683EAB372AEFF5A0EB43B24398348D4588F5F13B8E86B3
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ............!.....X{...g....!.....X{...g.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............{.......y.....k....N...^.................-..x.E..W...~P........f........................................I.qk..B.....LZ.............{.......y.....k.........{.......y.....k........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):47294
                                                        Entropy (8bit):7.497888607667405
                                                        Encrypted:false
                                                        SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                        MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                        SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                        SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                        SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.4701241703414425
                                                        Encrypted:false
                                                        SSDEEP:48:wsHemYkatZ6EwLyFLBXK9Cgzo9rdQqrLBhSBXWzJOLkxrxR:wsjYkauEwWXK9CwcRQyPSYPx
                                                        MD5:4AF451C6F66F2A47E92146C373ABDED3
                                                        SHA1:75FE1125FC06B091CD9BB565A3A3D3FFF3D05AAF
                                                        SHA-256:DB063673BC8306B5994FBD0CBD2692B1616C3B1150CC31B5D5E644D4194ADB32
                                                        SHA-512:7C8DD7E8BFFEE6B4D726C56894A1F14AAF052EFB620E3183683CD1BF0D4FA63B324347445EE34B5F8DC5DE2AB629CC6BACFF7720E38BF92C8881BC4FE475F27B
                                                        Malicious:false
                                                        Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ'.].....'.]b.}I...t#..y.'.]b.}I...t#..y.'.]..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............AR......FN.U..C....N...^................(|T`+.O..E...V........f........................................I.qk..B.....LZ............AR......FN.U..C........AR......FN.U..C.........'.].....'.].....'.].........................................'.]j....'.]T.]..'.].....'.]..B..'.]H....'.]..B..'.]..>.)'.]..J...................;........4...4...4.."..............'.].'.].'.]..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........'.].....'.]....#'.]............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):347
                                                        Entropy (8bit):6.85024426015615
                                                        Encrypted:false
                                                        SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                        MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                        SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                        SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                        SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003L.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.329765908083406
                                                        Encrypted:false
                                                        SSDEEP:96:kBs6M3rrnnWod3ELXY9y44RQy8aspOgc3uRvGEUw:cstnWoCLXY9y44RJjG
                                                        MD5:0B4B6156F1C6E70BFF16967DF750A489
                                                        SHA1:D40B24B0EC5AC175C1F866895752F48E831208DE
                                                        SHA-256:579693026F4617F426D83C3487FAB570B8F6DC8700A54E631AA1A345CD693CB8
                                                        SHA-512:59C1AA9C01FC24B7AE1F76ACAE8A2761A84C220CB49065174878BAAD86D80853156763D63F06927DB66BA8FB9958B84DABF22AB06B63B79A5B716ADF9C8CD783
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z......................................<.JY....W;...I.......I.qk..B.....LZ...<.JY....W;.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............u|w.....(/.xE.Q.....N...^..................r...N....2..s........f........................................I.qk..B.....LZ............u|w.....(/.xE.Q.........u|w.....(/.xE.Q.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003M.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):827
                                                        Entropy (8bit):7.23139555596658
                                                        Encrypted:false
                                                        SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                        MD5:3E675D61F588462FB452342B14BCF9C0
                                                        SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                        SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                        SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003N.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.327499952071354
                                                        Encrypted:false
                                                        SSDEEP:96:RY1sr1Y5NKdPIEXn5X79gz21mRQyswLgpwQv:RY1sr1aKV1Xn5X79gz21mRJZuwQ
                                                        MD5:5A0A5AFED347C8588B35FBF5E31D959C
                                                        SHA1:13E2F5E41225B0560E00DD6A6B0636D47E821292
                                                        SHA-256:45417F7695EBD804FDABF111CBC8A11DE32F837B6A12CD00D0D6C69BCB4DDF28
                                                        SHA-512:5DCDD4ABFF8E31C74601538E58ADD475FACC10491415E1C5D37C5B224007A643604D180A2298F642EE45BD13CEAD28198366CE659AD09AB61CD73C2D4A71E1D5
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ...........$+...:oi.......$+...:oi.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............w..)...'.K..W.....N...^...................ps.B.....b.9........f........................................I.qk..B.....LZ.............w..)...'.K..W..........w..)...'.K..W.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003O.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):4410
                                                        Entropy (8bit):7.857636973514526
                                                        Encrypted:false
                                                        SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                        MD5:2494381A1ACDC83843B912CFCDE5643B
                                                        SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                        SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                        SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003P.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.295617622704575
                                                        Encrypted:false
                                                        SSDEEP:96:Y/lsdCAjdpHEZnf0wXjlH9ackRQyCRszeBUzHOy:esdCABKB0wX19ackRJaszeBUzuy
                                                        MD5:0F7C8BA86FD4F34F870D318ACEAB50C6
                                                        SHA1:D720177286C438FB12AA5E2185AA7D8FF28E5239
                                                        SHA-256:1AEB53D40793EEB785962BB60FEB3B870E80D7E2CE76A1DFFDB56493EFE32B77
                                                        SHA-512:A4E69E7481081160673DBAA0ABC8F789BC7C5480AA2096EE65FCC412C084EAAD89D371F75757322D6C221C21DF819DD53BB79C351B680F7657489017941F2510
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..Z.......Zemt...G...lV...Zemt...G...lV...Z..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............>...0...&|kp.......N...^................q.m.uD..m}.o..........f........................................I.qk..B.....LZ............>...0...&|kp...........>...0...&|kp..............Z.......Z.......Z...........................................Zj......ZT.]....Z.......Z..B....ZH......Z..B....Z..>.)..Z..J...................;........4...4...4.."................Z...Z...Z..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........Z.......Z....#..Z............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):136726
                                                        Entropy (8bit):7.973487854173386
                                                        Encrypted:false
                                                        SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                        MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                        SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                        SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                        SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.33967179591153
                                                        Encrypted:false
                                                        SSDEEP:96:msmZ2w6TaEKHFlXUAl9usb9KRQyUz29RCRlFP6R+zQ:msdwO3AFlXUAl9usb0RJUCM
                                                        MD5:F3A9E61722F792676A395D75856E9721
                                                        SHA1:7CD5D4D3DE9EE35548BCACBFCAEF2E60827E1C7D
                                                        SHA-256:F35C60DFD261555D65145BA7E25E90EA6029A69E2B65B3E89D2BE06530C467AD
                                                        SHA-512:6F810DBDB6330E203531036AE5C02CDD7C3F63D214D65BE4987A05ECD512CDAC54DF152BFE239424B7ED6C72B86385B4ADEE3DFDFDCBD05BD5024CE3FA0D7F13
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZu.......u......*....w.u......*....w.u....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............G.{...'.z.......N...^.................yg&2.L.6.qL+o.........f........................................I.qk..B.....LZ..............G.{...'.z.............G.{...'.z............u.......u.......u...........................................u..j....u..T.]..u.......u....B..u..H....u....B..u....>.)u....J...................;........4...4...4.."..............u...u...u....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........u.......u......#u..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):5136
                                                        Entropy (8bit):7.622045262603241
                                                        Encrypted:false
                                                        SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                        MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                        SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                        SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                        SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.337868081575162
                                                        Encrypted:false
                                                        SSDEEP:48:zWz2BsRp4It9nHoYatwFlePEBvXYf9iwo2WrdQqrquCgBXs5g2Lt97JcOBZ:g2BshoYarExXQ9iwgRQy4gfm
                                                        MD5:E39184E79279CE86E2431976CD01A86C
                                                        SHA1:80A0E9C9D96B0BCBF4085AA6F1B7490B2E094C97
                                                        SHA-256:FF87050499774BF00166CC7167FB681065D1A3D6322605F7A7190E004AB13718
                                                        SHA-512:77E64AF980978B29F241EE1823B82B9BFFF0ECCC747B2313425B02CDC792017B2C8B219DBE08BB036A2B98807D4962115D48C1E36937E451C007D0579CB2C7B2
                                                        Malicious:false
                                                        Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ..k.......kug.2.....?.....kug.2.....?.....k..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................u......HprJ....N...^................0..T..H................f........................................I.qk..B.....LZ.................u......HprJ.............u......HprJ...........k.......k.......k...........................................kj......kT.]....k.......k..B....kH......k..B....k..>.)..k..J...................;........4...4...4.."................k...k...k..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........k.......k....#..k............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):52945
                                                        Entropy (8bit):7.6490972666456765
                                                        Encrypted:false
                                                        SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                        MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                        SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                        SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                        SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.398971525962246
                                                        Encrypted:false
                                                        SSDEEP:48:zW6s9Zc6H2teXQEbL4XXEXTH0xo9C9313rdqrb6XBXAo2/IwF:JsMK2MAEbnXTUxo9C9FRyoVa
                                                        MD5:1B61D48138F80FD68A7EEC7FD2C55F6C
                                                        SHA1:999BAE3ECBA68F5A5D08A006AEBBB0CB925333A3
                                                        SHA-256:318D41C4118796A20D27167542E882093B05E2D43E7CC47D20B0F026715D48DC
                                                        SHA-512:8138B0AF7FE79C552C9BE7E39B60601ED50F70C1A70A052B9614366E2B4CD9F0FCE1EAE78F7A7B1FAD7F100B6810C44C875984655AF64D83394BF634A56B80CB
                                                        Malicious:false
                                                        Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ.D*......D*.D.M......L.^.D*.D.M......L.^.D*..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............R7..{..-..........N...^................\Zml6.G.l}.7..........f........................................I.qk..B.....LZ.............R7..{..-...............R7..{..-................D*......D*......D*..........................................D*j.....D*T.]...D*......D*..B...D*H.....D*..B...D*..>.).D*..J...................;........4...4...4.."...............D*..D*..D*..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........D*......D*....#.D*............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):79656
                                                        Entropy (8bit):7.966459570826366
                                                        Encrypted:false
                                                        SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                        MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                        SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                        SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                        SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.463917570880493
                                                        Encrypted:false
                                                        SSDEEP:48:T0FsJGfH690OIs1l+tA52JEWnXql9X7o9XVVolrdqr21RLtRXqbwW39045c0rdLF:MstIs1l+SoElX7o9XVVERy2Lx0fX
                                                        MD5:79C4B1B2108493A4515B7052AE6274C3
                                                        SHA1:28CFD22C9AB3AA4B3EBE183AB8200393D9742A96
                                                        SHA-256:0D1BD2C1028183141766A1B2A2DA68FACBED38D0B9C513374A2C410FDCB633B3
                                                        SHA-512:7907785D5D1D63064BFCB54052F5B60225C6CCC16CBBEB4E94209E0F3EC16EF6981F6A1B16F19050CF68A6AAA7A60A9B14AF1DA784D69A040A0CC4D0D52A1295
                                                        Malicious:false
                                                        Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ............3......X6*.....3......X6*......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............qE......R...u....N...^.....................M.....X.........f................................... ....I.qk..B.....LZ............qE......R...u........qE......R...u........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):40884
                                                        Entropy (8bit):7.545929039957292
                                                        Encrypted:false
                                                        SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                        MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                        SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                        SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                        SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.349254423218165
                                                        Encrypted:false
                                                        SSDEEP:48:Yu7nHGsdJQsng5q0t0tQWuvxEf9+HXPvawS93vKoFrdqrXuRXRwejn0SFou9l:YKHGsmq0t0mzxEF+HXXVS93iERy+b
                                                        MD5:9EE2A4539F94E91690D9ABF5321C8E49
                                                        SHA1:5135AEB2DECE51F443A7F1BCE7A5B1F2DA092C5D
                                                        SHA-256:8962D2C5A9801FF6563E8EB52A89EF3CDBFC54874F47DC6D0E1565E41139D38E
                                                        SHA-512:A136358AF51A848ED8B80C297EEC435A11E2F01802CA49008BC1901895240AFC793DE8CF27CEE6F278582106EC5132318AF70440A5BB85E27C353AD438AEFB1C
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.b.......b..G........v.b..G........v.b...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................?!N........N...^..............."...l..J...4...V........f........................................I.qk..B.....LZ....................?!N....................?!N..............b.......b.......b...........................................b.j.....b.T.]...b.......b..B...b.H.....b...B...b...>.).b...J...................;........4...4...4.."...............b...b...b...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........b.......b.....#.b.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                        Category:dropped
                                                        Size (bytes):68633
                                                        Entropy (8bit):7.709776384921022
                                                        Encrypted:false
                                                        SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                        MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                        SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                        SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                        SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.4321615225334465
                                                        Encrypted:false
                                                        SSDEEP:96:5OsjTLjGOLk/Eg3kmXBXJfP+9TAYRyYPBULKmHyxGr:5Os/GOTg3kmXBXJfW9TAYRyYBk
                                                        MD5:7E09108B9C5D12961891CD751006E80A
                                                        SHA1:FC3126FDD60A6B333F7C8BD1575ED727FDFECABF
                                                        SHA-256:F71081516D76472626D42572B2E58CA62AB868DDF50E9B61F2B416139D5FA0DA
                                                        SHA-512:FBFB80A119FBBEE153F6AA54B51C14694697371E56E48B43430063DA9C97BB2ED66E2BC54A82B8BC1FBB004F03DB9B8F4F9D339DE31E184318C76284882C29CC
                                                        Malicious:false
                                                        Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ...........x0.q."I..{..S...x0.q."I..{..S.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............d....C.Lm..u....N...^...............[..B.CZD...8..[X........f...................................$....I.qk..B.....LZ..............d....C.Lm..u..........d....C.Lm..u........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):11043
                                                        Entropy (8bit):7.96811228801767
                                                        Encrypted:false
                                                        SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                        MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                        SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                        SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                        SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                        Malicious:false
                                                        Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.345824124936783
                                                        Encrypted:false
                                                        SSDEEP:48:UsfpQu1xzUmhItjqJEQLTIXDI9zJdWoxrdqrTaxsU/RXICk9v1GY3tQIzMY:Usf513hIoEQAXk9zLWoRy2e1G2aIz
                                                        MD5:B2E5E9BAD6473457E2AD98BA7164B76D
                                                        SHA1:9CEAB16752DFFF7227D8A7F054F58527C0F52B0D
                                                        SHA-256:E5A2CC81AFA7862FC26F1A13D3F56C61502A65A8EBDD4F8D4A0465601B0EE8BA
                                                        SHA-512:2EC6F6385683BAC045E035CD8D4A237B9469F500377645914D07BEC3BC3C78C003CC1CB3936F4285FD07591D3FC7F583FD30AF49ECB4919976162FDDCDE40C54
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..........>.c......"gv...>.c......"gv....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............~.R.h..!.Y?.......N...^.....................-O.....U..........f........................................I.qk..B.....LZ.............~.R.h..!.Y?............~.R.h..!.Y?.......................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):647
                                                        Entropy (8bit):6.854433034679255
                                                        Encrypted:false
                                                        SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                        MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                        SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                        SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                        SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.361528730031641
                                                        Encrypted:false
                                                        SSDEEP:96:CsPoZTNBbXEjFFXmje9fzGgRyKbf4Zmc:CswZTNOxFXCe9LGgRyK74Z
                                                        MD5:87D951B5DA071E4B93F2D96FA425BAB4
                                                        SHA1:9006EAA4ED21544DAA5787F119E63BF7D5A6082B
                                                        SHA-256:BAE789F90A07066FC5C9C53E6D9627EF00AAAD0CADF2D9B327B9C520C8882A8A
                                                        SHA-512:DC72F21D0775791FC1609315740281985134F18F34A15D960805B6B07D7B08E38BEF9A418374334A805227335B7D03F5B00E72B6A54EDBBEF6F6B9404FEB3B9D
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZA......A............zA............zA...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............c.'.......:...S....N...^..................PqC..j. S..........f........................................I.qk..B.....LZ............c.'.......:...S........c.'.......:...S.........A......A......A..........................................A.j....A.T.]..A......A...B..A.H....A...B..A...>.)A...J...................;........4...4...4.."..............A..A..A...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........A......A.....#A.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004A.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                        Category:dropped
                                                        Size (bytes):52912
                                                        Entropy (8bit):7.679147474806877
                                                        Encrypted:false
                                                        SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                        MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                        SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                        SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                        SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.310824547293536
                                                        Encrypted:false
                                                        SSDEEP:48:6su9wLMAlr1tVNEkYDJXL9HzxG7o5rdqr7cRXx1aMXNVITuK0l:6st11NEkAXL9TxG7ARyAvr5
                                                        MD5:B583A5806E39127AE7211C1B7E69C308
                                                        SHA1:F16F1459A4D298FF4C1463AA4FE70CE11D45094E
                                                        SHA-256:B627B0305D60C5D395CDB094C8064DA37A7B0DC0C380CD8F53F5CBEDFBB6B4F6
                                                        SHA-512:8071817F3551D6E1CAF220706607D796F09C149D7508C1AC1BB7644619D401A82B68E96DF86A9551C5138B6C0DA3B266A481398E56F71AB1A829856FA34BFB85
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZi.7.....i.7.)..;......<i.7.)..;......<i.7..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............;.@>..z.#..........N...^...............q.V.>pI.._.............f........................................I.qk..B.....LZ............;.@>..z.#..............;.@>..z.#...............i.7.....i.7.....i.7.........................................i.7j....i.7T.]..i.7.....i.7..B..i.7H....i.7..B..i.7..>.)i.7..J...................;........4...4...4.."..............i.7.i.7.i.7..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........i.7.....i.7....#i.7............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                        Category:dropped
                                                        Size (bytes):27862
                                                        Entropy (8bit):7.238903610770013
                                                        Encrypted:false
                                                        SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                        MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                        SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                        SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                        SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.509931387101828
                                                        Encrypted:false
                                                        SSDEEP:48:asuLaS63mIeMtuqtzE5zfiXCfI9T6xo9rdqrnorWk6RXHR8NTVZp:asI63DTIEE5LiXCA9T6xkRySWk64Z
                                                        MD5:608C2F64A6CBDD33BE2BBECFABC0ADDC
                                                        SHA1:13E829D9B24EFF3D2AD8273E178B071B393A5ACD
                                                        SHA-256:ED88B7B61C0D8CF987CF1C2F120AA717A26B56128696D3AEAE1E87742B1B40DF
                                                        SHA-512:4DF7C370137FF81BB75EAE98535257E252D65757221DE25A67F5F36D1A8E09319FFA67584678351D420C91CEF13A0A6C9594A27650FFCA36EEDB3456B69E86F6
                                                        Malicious:false
                                                        Preview:2...>.......r...v...f...................................................................................................................................2...>...N.......v................................I.......I.qk..B.....LZ#.......#........b..K.%.#........b..K.%.#....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............Z.^1..'.5 ........N...^..................d.NLJ...2.}.........f..................................."....I.qk..B.....LZ..............Z.^1..'.5 ..............Z.^1..'.5 .............#.......#.......#...........................................#..j....#..T.]..#.......#...B..#..H....#....B..#....>.)#....J...................;........4...4...4.."..............#...#...#....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........#.......#......##..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):977
                                                        Entropy (8bit):7.231269197132181
                                                        Encrypted:false
                                                        SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                        MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                        SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                        SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                        SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.361335556707609
                                                        Encrypted:false
                                                        SSDEEP:48:ZasakoRQAIntAze9MiE3VpLD6XgWq9jnohjrdqr68RGRXqk9zAG1:ZasQRQAIneQDE3TaX1q9jnCjRy3RGHL
                                                        MD5:0D42643D90CED77D5CEB532C2455748D
                                                        SHA1:38874D4FC8B1646CA5AE083B9CE6D135B66563D0
                                                        SHA-256:6E228A2011A9C4ADFDAFEBAB50B0E93A86817ECFCF18DB7511E08B43CDA8B695
                                                        SHA-512:1150685F3B572E6DCAC188AAA796BF7D0BEB1F240D40BB50B2400697D41884632975016A0E089A2C20B6BA86521C12F9A7198ED3A2EB087425E96EF844CD8393
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.........a..x.1..:R?...a..x.1..:R?.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............%=^. gP.+#...F......N...^................\Jq` DB...m.w^........f........................................I.qk..B.....LZ............%=^. gP.+#...F..........%=^. gP.+#...F......................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):34299
                                                        Entropy (8bit):7.247541176493898
                                                        Encrypted:false
                                                        SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                        MD5:E9C52A7381075E4EBC59296F96C79399
                                                        SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                        SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                        SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.302597527301553
                                                        Encrypted:false
                                                        SSDEEP:48:6xsEQpsjtlngt7NfEHSFLUBXZnvB9T4oRrdqrqiRXHkDSKJZRkQDqFYlu:2sjEtlngbEyFYBX5B9T4wRyVQzi
                                                        MD5:0B803F5BC393BE2C49C92F7A9B65A433
                                                        SHA1:EB4F8C563E19F90C21C6AB56DFEE58BEE35A4504
                                                        SHA-256:B2403BF69026DFE1C2DB31E999741DCF6E590CADF10B7B7DE44013A84B8F1ACA
                                                        SHA-512:F18790A1278E931C94F85C8EFF12504782823661B8B1CE2A5CB17616A296D737EF6C47D90C13376CAF8AA07385ACB3C6E25F4F83A0855CE89F2008651CFA2E84
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ+1e.....+1eJ.....-....o+1eJ.....-....o+1e..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................N.N'..RP.}E......N...^................h...,M...-1.=.........f........................................I.qk..B.....LZ...............N.N'..RP.}E.............N.N'..RP.}E...........+1e.....+1e.....+1e.........................................+1ej....+1eT.]..+1e.....+1e..B..+1eH....+1e..B..+1e..>.)+1e..J...................;........4...4...4.."..............+1e.+1e.+1e..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........+1e.....+1e....#+1e............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):10056
                                                        Entropy (8bit):7.956064700093514
                                                        Encrypted:false
                                                        SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                        MD5:E1B57A8851177DD25DC05B50B904656A
                                                        SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                        SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                        SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.360918718276376
                                                        Encrypted:false
                                                        SSDEEP:48:6sBfe1JAOtROEXh2aLwxXo2x9jzoVrdqrQXCSRXiLBg+4jpqLBgmY1a:6sWAO6EfAXom9jzkRyQZN6
                                                        MD5:0F089D9B2C86203BF2D8D2690DC4D161
                                                        SHA1:1CB8DBE456070E6C6F8D02AAB652A40BA1A7CC05
                                                        SHA-256:390EF5509CCDCC35F623DB8C7C49573DFC6C9E1B0301B8C947A7257017A75729
                                                        SHA-512:F69EBBD967DF8C414916C3DC1EAEFECAEF2E2414C27084EE3FBF51DA6892075C1739579A3B6929D62B75A2D491C759BC292BA4DF9E5420CAA8109D055EBE65D7
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ............/..`Z..6....../..`Z..6.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................?...v...5.....N...^.....................b@..M.J..S........f........................................I.qk..B.....LZ..................?...v...5...............?...v...5.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                        Category:dropped
                                                        Size (bytes):84097
                                                        Entropy (8bit):7.78862495530604
                                                        Encrypted:false
                                                        SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                        MD5:37EED97290E8ECB46A576C84F0810568
                                                        SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                        SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                        SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.344773650945381
                                                        Encrypted:false
                                                        SSDEEP:48:jsn3S0jOYDtW3Lsd4PEMxmPXtV9THohrdqrNhRX85Qo8fZvnt:jsidYDEY4PEjXtV9THgRyDiO
                                                        MD5:5E070D77BE0D8C3F021D17963A4B7480
                                                        SHA1:B9D22A61110BCC581F6257F0E33420DB21727007
                                                        SHA-256:A575666E4891FFEAE6E8149A1B6287E555F383372C791026B8F27A3CF20D4904
                                                        SHA-512:BA3060304A53BE347BCA3B38A2EE5FBCCF4A6A9339F0F29A75DAFA3E9AA08C8A5F2208ABD652A5B7E3BCCADFD9B8E9AF5C0E10F0A7735064126D80752046DD04
                                                        Malicious:false
                                                        Preview:2...>.......L...v...@...................................................................................................................................2...>...(.......v...t............................I.......I.qk..B.....LZ?.......?..,.>..;..{....?..,.>..;..{....?....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............",.l..%....+c1....N...^................G....B..............f........................................I.qk..B.....LZ.............",.l..%....+c1.........",.l..%....+c1.........?.......?.......?...........................................?..j....?..T.]..?.......?....B..?..H....?....B..?....>.)?....J...................;........4...4...4.."..............?...?...?....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........?.......?......#?..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                        Category:dropped
                                                        Size (bytes):64118
                                                        Entropy (8bit):7.742974333356952
                                                        Encrypted:false
                                                        SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                        MD5:864EEA0336F8628AE4A1ED46D4406807
                                                        SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                        SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                        SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.328888607667362
                                                        Encrypted:false
                                                        SSDEEP:96:JABskYdB2L0EoXL9nj5cRyv87bdsasRYm:GBsP2VoXL9j5cRyS+/
                                                        MD5:85108A9FD9CC04F1ED945CB0BDD15336
                                                        SHA1:63B1119C9D57150C18AAF912D720A7958C4B5090
                                                        SHA-256:BACA156F70DEE839D449C66C627F052BAF849EB47C9A32ED32794D38E6C2494A
                                                        SHA-512:B8E7F9AB8E4C4F8066B245556725CD45DE39595ABBF531C62517F093B46116233A5F5D8442843EE050AF3AF54C0437D4F409A4202EF84E160006C671511E7FD3
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..;.......;r.8!.$d....'...;r.8!.$d....'...;..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............+;......&TG.....N...^...............`......I.......E........f........................................I.qk..B.....LZ..............+;......&TG...........+;......&TG............;.......;.......;...........................................;j......;T.]....;.......;..B....;H......;..B....;..>.)..;..J...................;........4...4...4.."................;...;...;..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........;.......;....#..;............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                        Category:dropped
                                                        Size (bytes):65998
                                                        Entropy (8bit):7.671031449942883
                                                        Encrypted:false
                                                        SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                        MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                        SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                        SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                        SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):3.2291579758968694
                                                        Encrypted:false
                                                        SSDEEP:96:ms92g2lhDM2+WEcIqvXmK9jGAqN4R0jqe2lx3iV:mswzlhDMTcFXmK9jq4R0alJU
                                                        MD5:125E5DF7977D71FE576EFEDAA984633A
                                                        SHA1:ADBE8192EE01D282F4FC65FA13AA51D4E8CAA146
                                                        SHA-256:EDE104827343E96648AB5B6F20F542FAFDEFB2289D783D66BDB7128D90A03584
                                                        SHA-512:23332A997BA401FB3D26BA16DDEB3C676CDF9078F186260FF046F0942724A0934629CA960DFBD1608212AAB5D0E7601BAC02487382A627568380CE82F13CECF1
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>...j.......v................................I.......I.qk..B.....LZ............y'..&f ..v.o....y'..&f ..v.o.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................7.0....O......N...^...............k.'....N.......]........&...................................>....I.qk..B.....LZ.................7.0....O...............7.0....O..........................................................................j.......T.a...............D.....H.........N.......?.#.....9...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7...........Op.b..F.$..i.................;........4...4...4........................#...............................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):32656
                                                        Entropy (8bit):3.9517299510231485
                                                        Encrypted:false
                                                        SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                        MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                        SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                        SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                        SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                        Malicious:false
                                                        Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12824
                                                        Entropy (8bit):7.974776104184905
                                                        Encrypted:false
                                                        SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                        MD5:2628353534C5AD86CBFE57B6616D46DD
                                                        SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                        SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                        SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):32656
                                                        Entropy (8bit):3.9517299510231485
                                                        Encrypted:false
                                                        SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                        MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                        SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                        SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                        SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                        Malicious:false
                                                        Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12824
                                                        Entropy (8bit):7.974776104184905
                                                        Encrypted:false
                                                        SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                        MD5:2628353534C5AD86CBFE57B6616D46DD
                                                        SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                        SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                        SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):32656
                                                        Entropy (8bit):3.9517299510231485
                                                        Encrypted:false
                                                        SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                        MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                        SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                        SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                        SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                        Malicious:false
                                                        Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004V.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12824
                                                        Entropy (8bit):7.974776104184905
                                                        Encrypted:false
                                                        SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                        MD5:2628353534C5AD86CBFE57B6616D46DD
                                                        SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                        SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                        SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000050.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.31766576692259
                                                        Encrypted:false
                                                        SSDEEP:48:YuysPqTssJDvPturEya7JnXt9TtjdFrd3rtxLrjRX/9pWM35Hrh:Y9sMvP2EyaVnXt9TtPRbLrjx
                                                        MD5:FC3A35B2181AC3C83A57128054E9005B
                                                        SHA1:2A828846CE11ED421992D9DD2D69A5C165FFC00E
                                                        SHA-256:EDA2138CEBACE9B93925D87F48305109859909A81A5D15019B47DA6CE748F782
                                                        SHA-512:E44511290994C3D41F06860FAF03249B119A5F5B0AA31447877C93C9AF9DC557A7859D6F253D533F78C72C91FE69FD04E5CF521C8506DD4E6126787163F6220E
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZM.......M..2.%G.$.;.nt@.M..2.%G.$.;.nt@.M....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............d'.C.u.(J.e.......N...^...............jZ...EN.Z...c........f........................................I.qk..B.....LZ.............d'.C.u.(J.e............d'.C.u.(J.e............M.......M.......M...........................................M..j....M..T.]..M.......M....B..M..H....M....B..M....>.)M....J...................;........4...4...4.."..............M...M...M....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........M.......M......#M..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):39010
                                                        Entropy (8bit):7.362726513389497
                                                        Encrypted:false
                                                        SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                        MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                        SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                        SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                        SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.445232611029839
                                                        Encrypted:false
                                                        SSDEEP:96:BsUefmqwwB6EEOJXL49QqgRbkS7bD+1CsEW:BsUefmxw4R8XL49QqgRbkSPD+1Cs
                                                        MD5:F29057E6DF196C548A3FDC6F3AA25805
                                                        SHA1:F4D3EC011270314B63E87E55E20376F48D4A057B
                                                        SHA-256:162A4778CCAA084483E28CDE3E500A6550D62A4C40AED08D7AAF949925A0AFE9
                                                        SHA-512:E074183FFE72867AB030203716D389FC7C9536C82B96D4102B70FAD7DBFCD25B034E944B00E9333CE109E08ACA009373D0555C59CAD12CA7416FA59196119197
                                                        Malicious:false
                                                        Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ..a.......a...f.=m.....a...f.=m.....a..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............W......RF.....N...^..................q..E.....h.........f........................................I.qk..B.....LZ..............W......RF...........W......RF............a.......a.......a...........................................aj......aT.]....a.......a..B....aH......a..B....a..>.)..a..J...................;........4...4...4.."................a...a...a..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4...........a.......a....#..a............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):25622
                                                        Entropy (8bit):7.058784902089801
                                                        Encrypted:false
                                                        SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                        MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                        SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                        SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                        SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.308717676764423
                                                        Encrypted:false
                                                        SSDEEP:48:YuusCGIgAdHnotPibEHGKiXU9cdj41rd3rUudxjdXniQrv3UWKFQRxv7:YBsoHoVcEm5XU9cdARbDzv9
                                                        MD5:0ABB047A84348BEB6432C844A0C81D6C
                                                        SHA1:57CCC4737067C98BBBE3805C0C7DF077E0E67631
                                                        SHA-256:AFB23A0ADF33C2DF08DF164AAEF4A36157ACD1F22AA901BD995CA891728666E2
                                                        SHA-512:FACEFA99A15E3DAC57D5E90A72B5B9D9FABDA6DD8D2A4CE7F1666FF9F86EC9C702E7C956DEDF4D6A9A99D94AA683564E7B9A5BD35D984944F341504F847F7A9A
                                                        Malicious:false
                                                        Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ...........p.3..9R....'....p.3..9R....'......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................9x...P......N...^...................4..B......}|........f........................................I.qk..B.....LZ....................9x...P..................9x...P..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000055.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):2033
                                                        Entropy (8bit):6.8741208714657
                                                        Encrypted:false
                                                        SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                        MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                        SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                        SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                        SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000056.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.366207826468873
                                                        Encrypted:false
                                                        SSDEEP:48:F0soUf36OwLtBj7gEkJL6cXxYYSc90Qj4lrd3rMx6TdXODtjZZd:F0sd67LD/gE8jXGYf90QIRbrTiZ
                                                        MD5:B851198710CDFAD1C6C5992CA364A169
                                                        SHA1:926CCC510AAAAF744A53F97F58B105FDA046E1C0
                                                        SHA-256:D48AAA756A73E50D315DB8002F7E026AFFE17D6E8DFD5CA1CBDB458A945B8131
                                                        SHA-512:24EF2FE124E05B7601779939E2D9C3E20ACF76B24309F1261B129F39C2782C04F5554AADA131B60F934BA70EAFB6C526AB4A4565BFF22E0622F507CCC0294E4D
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.%......%.....60J2.u.,.%.....60J2.u.,.%..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............d....S.8_.b..I^....N...^......................B.r.Y............f........................................I.qk..B.....LZ.............d....S.8_.b..I^.........d....S.8_.b..I^..........%......%......%..........................................%j.....%T.]...%......%..B...%H.....%..B...%..>.).%..J...................;........4...4...4.."...............%..%..%..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........%......%....#.%............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000057.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):55804
                                                        Entropy (8bit):7.433623355028275
                                                        Encrypted:false
                                                        SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                        MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                        SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                        SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                        SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000058.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.474198989940033
                                                        Encrypted:false
                                                        SSDEEP:48:Asn/l1MM5tEx3OEbzYLXS6L9Uqj4dPrdMrrgdXq2kwZA9:As/MM56x+EYLXS6L9UqwRME/a
                                                        MD5:398D531EFF90B275502005C15A7E0472
                                                        SHA1:AAB06783FC7504281118E515AB2E28DD9338EED8
                                                        SHA-256:37B5C382CFBE3C35B568181B88781C41E96D8C5FA90C73EB81EDEE6F1D31F139
                                                        SHA-512:AD2744C11DA74784EAB8CF0262AEF58EF1B44807F5BBE1AFA226DA68E5B42D10E58914D470F410AA453436C2D55401F9E42B61A810F9DE7B251D88A9AC64C522
                                                        Malicious:false
                                                        Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZH......H.5h.a.>..L....H.5h.a.>..L....H...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............@...R).....P.......N...^...............NB+x.cG...O=..........f........................................I.qk..B.....LZ.............@...R).....P............@...R).....P............H......H......H..........................................H.j....H.T.]..H......H..B..H.H....H...B..H...>.)H...J...................;........4...4...4.."..............H..H..H...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........H......H.....#H.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000059.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                        Category:dropped
                                                        Size (bytes):59832
                                                        Entropy (8bit):7.308211468398169
                                                        Encrypted:false
                                                        SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                        MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                        SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                        SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                        SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005A.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.334070778442466
                                                        Encrypted:false
                                                        SSDEEP:96:JBsMOiyDHJTWEuXB9OPh0RMrTi1kupzXc:vsMOiyDHJHuXB9OJ0RMrTi15pz
                                                        MD5:EECB0C305DCD7F2B62B6F433D9A45939
                                                        SHA1:0FB8DCD57C7503B5F587E45D0A8CC35A9BDE8DEB
                                                        SHA-256:FB53B1FEBF0559D4C75EEE0056A8348E9CEC265F3C9B58339315FD1C87373BB4
                                                        SHA-512:912B6F347D7B20C0C78F17C3F17533AEDAAC8076E36EB0E15A7D26F291ADB126FE79FE2F9E4517F44FE0672B2A2EE66E1A9CA98C40A3AE424EBEBE62316246DE
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ...........;<.G.%.l./*.p...;<.G.%.l./*.p.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................M....5.8[b.%....N...^................*H..#A.>.d..b.........H........................................I.qk..B.....LZ................M....5.8[b.%............M....5.8[b.%........................................................................j.......T.^...............B.......C.......>.......|..... .3...................;........4...4...4.."...........................z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005B.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):33032
                                                        Entropy (8bit):2.941351060644542
                                                        Encrypted:false
                                                        SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                        MD5:ACF4A9F470281F475EA45E113E9FB009
                                                        SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                        SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                        SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                        Malicious:false
                                                        Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005C.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12180
                                                        Entropy (8bit):5.318266117301791
                                                        Encrypted:false
                                                        SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                        MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                        SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                        SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                        SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                        Malicious:false
                                                        Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005D.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.3098410995157455
                                                        Encrypted:false
                                                        SSDEEP:48:ZXR0sFYUsqIvzptQyIT/EPEczowLVEKXPEKK98sXp5i+rdMrW3mQXbH0v0M9a04S:ZXCskvzpT+EsAowJXPEJ98Gy+RM4m/
                                                        MD5:5A204ABD5B1F871D08FE7520B551C347
                                                        SHA1:7308E389CD51DF67837B03CC4930DF28D29A0B30
                                                        SHA-256:F71C0266BD89E6E0069E6CAA4F705792EA18E5C7BEE9D431BD6C384ED276F61C
                                                        SHA-512:A1BDF143EB1FDE77938F79D6E40B35246F04853F68AAFB7EE46E846FAEFF578881566CD95CACBB3EC005FBD2CBDE5064D4CBF5C6E4ACF840486A1AEFD736622E
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZi.(.....i.(L.q..(.g<.I..i.(L.q..(.g<.I..i.(..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................o..1.."......N...^..................J+..C..A..G.3........f........................................I.qk..B.....LZ..................o..1.."................o..1.."...........i.(.....i.(.....i.(.........................................i.(j....i.(T.]..i.(.....i.(..B..i.(H....i.(..B..i.(..>.)i.(..J...................;........4...4...4.."..............i.(.i.(.i.(..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........i.(.....i.(....#i.(............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005E.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):2104
                                                        Entropy (8bit):7.252780160030615
                                                        Encrypted:false
                                                        SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                        MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                        SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                        SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                        SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005F.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.360035371275351
                                                        Encrypted:false
                                                        SSDEEP:96:GskvTGxFJBRE2YX7sVq9NEERMxU4tZUTYH8CoSktSDq1:GsXxF/uhXI89NEERMxU
                                                        MD5:C4BEC77F5568FD0D9E39461E06E19B0E
                                                        SHA1:75372196984B77682C16A0CF47804F88F23C2E05
                                                        SHA-256:C0D50A75DE00F43F86E04607EB8E4638EF6D7A44ACBAAD1AFF8BF04E5AFAA0DB
                                                        SHA-512:08B6CB9858069215C28A56FC73940824E1482524A7EA447FB9D14F1980C7FDA637C26C350F5D6EB196299B5E75D2DF8622CD7A30F132C77C0A3A6AA3AF8BD935
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.(*......(*s....6...w.T..(*s....6...w.T..(*..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................Q%.8:z#........N...^................=.X..pD.J.....9........f........................................I.qk..B.....LZ...............Q%.8:z#...............Q%.8:z#..............(*......(*......(*..........................................(*j.....(*T.]...(*......(*..B...(*H.....(*..B...(*..>.).(*..J...................;........4...4...4.."...............(*..(*..(*..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........(*......(*....#.(*............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005G.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):14177
                                                        Entropy (8bit):5.705782002886174
                                                        Encrypted:false
                                                        SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                        MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                        SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                        SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                        SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005H.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.352359780343253
                                                        Encrypted:false
                                                        SSDEEP:48:YsKoUBx1Lt89pEYXL7dXBgXRGTWg9hsy0pyxrdMrJEkOFXVlm9x+y1:Ys4P1Lu3EQF+XRGTB9hMERMmkOlGZ
                                                        MD5:80E60DA4E661CE230DA24F76CDFF17A2
                                                        SHA1:5A1F177BEC613B839C3E0DC74311E1C2AF8362A1
                                                        SHA-256:6E0D02B20209F01E6D9AA7D31D4B9EAE33C7EE7013CB3AA00FCEC6474B084547
                                                        SHA-512:EAC6405A49FD4454E8E0EB057E8706387CA1F84AC21B827DC830D180FD93493EC9016BA9BEE95D9AE55D403A5C666378FA0F46C46B847F867C34E7E88F1F6F3E
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.w.......w...78......H..w...78......H..w...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............,.Ab._.'.........N...^................e.".DXH. .XQ>.........f........................................I.qk..B.....LZ.............,.Ab._.'..............,.Ab._.'...............w.......w.......w...........................................w.j.....w.T.]...w.......w..B...w.H.....w...B...w...>.).w...J...................;........4...4...4.."...............w...w...w...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........w.......w.....#.w.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005I.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                        Category:dropped
                                                        Size (bytes):36740
                                                        Entropy (8bit):7.48266872907324
                                                        Encrypted:false
                                                        SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                        MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                        SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                        SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                        SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005J.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.455748173057066
                                                        Encrypted:false
                                                        SSDEEP:96:J3E3MsDPLlL89PELZXSw9tM8RMrP6+5c:JaMsDLlLFLZXL9tM8RMrCZ
                                                        MD5:6A7465DADEDFEF4EE7AF09A5D7B26905
                                                        SHA1:41432D02B5360E4A775713238C2E1201BC1BD7FA
                                                        SHA-256:C68FD9E74A9B38E95F0FDF6C7A8436067451FEEEDC97F1124329E0FB54AC1B3C
                                                        SHA-512:884B716D8C52B350DC18DA53CD4768AFC9B146820BC6AA488E3826A393B8D8750C0108AFDBA6D511210802272B55753E59245B5858222D74F45A23BC3C4CA232
                                                        Malicious:false
                                                        Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZ.T.......T..V....p...%b..T..V....p...%b..T...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............Q..1.....=.......N...^.................Z@=.G..2.ctW*........f........................................I.qk..B.....LZ..............Q..1.....=.............Q..1.....=.............T.......T.......T...........................................T.j.....T.T.]...T.......T...B...T.H.....T...B...T...>.).T...J...................;........4...4...4.."...............T...T...T...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........T.......T.....#.T.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005K.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):53259
                                                        Entropy (8bit):7.651662052139301
                                                        Encrypted:false
                                                        SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                        MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                        SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                        SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                        SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005L.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.341395754357882
                                                        Encrypted:false
                                                        SSDEEP:48:dss3byq2uZcptqOgpEXDJYGXs2t9p7swpylrdMrx8SnFXCdpqChzN:GsuzUcpMpEXpX/t9pVYRM6SngNz
                                                        MD5:F2199A233AA75FF8271E1A1FBD643A1B
                                                        SHA1:35D353733360164CE142323B32044ECECECB848B
                                                        SHA-256:72C91F78CA32A4363268A73C1554823FB20E528C6111F7858DE75BFCA75DE214
                                                        SHA-512:3B979E7CA357A9DB3FD2E93C613503250A42F54F6A01A8497D75602CB10DD37B11F4F2DBE5E5B2A704B8972C115D36DAAD55CE8161D7CEE26F12BFF6A2B02177
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.................D.k..~..........D.k..~......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............$.......2W..vH....N...^.................:...H.T.............f........................................I.qk..B.....LZ..............$.......2W..vH..........$.......2W..vH........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005M.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):60924
                                                        Entropy (8bit):7.758472758205366
                                                        Encrypted:false
                                                        SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                        MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                        SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                        SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                        SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005N.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.342765884969952
                                                        Encrypted:false
                                                        SSDEEP:96:UsM5EDs7bE1QX4yQ9BNgXRMlrjlFyjidc:UsM5isUKX49BNARMlrjlFyjMc
                                                        MD5:45E63B9E8D167C461B9412B159D4DD1E
                                                        SHA1:B1E9C78090EC3FA895DD0CC1A3A974DB9C8457FD
                                                        SHA-256:82C9AADB5D8DB95B175E7CABF341BCA1C1E48075C16E66388D9355AEF3C80D57
                                                        SHA-512:54274CA169DE800BBE77907A403644799271E750F6C1E2DFF7A4A8DADCF8D6A645D76C4531AF43EBD98145A0C23DB147460F55FB65C8836F9177EB5CA86D68E6
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.........."....).dZ....."....).dZ......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............z.p#|....w........N...^..................5.{'O....>..-........f........................................I.qk..B.....LZ..............z.p#|....w..............z.p#|....w........................................................................j......T.]............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4......................#..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005O.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):6.740133870626016
                                                        Encrypted:false
                                                        SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                        MD5:E96BE30D892A5412CF262FEE652921CA
                                                        SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                        SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                        SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005P.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.346064165418962
                                                        Encrypted:false
                                                        SSDEEP:48:Ze5sW8EQMt1BaEPA85M5X0I1L9l/s0pylrdMr5tpFXeoPIYEg:Ze5sIQM3kEPV8XH1L9l/p4RM3pFE
                                                        MD5:4FEB590A217F6FDA31AD6ACA98EEE828
                                                        SHA1:3774767C6B1274983F00AF5E5B21813199F933FC
                                                        SHA-256:D4BF7C046EBEF97FA5247A9B4E8509653E468D134C0A087ED08F7E62B8D5A551
                                                        SHA-512:3A7A379FA3178A69BB65E0AD9E2087A5F8C31CFCBD460300AFD324A713CBD587AF44DEE3CE0C2BFEF840A53B64DAF3D15715E4A14D43FD56EDFFA0E973E9182E
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZr.b.....r.b......%5.-.r.b......%5.-.r.b..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............8$..9Z..A.l........N...^..................\./lO...0.]..........f........................................I.qk..B.....LZ............8$..9Z..A.l............8$..9Z..A.l.............r.b.....r.b.....r.b.........................................r.bj....r.bT.]..r.b.....r.b..B..r.bH....r.b..B..r.b..>.)r.b..J...................;........4...4...4.."..............r.b.r.b.r.b..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........r.b.....r.b....#r.b............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005Q.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):1547
                                                        Entropy (8bit):6.4194805172468286
                                                        Encrypted:false
                                                        SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                        MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                        SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                        SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                        SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005R.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.3459266915649835
                                                        Encrypted:false
                                                        SSDEEP:48:esSWPe9WMZWEH9ztFZE058jOXFF9pUHpy1rdMrFhCFXJEc2WMZWutKWHWAmWYR:esnhTEH9zJEcXv96HIRMFwIsTuR2A7Y
                                                        MD5:885FCFC8C91F0AFF0A0991E764FCF479
                                                        SHA1:3C18FD0C1BC469F0A75976ACD5BFDDF20460C2EB
                                                        SHA-256:55A4CD0A95073B6FA88C0231DCDC9BA235EC133E0B57CAA5EE8D19E7BA3776DD
                                                        SHA-512:9951CACC8C7844988B1F3E8F1915270147D276F04183212348A55E06C7FD24EA46DA8C8FA3786ED691F6F765BAC198B09E85744BA3AA80D7BE5583265B6B8952
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.].......]..^1..1.2.J.x".]..^1..1.2.J.x".]...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............wu...4.%...97.x....N...^.................._SrG.S%..-.+........f........................................I.qk..B.....LZ.............wu...4.%...97.x.........wu...4.%...97.x..........].......].......]...........................................].j.....].T.]...].......]..B...].H.....]...B...]...>.).]...J...................;........4...4...4.."...............]...]...]...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........].......].....#.].............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005S.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):95763
                                                        Entropy (8bit):7.931689087616878
                                                        Encrypted:false
                                                        SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                        MD5:177DD42CA99CAA2CCBF2974221680334
                                                        SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                        SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                        SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005T.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.334345870701198
                                                        Encrypted:false
                                                        SSDEEP:96:+sVrHvAgLu+pkEy0zX/9C8YRMmGo6vsNRR6254poOaH:+sVrHvAb+zy4X/9jYRMmGo6vsNRR6255
                                                        MD5:3E0039E45E5DA1D1CD13536353EB0F76
                                                        SHA1:948F80B69C4AB7CF17B32BF89BD408D18DFDBEAC
                                                        SHA-256:116143FEAB05B3527E99A93E72D427B1ACC54CF5A2A46AC80F244CA0E57D584C
                                                        SHA-512:640FC31446D93B0B7F1FE3B2DF732C5FA85CF9B21D7F8F37D5CD40F5AF134392C618C8F074C27B2CD9B4A1069237042DF21BBE9C84E5CE56C6601F693A83580C
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.g.......g..J..."5Z......g..J..."5Z......g...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............-.r.....R..?......N...^...............t.J3.i(O..]k.}..........f........................................I.qk..B.....LZ..............-.r.....R..?............-.r.....R..?............g.......g.......g...........................................g.j.....g.T.]...g.......g..B...g.H.....g...B...g...>.).g...J...................;........4...4...4.."...............g...g...g...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........g.......g.....#.g.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005U.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):67991
                                                        Entropy (8bit):7.870481231782746
                                                        Encrypted:false
                                                        SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                        MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                        SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                        SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                        SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005V.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.35016289753648
                                                        Encrypted:false
                                                        SSDEEP:96:2DssNYNsNt5wvwEddX4/9G74RM7E097jNsNFN1NvN5:gsK5kNddX4/9k4RM7tJ
                                                        MD5:E3C64CAD23DA542C49AF8D0F85F41380
                                                        SHA1:DA084F73BC668967DE6A1461D3D2CBFFC26899BD
                                                        SHA-256:E732C25698F99F943F0C35E0A1D5DEE8437114E98A28A752A3B90A98A06D2EF1
                                                        SHA-512:C125BF2B3E7FF1A6F601F6C2FBF94CBD99D7E837F00E7E359542CE67CBE6D31E7F9A8B9DAD5106A0469003FBC41D675A2D04F9B3D15109171A59F8512EBE8F3C
                                                        Malicious:false
                                                        Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.n2......n2.YE2.!..a.....n2.YE2.!..a.....n2..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............J...0..,P..|/......N...^................V..rEM................f........................................I.qk..B.....LZ............J...0..,P..|/..........J...0..,P..|/............n2......n2......n2..........................................n2j.....n2T.]...n2......n2..B...n2H.....n2..B...n2..>.).n2..J...................;........4...4...4.."...............n2..n2..n2..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........n2......n2....#.n2............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000060.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                        Category:dropped
                                                        Size (bytes):22203
                                                        Entropy (8bit):6.977175130747846
                                                        Encrypted:false
                                                        SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                        MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                        SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                        SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                        SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000061.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.422614231839554
                                                        Encrypted:false
                                                        SSDEEP:48:mJAsbyTZfAMtBTE15LTk8XPod89hUtpy5rdMruUq3FknFXbZk4BCNnJ0g:mJAsmfAMTED08XPod89itERMWWnA0
                                                        MD5:E1049B4E36636BA37EA4565EAFABFBB3
                                                        SHA1:04D6F6F7DF6C6F6B68148A0B77FEF117BE8440D7
                                                        SHA-256:BCCE8CB66D31FB92CEE343B628CB33B34270C654F1B7764012015B9470C9E525
                                                        SHA-512:5AB158CA5074FA8D29AE4EBA77D23FE4DD4FE57A31E58403A636D4AFDC179FE0AF61E26EBF7165BAF66EC8216878CCE49E7EE70361830297EFEF5166B65A107D
                                                        Malicious:false
                                                        Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZg.......g.......#.r..P..g.......#.r..P..g....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............j........!...U.....N...^...................2|J.. .2..~........f........................................I.qk..B.....LZ.............j........!...U..........j........!...U..........g.......g.......g...........................................g..j....g..T.]..g.......g....B..g..H....g....B..g....>.)g....J...................;........4...4...4.."..............g...g...g....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........g.......g......#g..............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000062.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):15740
                                                        Entropy (8bit):6.0674556182683945
                                                        Encrypted:false
                                                        SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                        MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                        SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                        SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                        SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000063.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.346610878320135
                                                        Encrypted:false
                                                        SSDEEP:96:aswg+H0iBsEjXDXH9uwIxBRMEkWHig2ig0igYiigzig2ig5Higpig:astriHjXDXH97gRMsHf2f0fYifzf2fh5
                                                        MD5:CEECDFAD2F471D38B9906F0BB7D5DE00
                                                        SHA1:4988E7E52A5CBC1D156850AF568A47FEB23AEC37
                                                        SHA-256:5C058C43D01089DDC3200EDDCA53B58B32752CD9C093788518957B875E5BACF3
                                                        SHA-512:C06D636B8885E5B58903ADF1D74909C7C8465F66F1AC3858C61ED9475AF2C404D6A87F9D388486DECF14729E039B565F43EDD208BEE9A62836FDADD1255B5149
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ...........................................I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................%._|.0g..-Q......N...^.................>a.eE..6.............f........................................I.qk..B.....LZ...............%._|.0g..-Q.............%._|.0g..-Q..........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000064.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):86187
                                                        Entropy (8bit):7.951356272886186
                                                        Encrypted:false
                                                        SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                        MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                        SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                        SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                        SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000065.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.686016974975554
                                                        Encrypted:false
                                                        SSDEEP:48:eGmsbciE6u2toie1EdzbULiBhrAkXo719RU8pylrdMreER6FXEJv83n2gplj:4sK6u2eHEtUkJRXox9S8IRMj6ov0pV
                                                        MD5:B18F94B5BF7BA2446E708E2190129668
                                                        SHA1:AC6696AB85238F5B17358E4D9C8A893AEC2FD503
                                                        SHA-256:171AE3E1E857AD01267310FADB6C12B65D4FA2DB9530D4BC2772B7CCF7CF5F4C
                                                        SHA-512:1B168BBB9BA33349DB06CA29F0AC86489068FA19C4573728468F3409E2FB09EADE59889B58544341A4540512ADA399AB515DFC5470A5814C2D00D153A9C6899A
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>...t.......v................................I.......I.qk..B.....LZG.<.....G.<..!.......G.<..!.......G.<..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............A...k..|.i........N...^................|.Py.O....+)..........f...................................H....I.qk..B.....LZ..............A...k..|.i..............A...k..|.i.............G.<.....G.<.....G.<.........................................G.<j....G.<T.]..G.<.....G.<..B..G.<H....G.<..B..G.<..>.)G.<..J...................;........4...4...4.."..............G.<.G.<.G.<..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........G.<.....G.<....#G.<............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000066.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):11197
                                                        Entropy (8bit):7.975073010774664
                                                        Encrypted:false
                                                        SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                        MD5:DDC3CC30794277500EFE4BC6667EC123
                                                        SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                        SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                        SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000067.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.349538164087316
                                                        Encrypted:false
                                                        SSDEEP:48:8zvs+1JVTQyWTFtxLgElLUHcXqc9SGU0bpyFrdMrWZXFX4ZAHBWlUe:8zvsosyWBrMElIcXqc9SZ0b4RMOXhhi
                                                        MD5:4738D4AE44B152AAAFA52752A06EB16F
                                                        SHA1:CFFC35AACFD3AA0173330E2ECAB8DBD3C4CB0B45
                                                        SHA-256:566FB4D6D3189FDBE61E1BA3EC867E474AA71E92E9E99A23AEECBA502298EC0B
                                                        SHA-512:96D99B58DC3582620361D86212AD198A940854BBBC7ED74941541929B8B75F943B256E009BBDEBFC9DAC7BEDBA868E22F8425BA34093E81BCA43B4DFEC4B7623
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZu.=.....u.=v.....)&...YHu.=v.....)&...YHu.=..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............e..&."....5/8s.....N...^......................C................f........................................I.qk..B.....LZ.............e..&."....5/8s..........e..&."....5/8s..........u.=.....u.=.....u.=.........................................u.=j....u.=T.]..u.=.....u.=..B..u.=H....u.=..B..u.=..>.)u.=..J...................;........4...4...4.."..............u.=.u.=.u.=..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........u.=.....u.=....#u.=............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000068.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):19920
                                                        Entropy (8bit):7.987696084459766
                                                        Encrypted:false
                                                        SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                        MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                        SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                        SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                        SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000069.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):2.9276043667258893
                                                        Encrypted:false
                                                        SSDEEP:48:LAQiAPsd11OsiXOtBjoeE1Lf9NVSL6MhwPXwF9JszpyZrdMrH3TFXTpVNzH0yi+W:0QjPs6XOjfE15N0fcXwF9Ji0RMHDQ/
                                                        MD5:6D32A3CF9F6A51EE151359796FA7DC7F
                                                        SHA1:5CB033F92B34EAB92E4773A899577EFD8D4D8B11
                                                        SHA-256:73121031D067E34C85EA29C98202F2196BC6D4AE079367CA74C91677A8032B46
                                                        SHA-512:180DA5BA62FB45CF492B696E4F8D5D1A301724D149F557F96023A5F09012595855449A72FF01EA4A63108B361BC42A5808DE51F09F3DC4751DA38AD7A777F376
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>.......H...v................................I.......I.qk..B.....LZ.............I..h..........I..h..........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............z-'.}3.,-..........N...^................."..^*J.9.0...@........f........................................I.qk..B.....LZ.............z-'.}3.,-...............z-'.}3.,-..............................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006A.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):179460
                                                        Entropy (8bit):7.979020171518325
                                                        Encrypted:false
                                                        SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                        MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                        SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                        SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                        SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006B.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.360364626685672
                                                        Encrypted:false
                                                        SSDEEP:48:5x2sPvzCIg8PKtM6F+E4QSXAA19Zs+8epy9rdMrNhVHP9FXS8Awgg:qsTg8Cm6sEKX99ZdIRMBHldg
                                                        MD5:D96FEADE3D8EC4547D14CC3D38AED13E
                                                        SHA1:52FF5C8EEF367942BADFB18942C3336B2333B9F2
                                                        SHA-256:521C45C827A8361A114673A13C24EDD8C053130F01597114B4E80B6D6BAFC06B
                                                        SHA-512:E963A4C79232EC9FC14C2D2856A83A35FD3CF4402804F980EBEEDA1449640903832F68EA1EDEF0F0D2DB51422DC7A68AF144AC49097F8318EBDE07A54FDC0DF3
                                                        Malicious:false
                                                        Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.|[......|[.}..".t.7.n..|[.}..".t.7.n..|[..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................3E...Kw!....N...^................y..g.<D...../........f........................................I.qk..B.....LZ....................3E...Kw!................3E...Kw!..........|[......|[......|[..........................................|[j.....|[T.]...|[......|[..B...|[H.....|[..B...|[..>.).|[..J...................;........4...4...4.."...............|[..|[..|[..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........|[......|[....#.|[............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006C.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):109698
                                                        Entropy (8bit):7.954100577911302
                                                        Encrypted:false
                                                        SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                        MD5:8D804A60E86627383BED6280ED62F1CF
                                                        SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                        SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                        SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006D.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):4.340399294791769
                                                        Encrypted:false
                                                        SSDEEP:48:msBKpwQI2kdAtxGE3yTRX79hW8sopylrdMrFU2FX8hV9Q7dZPftG/lh:msOkAyEqX79ZNYRM9iI+
                                                        MD5:3D58DBC63D959A61A0515F953754C1B0
                                                        SHA1:D683870AFB0B7F752A1C21A25CBB713EEC78FCE3
                                                        SHA-256:8F73E0BF1B737DC38212E74FCFE30DA7884406743829DC6A385B225CC55DD938
                                                        SHA-512:92167EF15795955B2C3C83544EFB02A22997B7DE8A6C23149AF419420917D9FC90952AC1B656D5DEECC91E4117B05FAF66A5EFFE77BB1D5CEF7E2592519EF802
                                                        Malicious:false
                                                        Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................h.......h...B-.....%....I.......I.qk..B.....LZ.h...B-.....%....h...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............N..f.?..'.s.........N...^...............cu+.'gHN.Q.k:Y%.........f........................................I.qk..B.....LZ............N..f.?..'.s.............N..f.?..'.s...............h.......h.......h...........................................h.j.....h.T.]...h.......h...B...h.H.....h...B...h...>.).h...J...................;........4...4...4.."...............h...h...h...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........h.......h.....#.h.............................................

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006E.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):41893
                                                        Entropy (8bit):7.52654558351485
                                                        Encrypted:false
                                                        SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                        MD5:F25427EFECFEE786D5A9F630726DD140
                                                        SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                        SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                        SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006F.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):3.35154007662505
                                                        Encrypted:false
                                                        SSDEEP:48:VNmEfGH5OtlO8jnDbPUErl7E/wkA/Qr3XbXh4S5SyR:PqOtfDDb8EGoF/4X
                                                        MD5:8B22372ECE4DB3D2F492C7BC85B64678
                                                        SHA1:C7DFFCCF20E2716DE50EAA217EF3780ADED07EFB
                                                        SHA-256:8AD8737E2EE65B6C089E1969A68CF93419F08DA723338DE0DEF74C6EE73B7D5A
                                                        SHA-512:627E831F710264518A891F194DB9C0D37591E94E569E418FA79EEDE4B337E174475979C6AB85C137633D083EF27441548D76AAF9CA51AABA32B1C90290FC3AB1
                                                        Malicious:false
                                                        Preview:........0.......................................................?...............................................................................................h.......................................k.*.....k.*.......][/.D.t}......t}..S.N."...D..;c:]..^....I..DE;c:.&".gX..,.N...:.&".....e8.*6]1.`..............k.*.....k.*.................................................k.*..w..k.*X....k.*..4..k.*.....k.*..$....xT(P...t}T.9.....T&d................4..(.....x.(.....;c:.....;c:]..^....I..DE.t}......t}..S.N."...D..2...v...4.......................k.*.;c:..t}...........................t}.........c..,0...e...B4.$........[.-...I.......9.....................................B......q...........e8.*6]1.`.........B......q.......xEX.LF...QO!.R..x..t}..S.N."...D.W.t}.....>...............&".gX..,.N...:....e8.*6]1.`...............................;c:..c..,0...e...B4.$..............E........................................0...........e....4..................T.o. .D.o. .L.i.s.t........s.)..O@

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006G.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):3.948831145154349
                                                        Encrypted:false
                                                        SSDEEP:192:d/sIF9dwsw3CtXgkTZkvRzHrzjpjjLtOn7B9/hd6n:e1WFURzlMP7
                                                        MD5:856B4F7BCAC1A2602154A4DE47A684BD
                                                        SHA1:49890C9BF23043FD0FA58FEF9A7539412487FEA6
                                                        SHA-256:572954F275930B9D0AB02629A1937B1038C6E1F69D7484793DD3DBA4DE8F98D7
                                                        SHA-512:37E84FBEF58538211112EFE04B9987FD4C490581D99F41DEBA67D4537DD4DFB158A78937E45D95A1071784C2242A9880F94FF56FA665B0F21B4850F53C975669
                                                        Malicious:false
                                                        Preview:2...>...........v.......................................................................................................................................2...>.......|...v...H...@!...!...................I.......I.qk..B.....LZCy..;...Cy..=....I......Cy..=....I......Cy...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................E.......>\*.....N...^.....................7N..W...f"........h...L...............................D....I.qk..B.....LZ................E.......>\*..................................Cy......Cy......Cy..........................................Cy.j....Cy.T&n..Cy......Cy.....Cy.H....Cy...K..Cy......Cy.$........Cy.-Cy.JCy...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.5............(Cy.#Cy.8Cy...z...,4. .......$>........4...4.@..7.....................D..n4..o4..p4...4. .F

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006H.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                        Category:dropped
                                                        Size (bytes):68633
                                                        Entropy (8bit):7.709776384921022
                                                        Encrypted:false
                                                        SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                        MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                        SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                        SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                        SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006I.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):2.6142189745768403
                                                        Encrypted:false
                                                        SSDEEP:24:5WBHedCDJ0WUlm5Afo1uTUlFw7wyyu85UlU/uoUliP41vyu2gUlOTV:5WAdCIlm5AwkIlq7rBlUmBljf2plq
                                                        MD5:007E5542757507DF93FDD6C1A2B4229B
                                                        SHA1:AB29C4BA945CF2A2BD6FD12D63241D0C83BB277A
                                                        SHA-256:73821E117BBBC4FDD9BF368F11C68AC2EA1BBC821B89EB9731B09E311D218DE0
                                                        SHA-512:AB47D267170FF0B5599AD872DBB0177F2F8A8038607CBB08859C0D92F77778DD918AD412DE125A80B44651BED25183DEB615066EDFA95E4D82EB9DEDCC98E574
                                                        Malicious:false
                                                        Preview:...........................................?..........................................................................................................................................................................C..i................b.YC....w....3.%...'.a.HK..3....K.^R0..F....{l..K..'P......`E....'P...........................................................................n.....`.........8.......T.......Z.......a.......r....................4..~...1...(...(.......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.T.e.m.p.l.a.t.e.s.\.1.0.3.3.\.O.N.E.N.O.T.E.\.1.6.\.S.t.a.t.i.o.n.e.r.y.......S.t.a.t.i.o.n.e.r.y.........1.......S.t.a.t.i.o.n.e.r.y.................1... ..$....S.t.a.t.i.o.n.e.r.y.........!.......!.]j...~ #......K.......K.^R0..F....{.2...............0.....................!...K..'P...........................'P..c..,........................'P..c..,0...........d.B...H...3.f..........................1... ..$....S.t.a.t.i.o.n.e.r.y...

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006J.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):4.091836619635258
                                                        Encrypted:false
                                                        SSDEEP:192:lrMSIL3UwweM1JTXbEbFw/gctTgJQXKvEb87GXOlw2A53RJAWrDjorkHt95tmVJj:xMjw/5f87YxRJlvO4
                                                        MD5:E31E34347036070BFA14CE2946588249
                                                        SHA1:6964B6BE6449A25BDCAFB00F1E43754B9B670264
                                                        SHA-256:268D41BC26D92EEEAE2EB30E247A6DE407B09EC279EC5876F6700241F3A98254
                                                        SHA-512:300603B631D2A2CA836592787AA40B30359F313642B850CC86CA08BF3AAA299FB123FC10EFE0B5B401B531887F94C12F7703C508E91C35BE63D44EA565463AA1
                                                        Malicious:false
                                                        Preview:^...>.......L...d... .... ...9..^...>...........d...h...@...@;...........................................................................................................................................I.......I.qk..B.....LZ..1.....9i....f...R.sG-./L.......WsG-...9i....f...R....I.qk..B.....LZ.I.................................................................sG-$....sG- ....sG-$....sG-..)..sG- ..... .N.&.....'...@.....'.2...z...,4. ...."......$>........4..`..7......L.o.w. .P.r.i.o.r.i.t.y.......................:.....z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.2.3...........sG-..z... ..$........................................2..7.........1.h...?.......?...?....rA\.-?>...o.u.t.l.i.n.e.L.o.c.I.D...o.u.t.l.i.n.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.4........?ff.A......'.%.....z...,4. .......$>........4.@.4..`..7.....................D..n4..o4..p4...4. ..1........*.........%.#...'.&...9.....

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006K.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                        Category:dropped
                                                        Size (bytes):59832
                                                        Entropy (8bit):7.308211468398169
                                                        Encrypted:false
                                                        SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                        MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                        SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                        SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                        SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006L.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):3.241455626926095
                                                        Encrypted:false
                                                        SSDEEP:384:HgS5y+Qap+39ln6k0e8DwZHXPRJekQGUqI4t:Hgey+Qap+Nln6k0eKwdPRYkQGUqI4
                                                        MD5:A55459C4AD9AC5DEBD4B0B95D1E38AEA
                                                        SHA1:6B9338DC27BE49A82B440EEBB662C216E7A61817
                                                        SHA-256:C810E72E73062AB293B49FDF03893EA9610447615801BE6C06C0543E64568BB9
                                                        SHA-512:24E99C8B9097FEB85AA4510D692D3D42241B7528CAE225A82E5C41DB2F0696D351EC1C1C24E1E2202BFCE20888D11775D068DDEBB6BC5B015EAEB53271E97E13
                                                        Malicious:false
                                                        Preview:2...>...........v........ ...-..2...>...B.......v.......@....,...........................................................................................................................................I.......I.qk..B.....LZ....P.......S..%2....M....S..%2....M.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............I[.....'..f......N...^...............c...[j.M.\`..>.............................c...[j.M.\`..>.........c...[j.M.\`..>...........I[.....'..f..................................................................................................j.^.....T'......................-..................... .L.........3...I.....z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.6................3...9.....z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o

                                                        C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006M.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:modified
                                                        Size (bytes):53259
                                                        Entropy (8bit):7.651662052139301
                                                        Encrypted:false
                                                        SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                        MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                        SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                        SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                        SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):2278
                                                        Entropy (8bit):3.8566993448608864
                                                        Encrypted:false
                                                        SSDEEP:48:uiTrlKxsxxyxl9Il8uEm90JC60PwwpDCrP79Q4Id1rc:v2YV0o6V9QO
                                                        MD5:2AAA16C4ACAC141E9B72B73F24BC57CF
                                                        SHA1:C04F8F55BADC0AED5DA7B5AC729E015143C88ED2
                                                        SHA-256:B6F4D4182D37119328091FB860C63397B1F2FEA3030842EC56EE9F465CEA7C63
                                                        SHA-512:0C613C8D231146B4F5E92C608AEABEF652B7BE5B0688D3B0F5A0277861F04F3CF159AAB2CD27276D60DAB340EDE5BED35BF999B48D5DF6D20AA56238311384E7
                                                        Malicious:false
                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.N.6.I.I.X.A.n.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.n.1.b.j.o.D.

                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):2684
                                                        Entropy (8bit):3.9079444463438753
                                                        Encrypted:false
                                                        SSDEEP:48:uiTrlKxJxqxl9Il8uEo+e+QTZW2PeLURlU9nj+CU9lN9d/vc:TYF+ei2UUQjjU3NM
                                                        MD5:909ECC871FA61443923C619D6F948519
                                                        SHA1:00DB20ECE67CBF51B3A652C397F1D94D4B73B534
                                                        SHA-256:6EA708175FDA5C5C4316CDBD1D0E6CF4713B507E8BF85918463B664335A50217
                                                        SHA-512:365922F1AA485824A55221A6A2158EF227C08EDE53607C650F4FF47F90135337CEA0D1F8028C6AE48FC828EB4F78EA1EEBDB3BC809C764D775DF77280BC43CDD
                                                        Malicious:false
                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".h.H.f.Y.O.D.l.G.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.n.1.b.j.o.D.

                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4542
                                                        Entropy (8bit):3.993849552211976
                                                        Encrypted:false
                                                        SSDEEP:96:xY+wnASBhVTNs6eHuyvsuwUU1x2ku1vtzLWS:xlY1+jHuyEuDUbFwvh3
                                                        MD5:F565DEC77678AC91FD0DDE818FAB4869
                                                        SHA1:7AD7450D264DC2DA9C87AF590830657FEA579516
                                                        SHA-256:69BF9EF2BF273898D5D0409DF5000BA14C5F727008B0690AD5997ED692AE332B
                                                        SHA-512:B7A006497AC1F3782B0D3C630F52C2F222A863B8F953776A6634C9683B011D4C2F5F5FA77189535C91DD90A53EBBB0FBD93299F5524421F2AE3F3B45867A30F2
                                                        Malicious:false
                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".p.X.h.M.B.2.g.n.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.n.1.b.j.o.D.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\11719.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):39129
                                                        Entropy (8bit):7.995889052506495
                                                        Encrypted:true
                                                        SSDEEP:768:1L8suUY2JklqdCZZSmwhnsMbG+oM63SaAkJAyqXRsodRO7ZrF:9uUbWlqeMn2+daVaDRSrF
                                                        MD5:CF427F52C19CEAAB25F64DA9C36C9E67
                                                        SHA1:6A5A89B502492F61C65BD37815480DAC5EF1CAA4
                                                        SHA-256:CAB3DBCA73390725214926494056869A81196D95A14ABC737318A857EC77336D
                                                        SHA-512:0CB9011EA1EA0A39481B72A96C8FFAA784590E649FAEFACA693024B5C7E8FD1989BB1FD5236862E2AEF087F4B7F7FB1601B3B372BA4FFC5F1CDC8B2757D8A456
                                                        Malicious:true
                                                        Preview:...............B......_..G|5=S...D..M+..5._x.#.A.g J;q!....yB.=..b~....l..9G...,..i../.gfK.F;CG.....V.'.D..P...SZK...V..e.k..&#G.:.\.b~.....uH2... z1.$i0B..w..?..5D..k%...P.../F.....r.v..$.......2%N$W.c..<eO.....:uj_.s..Y..eu....Ro...RJ.L.V/..]..P).....-`..L...|V,..~....i....._..=G..T.l.k....r.:.>.H..|I.X!..F1..Me....K..p.=....*.^ZK.;:......-w.@.../n|3.....H.........Hn..D..Pf.e...c..!.I..l......;...}h<.k.......x..0J.....u.....W..\.....J..... ..R._1C.o.A-.B....7........l.U.&..........@z.q.>R,...'@2.>..I51.kz.m..X...).-3#..&..h......V...aG........0.._...k..eU..`.h..Q.;....t.^k.3L...>>.3..@P..<8.Z....2<.N......KtD|.!.P2s.Y..e.LG8..@...o..2C......v........5.TL~=.....0...z./]..4.o..1..4..!.......yu9.MB......./&.......s..`.k.+.g.2...9."U*.fm]$DWGJ......)W.h..M.N...:....,..(..H..S.%...=......%...s..Jn..[..b....9u...J_,..td..zR..vAEO:Xf-B'.r.[.yL.|_..|,h.'..W..:6v...Q.....he....8.9.w4.7.F.M..`.E.h...h....pE.......)..h......(.,.I9X....q]U.I...,.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9650
                                                        Entropy (8bit):7.979600278729171
                                                        Encrypted:false
                                                        SSDEEP:192:vAyyNmq7cs8YiNR49s+pmhOinQOK1PvngmpVi8PAIMBF:vANQs8FM9sz9GPvgm7AIMBF
                                                        MD5:C6DEDE891934649AD64DFEDD1E45C438
                                                        SHA1:1A74951E8AA90E7F76BA11A450A822B4872F9A42
                                                        SHA-256:479B5F589373A6E2F9A0052DC9A5AA09582BF3F41E47B48D1179481B48E782D1
                                                        SHA-512:4D9F85C30344411EAD62CD37EDF7BCF05FC2C6DE149715142F0A139C3840EA78BB1BC6A9443A1174CBD0546C0C97261B5BD946351BAB25D4E69F4EC29D5389EE
                                                        Malicious:false
                                                        Preview:..Y&O.y.[....H.....P..4Uw......_C/..rf.8d. h`.o3IJR.>jw..4c...T..4..5H1..2.z.^.L...I.@fIi..A.9Q...,.....GL..3}..G_~...?%J../1.......$.j.mG......:.....`.j<y..Wn7..ld^Wb!..+Fq..E...^..6=w..=.(.I.M#.....aw.....3.9.V..J.,.|...h. .).L.2....[.E.$..x`.P.J9. m.n.C8%..T.[..(.4.1@.......u..!..UDGz.<.w.7....q;............f...gd.{.}....|+}..$.&.M..n.k[.a/...;.;..;.q..>..yZr{6... ...D6./...s..u...8.../.K.l.D(...2...$B.$.Q....O..D';v.....4.F.qd_..........)r..U)...%.0........^.`...k....Y..R.w....J..'.f....}..h..b..gh.K.hS..?G.....X.bT%.n...?..Gf.i......S......Bf.h.W..{Br./.>.......N>3.q...<x..$.;...Q.#...We..{....L....`.....!.Q...~.x........e!4..`Kf[Q.SY..YD6...l.t..E.T7....Z<.as..Z;...R...iF...r3.Y......Kxr...(.J..d..iz&r..@..M.;z.[q.r....{e.?.<'......w.....%tbqRq*#y.S.._?....V&R]a.w7.'..8.k.....E^."....i..L.[..|R3.Lk..^\...-.#.@\...[...a...ve.@q.|ij.|d.Vx..q......<6.....l<...O...X.....Tj.OZ.=....n....zN.V..q..&..k...s.>......TA9i>...L..X...x.+.?..Ui

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\0A25402A40000E9317079EA989FBDEAB10234AFB.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):14416
                                                        Entropy (8bit):7.98671953914263
                                                        Encrypted:false
                                                        SSDEEP:384:pw/cIxaCJidQg0DYvxZIlHJqjpEX10WN0Ba+F:pWcIZSwA+pqjp0GF
                                                        MD5:4EA34165B33EC118DC18F79045084AD4
                                                        SHA1:451150D7EE2BEA5216008AF09C8F9E2B78661C74
                                                        SHA-256:9009DC83DE79DE6FAB5608C65036113F372E6420D5C3941FCEC072FA0944F4F6
                                                        SHA-512:09EDC57FE3716E0270DD2E277FF02E08A67D10BA82F8B0727D30855B35A738C2299C459B918A13ECD0565F94651A208795B681723DF3940BEB3A3BBE9131C6AC
                                                        Malicious:false
                                                        Preview:....F2F.....2.=.T.U@..b)Y..8hEp.bN.=..{.y...7.3.h..$...n.(......_wr.kb..W.F.(..S.XZ..#.vsx...)....-....o.............C._#...*W...9..-...Eh.<...4$.f5J..:..B..W*.<.c....Q..j.->_tD.}}.T........E.#..Y@...Q{.Q.........b...{}u..G.......!.}W....l..8..UP..L.QG.p.....q.a.I........<e.}s.....m..U.t.~,>..T....f..pWu.3;......./............m.....r.p$.E.E.[..&mq...@4Ji.X;QK...U.`..e.F....C....$..CF...)...b.DzT.>7b_-5../.=.#?R..,E.8&...h]d.-*..:....^.b4........I...2..|+..YYw...N..oS^s.] ~..+..f....E."]....F.....c..u..*.......Ps...*.G..9......q@...`...QS\..1H...(..0.9.n.iti.k.+{[...5...@..W.=.a.@mO.W.6.kt.X..s.V_D.y......-9.O....Q..E..52.0......H.Dx...%X.. ..p}*]..+-..j<9[...........G..TF...#..qw.@.V..p..YE../.7./^...7..f..sq..&3.....8.J...'..n..Uv....`.*?.T.D..r{.8B..........@.8.c....P..l.W.'...z.......p.....W...:.GV...B.!.....e.`....Om8IQl.i...!......3........y..c....!.......[r......Y....$.....0O T........t...'...(..j..l.AI..H....b..H.I}...x..F..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\0CE0F034E77EEDE612100CE488EE967637B58DEF.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10068
                                                        Entropy (8bit):7.981454065391569
                                                        Encrypted:false
                                                        SSDEEP:192:QQLNlXD7qOtuGu8Ke9yqwhG0cAMfqRKoajmMdpKETeLhFx/Rd90zVzHKLHMPF:QQRFD79HyopoEAiQ+e2eLTHbsNIAF
                                                        MD5:682BA5BD9DA71EB66B08374A714CEA50
                                                        SHA1:8D3AF3B48058BCAD9C5294D71CA0F9362860651F
                                                        SHA-256:C17CA9423778D9BDCD66BF7E11FBDB2794789736198A208513EB9F97D5C1B43A
                                                        SHA-512:7EE038C23E1E98915160F72E443FDEA05FAA97BC640E84103598D0EA712B41283C9DAF6F46796192D77DA894792B943195A87CDFCD72895303C1191273DBE07E
                                                        Malicious:false
                                                        Preview:.'.......n...5..}.X./t......3..h?.........u...mg.~......x.a.4.8....'6..12v.....q..&.G.....XC".~.*.p.DG..r..M=2..`...a.._._BX0..{...F..)......I.....S?...|T.&..;...#or.V`....66..k?..X.{......tw5.o......p..=.S..... .~5....]........l.f...[KT6...5~.H..+.y.);......W.......9..;..................0HC.=....D.w..-j...-..|...0x...tD.}...V.aM.T..jB..e%.%(>:..v..}..#X.=/k..Z..S`{....&f.'..j._'1./[i.g5..p...0a...&.(..e%..H../e.'/$'%l@(.M+.{q=!tl..[e.V....0../.5$[4.h..P.._-...Z#.4.../'.....}..N7...nY..g.0..@W...H.6.B33..y...%.c3...{x.....d..,L.A...yU...!..........M.7.j-..7e...o......R.6...R..c.!..a.TZc...._..."9....p....g.<......4.#...........1.%...D-..>{wX`{..../Y..d.=XA|..9..A.H@A;O[...e>H+.AbQy._9.c8q.r....3#.4N...lX....a...ec.....n.*..R.<*...n....t...5.is......Ue...%...W.s4:..V!h....+..K{?..RV.?.-.......\.......v&I./_s~.a.8k..M..i..`......mC.4.PZ..7.G.. V.:..w.....-..N%...s..4..2....../.Y..4Iv.....'...Q.o4...y.'..K._.7n*.X...5X.S..x3{ec?...

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\0E22ADF4ABAC508C15FE8241CA5B0D2E6152A063.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):11675
                                                        Entropy (8bit):7.984298434401231
                                                        Encrypted:false
                                                        SSDEEP:192:N9ZPR78tDG2CWspCq7n+Y7MkkJiYafLPfGFyIf3C+9WvRVUJL1pVcwZBgoZ7PF:R58JHsQqr+yMDJEfLWyq3NQvLMAC6sPF
                                                        MD5:5577B30A163B1484BE6B317AD365C7DF
                                                        SHA1:3B904E03E7157E6E87636803B539BC71DADD11AB
                                                        SHA-256:A07998FCC34489EA70C60C5C4830BBDEAC98662C00589ACEE23203A5B8166700
                                                        SHA-512:FA5E49B7336ED79E1723BBAE130818A1050C3F7683CEA8E60E65C1EA4B74CF728FF6478F5D1AA1DF1428BABBEC745A15A6AB8EB99799450788AD36394E9E3284
                                                        Malicious:false
                                                        Preview:...........\.A../..cl=..._"...y.3.......1...J....]......,P.r.bj..."......m...\..`_....x.....R=.o....._...J5S@.Wz..B.........>:1..t.a..d......M.@HcW.p...z9....?L..u\.r`....>@61..,..+h,n.%..6.C~AV`q.w....[.A.,[.m.d.o.+:i.....g..%Z7.3.....{M.s1..y8....g..C.......U..j .J.?Q?.....x..- l]..\Gl..d&UK..5o..U.G......k.4......T....:.}:...^O.03.SBuQ.N....M^.r..v.?.6.......h......p..z..a..w.._0...z.-.....xT.*G..."..r.V.f&.PTgaLV..:]..e/m..{c`..I...e.b...g.l^9..8.............f-.{\.q.\.-F.....Iw...L.o...#.........45H*(....\/pw4.s..;.D.f.+.e......e.... ..Z......y........$;iQyJ.......y.....o....5U.....?..v......'...z..dQQ..-.".g.2...U=0..B..Y[Q..u..NE..D.sB......f.9.....5.....V.k.}..z..5B....hjT.}5-..t..g..)..>..0....*q&.c.8/......D-!I.._.....Z.."..W.I/.?,......iJ...i.z.q.).P}.C...r...k...vb..~.BOP...Ab..\.cI.L'...s9l..Tzv...E..V..%B....._Vs....<.`S.i@Q..vO4....N...T....<.4.f>....o4..~..h.}rqC=... ..uy.'..T.,...S....K.W./..b.z=..~u.+s)B,.F/X.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\109D080055C1548CE320A422FD98DA1D5E1A5BC8.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10206
                                                        Entropy (8bit):7.981494178576432
                                                        Encrypted:false
                                                        SSDEEP:192:+N6wL9s8Qhoe2/OzLeOJHJ5f46a2wFjgnZhsyACc81O0F:+N6wps8QhoHAbn5f4L2wFwQZ83F
                                                        MD5:8F6F276DAD9EE0F32E301197B742EC63
                                                        SHA1:9CEAE1C8FB29419CD0868CC41EAED56F10FC4CBA
                                                        SHA-256:866C8714C586230B620795E24F27E17C5AC2C63A13E8E176E4FDDD266F7B03CB
                                                        SHA-512:AEF428D88871A6E2BFFF9D7A17040283A5A16EB9CC130B92B65C0C172164BCB1F5495AC20539394BFF367C1B75374A0D2C390F48BBA01FB8B2EF23A2414AF56A
                                                        Malicious:false
                                                        Preview:.Nl...o.y{dd...{<.4.......!..._..'o.v.q}e\...TA^..+.-z..4j.x....(|....C.@)@}.[U.|..%._.....B..e.T.......A..X.m....._..K8f|.f1.q._..?}]..]..QC.<.........>.[1a.s...="~.1.Ud~x....M...e.i.m.z.I.:.g..o..u@S.,n.#'..&..u...^>._....E..>>(A....&.<.#0.>...cD..r..)...Y.Q..H.../.....l...("....Y2.u..[B..{f.4..._f.C.s.....Q...R..S.5G3..zp.n.7.DM.0..+...j....#....WVrp`.:s....dJC.v..).f..g.G.l..._..........<.....)J...36JLz.R..5J..,...V..x.r.V8...6.HPSg..."..4A.;.C..ZH.........OQ;a.^CQH.....=c............^..y....".;g".Vj..GT..tv..).bj....(j8^Z....\Tp..(..@9....K...z..'C..(..)(h%F.....BI..,O.6;.`ss.......P.....Tc...}.UG,8....[...@I.,...b.<7/7...m..e..<p.E"f..A7...Y<...b(./...R..P;.....pS.yi...%...P.=.j..)g>....'.S.R.}....y.;}.Y....'..'tjw...uH.\..>h...FP.q..V.......x..f:o....d?.>.F5.....~.....`..l...a$...q.......a.ph.$..83i.VV.p~@..!U.r....G........9...Qu./*..t^I..>&....i.9...[.mP.A..^PZ.<t.....>..?d(.kB...e...b.O.P....v.)......A.pE....l.z...N;.|

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\180089313729568CF6D0CAF9991F0FA4115478F0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):14510
                                                        Entropy (8bit):7.989349312747612
                                                        Encrypted:false
                                                        SSDEEP:192:/BRiIVztaNJ0cpWgIo/QJm2XMFhcaPrCkm7spvSO3/jV7UIsh1TrZ9F:z32n0cpl/IJ1XfaPWkhXv57ybrZ9F
                                                        MD5:EA6A13F704F36778CC68C920AA2E7FEC
                                                        SHA1:BFB265175D99A94E178D3C2448823C62A3CB1939
                                                        SHA-256:87D16B9EF08167F733E9B7BD62799C91910D629D3B01C25A69F178082F3B6DFF
                                                        SHA-512:7148C88A3706B4680F00A31A431F71306E9FD9AEF59DE5DBD0E29385B93FADEEE5721EA9FCCEB4A6ACBC3183BFD2B59F5485E79224FFD6439166BCB61D9DDF8D
                                                        Malicious:false
                                                        Preview:.R..Cc.H-...G....q.X..c.%h.....E0...c...3.Ozv.....J.p.3.h.%..X......]u.c..~....kV.d!Rt.7...F..<Q...\ ..`..Hf[f.k...v.u.......A#...._..]...]v..tT...9............V/...)~..b.)...P..{.M/.B.|.4q$.....T2..Y......s.y.v.*j....CAG..a.....VO....;../a.....|v.H.G.nC....G..k.....1i..e...d*1t.>%.......#.".3:.....:...\..jp...J....b/.w.IE7....U..W..!.%e.^S...$S7j5z.l...V....bL.;b.D..Y......"0..<pV/...A.;..w..1Yxp... ..,e....M..]..zx.x..22./.1....gY.[..D..MAS.._l!..55.<..SX.!..|....ug....&K..Yh.......zn.._.._.'....D.hTT....+E..?.2.!.....jd........'"...g<lB..Wy.V"\...A.=.d7......6OvC.c.{UT.p...".*....+V3i&.D...{V..I.....|..f....Z5tN2.zu...,.V.H..=........G.zfH.S....>3....H"....p.pU......l."W...Vk...G.........E.Yd.....hf..L.....5..u_d..>....~.g:. o`..u./....yi...A.~.....?...:+....N...,.R.4]G....#.v.0_0~g...nX..6...0...T.A.N%..D.2...\...'.....S.X.T...}..~...r$GN........Xq..6g.E..T7.`xt...,K........f..w.Z.% ....Y.Z.....]....2....+...]..d..VH5....#O....

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\2275F9569F28969C8FC69F9660A75ADD1F8B963B.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):19987
                                                        Entropy (8bit):7.98826876716885
                                                        Encrypted:false
                                                        SSDEEP:384:Ja4D3vXnl5085T1M9HoF6jQPrhyw6r3fotbF1i8Xhpz+2QwBxzZtt8vnSQTv0F:XvXf0kCxoFRrUww3fohie3+QBVZtWfSF
                                                        MD5:B242E43EC45AD1C9D1CEA0B79AB95E60
                                                        SHA1:E7CD130C2AE073E569129FC55377DF734C1FAD79
                                                        SHA-256:9FF5BE2F6C550A4A83E7D2158A8E5D2CE9B21E5D36D8B01FA24F12E9D0950EF1
                                                        SHA-512:3700B033682C3EF342373AEF784B727FE3775274DF0957572C117F454D62530EB4A259BCE711B22414D6978E3C4DB5EED20E30174033DF49DC2924FD219BF9DE
                                                        Malicious:false
                                                        Preview:.L..h.k..}.....@.|.J.tz...dJnn.r.....}`F.C..,.....q.........Z4...(.}<a.]....;f.....=....@...x....6.3..Q"..[.n.....6l).|OH..+)......5.U...Y...f......$.nV'.d....!.h1.:...F ..>z......BCg....Z9).......p.....a...?.n..3.@52.U.y..(......`.O2..z{L.KZ.H|....V.....'...a......@&...J.....5.."S.Ws.....nO.....L.T`...y.[G.;.g.A[..+X......X.......y...!/*..un<.x....sX...P..@..v*L..(..a......m:W.A~.WB.h,M../S....,...*..+d..]X.-..:....hF..\..2.QOU,B..?...Mh.W......3J.-.'...t4.(.....<A..I-..|..O.xY[t..Z;F..t6.....h.?.p.X..u.._.1..R.<.....=.a..p".3~..Ne.vu....~.....Hv.....k...k...*...t|...u......%]:]......B.........:M`.q/....7"<Of.P...Wb../........^..W..52u.t0.`c...X.p...l...N.tm...F.....+'$..9.u.""...#2..\.......Vd.G..7lf\O..c"H.....4..."..d+..$2e1i....<....+0.p....6o...!..vo..yR...m.......B.Hq;.HZ..T..:.'......R....).{.p.g......C.........&+c..!>.~...H./..X2.....Uw,C:6.A.GVr..x.....M.z...B;M.9o7..4.&`.p.l......y.Q.oa.c2.`.i.-P2TA6..0.:y....

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\22F59957B7E08CD6CCFED6AF2A1DF26FE157DF40.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):104902
                                                        Entropy (8bit):7.998437221984131
                                                        Encrypted:true
                                                        SSDEEP:1536:mXF4WeWva4Rm2FDYVZv9RKrGWFx59pQzbaVG3xxuyN53DsnO5RY97MyHt/vKMRF:mXReWvaKE9RUGWjpMIrSTseRYCyn
                                                        MD5:1343603ADDC2688F145FD05ABD06A6A7
                                                        SHA1:DBF5CD9BA77754425AC3962C9328EBF7111E44D4
                                                        SHA-256:84C121E9B24E85A8A35147C43F999242644E161E832A2D0429ED73EFC692775A
                                                        SHA-512:7D7D5A9E0802148250BD8CE082C4623C9989404DE407DD762665CE7E46B5C5E2E6BAE666CE9419E636E797E7F14F633E49BB7CDD2E36D2FD510300599963540D
                                                        Malicious:true
                                                        Preview:..t<..ljs.&/.y5.P;.Q.iK...y....6P.4.X/#?..hb,....x.:th.n`..Lh.P..|.......*..X.5n...:......].D....q.lH?B\..(qf....y......q*..`....8.b.../..E..._b.P...>..Hq0.hVtl./L!.n._.....2I3..{........x...w......l.~..)".....~..S.2.....uM0U.GKhe.....G...C.,..c..J[3.....1....`.PS.w.SKDWM?eG?... %!..U.....u.(...{?..W...x.#..=`.t...{G<....*....Ab.Gi.3..F.k..[n.gN5...".n.9*_..I4 .B{....NP..r..;.7...6xR%h.'H.O.G.....;'.hLH.vb...hY1+...........Fx..c.(.(id.o[.z..$Xu.|..r......i,....45%..0..={8!L9H..?t..4la=:yf.&.T........4.a..b.T...........5..'b.H...u.,..G..t/bU..<!7.X1....|aS..aH...).J....+L...bdr[U..<.`..W..*+.k.p.H;v..."...?.&^....{.....)..hjZ..y.t..k_...X..2..).%.`EW...c..?.....]B`..b..*...O....3........T..4np..{7?...#..nM..=Z..S...G..1..4 B.%.....A.+.}5.w.|<.".2+6.Z.H.C..8..S.[/..$....x.<......U..b.8....E.]..;...".\.=\...).LTk*.......-.e3.....T..i.....AX...+.+..K.Z).$Dz.M.....f.8oiH8...P[...5...R#..C.Ib.[S......X..o...j:...vM.....y.&.'...E.w..%...a.O.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\252CE8AC445A184A1F4A1C6C6D4ADB8AE41B7776.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):78006
                                                        Entropy (8bit):7.997671841160396
                                                        Encrypted:true
                                                        SSDEEP:1536:XRO50M72MTiNyB24wY3fLUCVupGXZvpZ60xDDY/O99S7zW8PPbxFxSF:XE508eQlwSZD6mD79ei81fU
                                                        MD5:5CC8C2734E5034B2185721F32AC4ABC8
                                                        SHA1:3582FC9CE67DFF92438FB186FF218F8925FD2EC4
                                                        SHA-256:C0AB9FACEE4CC1E6C7813818BD2833873B267186145B81502F7A745EA97BBF63
                                                        SHA-512:0ED4637D0F2F3D3C02C16B479E060FCF21282D8A3EBFC3B3F5B7849AFB5FB4A545789704C142279BAB5424445D9146E2816B8E0CF91DBE53FAF3AB850BA777CF
                                                        Malicious:true
                                                        Preview:..?%..Nn:....S....../`..fm.wY...$.6.`..N..zMc./.[.x.n...............(d..Y...@...!..P.h.....Q...C...F.m...V7NH..~.6..$..B9.@..r..t....?.....hm.M.B..O.Oo... $E.J.P.S.<0K.+...{9...8.O%....67._w9.IS..M:.Gm/,H...}(I.K...7|..R-nr...d.-'..9.fT.$.o*.Gr.Iwm.....2.A._.E...=-..Z.NM....?.....@U.T.bm.o10k.i.*..m.....Z.;....S.v...f6....I0..XcI,.p..7.C...S.*2..?z.S!(..y...g....UUU..Y.lDu.a..+<.....N..Q .}.HW....P..J.no.w...i..p..rzA.$@.....K........u$..}.lMor.f......N.3.mi.m.m#...!..<Y..*qQS..V.A../nw...S.I.K.a.....o.b.ev7...0..).V.Q...f g~...j>k...,........9../.U#.$.g.&......[.7.......?pl..%..MR...1...}...FN7%.Y...wy#Mur5.q.f.j4.I.....y.].w]...0....PiZ...0.L.....2...O]..j.g....z7.b%......h&y.me....p:R..K.,`.t.>JA..E..I.W.m...."..%..4..3?..zu4h..$...xm...A.Q.@...i..#..Lt.2..a... .....:.r...h@..Y.:u.Ui .o..m.t1.4.A.&.T|.C^..\.x.A^.f.?'...)Q+...?m..Tb."...&..Z+.a.....CC.*.*d.E..[.V........Q.8.0:....+!.....SSv.J...b.V....r2..R.I.T.ot....x...:.|..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9917
                                                        Entropy (8bit):7.98400314750866
                                                        Encrypted:false
                                                        SSDEEP:192:qWDeSU4YwQukkbKYp/go/Z4zdLrEg/i7qkXCfNhwMLjdNlWF:qIMJhox2d3Ega7dGNh/LjLlWF
                                                        MD5:314D5721C43BA59286B30D4412FC11B1
                                                        SHA1:6FDC852DCA5D056ACBA35DD97D9993A83DD6C50E
                                                        SHA-256:7C5A5F5256C37D0E0415579DB8DBF0A9185ABB30D5C6D5C0B56C3EAA5BDD1FF3
                                                        SHA-512:CE3B3D80D0DFDFE3C78ADD8CC494B3D780BA284E1E5BCCE4C4EC8EBA0FD2785E36CE05DA3E145296FF25F350540E7D76DEB94FBEC5ED659524E128CF0CDF2109
                                                        Malicious:false
                                                        Preview:....O."[...[.;.WC...].aY..P.*z@4..D.M..B.i5Ym..^v..u#.; .mW....=.ru#).r....e.$........P.&.o.,..9...F..W...Q\.9...KJ..4...\.DE#01.D.k.7......I.h.......D..HH.....T..._.G.\..z.....+.}..J..s.V}.}rT......./bra...XE...... .}.VW.......e.`&..]......+7...0Q..e.+..(.=...0Y...T..:..z...?)..._Fc.9.t.5}.[..[VV.}-...>.v.5.h..yv.s.l..U.K....p..+.XC\_$....w... R9.H..=o.|....g..&.&1(Q;.xh..Cu...A.b...X. .{.q.a'..(....W.........0..u.1..v.:0.r..|......1k.*.a......D..[.]NRq.l....!....,......|.\...!.G:..^c.[D.."..(.....6E${.C.............g.x.d5.L........w.e.B.Ed.?./.#.,=d3..gJ.?...+.K...-...........G~r.1z.3.1..7@. .*!{........B@.n...(......NG...|..=^..*.......Y.....w.}.=..A....:/.^j..m.....g"g...m7:mC...&...53n9. .o....D.tgZ.$i....Lg...8.....PE..W..._......~./..Q.j@...l...GE@..9.>Zp.........c..'.~?/........Fv....4S.M.gg....@.........G .A.j.$.QD+..;.X+..]T.?..>......kWJ.^l.;...7.x~p...........1y.ai,..7 .}w@/.cV_........1N.~s...?.~c.[..5O..!.&..M

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\271A1C49BED899C458958AF0EF8DF3DE9353DBD2.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10063
                                                        Entropy (8bit):7.982481350608873
                                                        Encrypted:false
                                                        SSDEEP:192:twXlcaZCA+3bgIuUo14i5Szs/EaQKFqp4VU3kHOkRSPklhF:Wl1YbgIudvis/pQKFMoUUGPklhF
                                                        MD5:C4E90089A0840BE8DBA89CF322FBDBDC
                                                        SHA1:15B904EB970AF5B33797437A68E44F044B056517
                                                        SHA-256:547C9B0CF619ED2FC65D53FD30B783F13E7694A2E9D05A53F98E374C7E755245
                                                        SHA-512:9AC39B025BD6C755C6F886E1A454AA099C093DA4EDC00BFF10C7D5289736CDEA6C51E6B87D17C0E1421540C77C9BC5FE8993321ED3C07692EB34524957C454D6
                                                        Malicious:false
                                                        Preview:L.4....c.l...n.;.>.fw.....[;.U.nf...'....5.....S...!...p^...........[.l..'....RaQM.5. .......eq...mR..u".....q......0;D.t..J.(0\4...z^........WY.....]$.....x...Z.....9.8...z..s..:...q........_N.i. ....;._3R.sH.i..1.13'$..".5..'...m..m.N.T..).J.C...y.....6D{jP.sB..."H.M7.....dE..V.S..<.D..?.i.5.xV.F..P`LDP.g{..dAw.}.x..&.H...H%8........n+...E ..k...[..$......;....2.._.....H..EBZ.}R..Iz...oL.X2W..{?.....Idc.7c?...r9E.O-8....z/!2...{.c....Q..9m.B..g...l.....b0....>3..$..<....hQ...\.,.....'.....Jo<?q........'.mJ...... ./...@d ..Kg.^q...L.......`.....M?......".;..Ww.r.zZ(......2.......io...N6-.$.6.r7pbU..!..o*..^....@..k....GO..*RU,.)w[KB^....D..k..j.M..YN<.-..Nr.....~)}.......R....B.`bB6....Z.H^...|....4/..#..p.... .."..w.~.Vc.2\.v.#.....0..*.,...:...$.......qq.G.o.'zK...qZ.....5...9*..G#..M5.....IK....-+...W...D'.xy.t....%M.i.w....2?.....j..P..D.......Vi..$.....%...+.[...-.tH5.p$xC..J'!.l....K.M..i1.....1{.C+4$|...0.......

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\289DBE90018D682BDBFD59A3CAACE9EE538234FD.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20866
                                                        Entropy (8bit):7.991654598671064
                                                        Encrypted:true
                                                        SSDEEP:384:v9hG2fv/3bn/1nsaMLCujRTLTX02E8/SmDVKKHK4i/kDEE9F:v/HfvPbeRb3rERSk/kQSF
                                                        MD5:EB5598622AF6AD099A31BB73D1A52358
                                                        SHA1:117A70F51F477D861E9ADA4118DA5F027C6EB797
                                                        SHA-256:E40A1DD5A15500CEA6A6B576CC3138D8DA75ECFBF3E1ECD1DEDCD08D87D47997
                                                        SHA-512:5A28AA9072BCEB81B86D707730F7076B9DAFA906ABDED99C98D88541A04A4A34DADFEE056EEFAD49CC37315EE144B2D965C96148C2A8F2AFEA70060F88CBF56A
                                                        Malicious:true
                                                        Preview:.X'...L.:.S..U..J\..ER.u..u.|.n...b. ..x.G&_.E.~7rY.,=u..g:.{.L.'3.PRN..-.......U.]..QDa...W.`.9...pV......V....;1w...9.qP;...!.L..v-..f(5~.f.}5...3F...c.|`Z..X..eYi.......]..>./.M...`U..P.~f1.....P.a...$W/e.* .....&.....$A.......x2j.*....CM....c.D[....d..(......N}."....................9?...,......>..^..=.`*..n...Y).".$..R.'.e..p...........M._.;....'!.b..nN......GI.5..K.(..}D+..N.'.2.....>.Hg..tX,q.l...)..........Z...).Z$^...a.5....[*.H..A..7`./q......l........bs!0...=.t.....EL....!.o1.wo..I$..U....0.L..A..q..^L.U.=i.....'....*..N.,q..3..Z.T.C.u).K(.M'...7.2d..K..1...]..i.i@.H.f..,.....B.....m..~......@7H...Z.Y...J.....q....`kS.6[z..*k....Y...i.).].Z....&..c...Jau..9\..f9a.u....9....3d.%.(2Yf@..fW.d.G.[U.J.,.O.q...N... .K]2.t/...Y..;+..$....K.'.e..J..c.a...& [S..W.....Ty...bm..bGj:5..xw.....T.N..q"....1..j..f...b}|.z.......*V...\%_=.q.=u.].....n.x'.W...-.".."C.A!"..H#n.U.i...`"..(..W.g....4.RU...$......6..H1.....}.h.....@.........e.=

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\2915993ED9338054CAC5EABDFA6736457D96F724.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10072
                                                        Entropy (8bit):7.982487357125282
                                                        Encrypted:false
                                                        SSDEEP:192:wASuCZ367EuS6Z61Y0rKeUvl9pLDwCDl21aqBbUnRvix+p5WtpEaBB0F:wTQ61bOe+VXwCDE1DbYRqx+vlgaF
                                                        MD5:7EA528E373C9DBC6901E5607594D9138
                                                        SHA1:21420D8B273130F3E698A4F5925326C58EE5CD2D
                                                        SHA-256:0DCB03AE1C648B1385A159A0FE987CF0621F836EEDD78CA0F7220E52A5D7D4C3
                                                        SHA-512:04C87A107488C88FF953FAAEDA426890A7EE71E6DD19CA2B6330D05A47DF9537B6C6AB3C0B13BF2452B9DCA07526854188E161EAB4162C42BFAE4B621F8AD6C6
                                                        Malicious:false
                                                        Preview:'fd....qC`..o.8.....X.U..l...;...Y.#NZ..\2.j...4..D...@.....4.#J..$:..B.....-h..).xR...3...._W..e!..a...u7......'^.9..9..^9.yo..!......{..Yoa9T.<B?.`..PTe.f.."......W4.Nj.N..R.i...:!....V...r..K.I2....I..........#..:G..{.I.l..`-.W...V..............x..A.......u+.. ....W.`.H...k"S.*.-...x .t..'.. .|..=...-Q....li.i.:....._.%.Y_i3..Bn.`.....xB..+.....Z*"*^..k..+..L. ..Z{..'.c..t.|7..H@.....^!.3..X..,x/.f......'...1[...ui&.0g......or.c.KZ.....m...!...5...m.sYkmh.2.=.....w...o..{kl..h.C3.#.Zy.Y.Ip...Y<m...v.. .7..+m...x"F.v....t...%Hx..i....A......S.9....&P.'e........}... ....f.^<T.)...u...u..?.=.|2...>.o.N=Fr5XQu..........zX.fR....p....K.l..15...A~B....q!J.......3}...8L&9..dz..._.5^..Z...1!......L....w!...a.h...*.$vr...b...d..i||j......../.k...4Xo...haR.7..iuv.'Oe......@..l.)M....4U..<S..n.d..bI...H:^....a.n...\L..d.B....j..3.%....p|`..W.r....Qa.b....H...1.,.u6..'j..J\..Q.....wy.......M.<.GF..)...........li..EJ.....g...."3.......u.aG......._.X.N

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\2AD645B73AACEECB546C581E5E777B2380198A3C.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):11802
                                                        Entropy (8bit):7.983729958198819
                                                        Encrypted:false
                                                        SSDEEP:192:ozQROIAriuH3EJDv0aosbtcXJg4hXtZ85YqCuLzg4V4u6HjjOS0TCaYFF:ozQRkriuH3EJgGbCJg4h9glLL+um/OZC
                                                        MD5:C8D81DCD3ADA42DE4A6EE9414820C23F
                                                        SHA1:C1E8BD46FA6A68FA878FF7CE9179919FA1CE0F26
                                                        SHA-256:041E8E306EA340A3FF5A3ED89ECA55305DCC762CAE548C1A381C2F2E6AF3521D
                                                        SHA-512:A9AA30B52A50D1243BBC46D1E4EDC8DE4BE97C16AC2473A90D379E58E1724A2D97CF5B074BD12302E191444D7E0F5CE256BB91449A6C63114C3AA26D12D331D0
                                                        Malicious:false
                                                        Preview:.b.3h...D.h......).....o.>..."z.o...B............!.|.U...6..$.gN...i)..]a.Z+@.D....<...X}Y...u...O...T...c...W.wi*.*.?.i.Yu..3Qs. .[}F.Y.. ..v9I.............z....(..O3...V..X.!J.`...}vnh.e.*\....n..".Q.%.=DT...{6?.~.k*.hr.JNa3k.2Y..z...8P@...I...-t...}4..m}.u...ifT....DT.q.l.....o)....n..2.....?LC<.v..&......Z<....O..H!c".H.#.Z+.-.8....1.*.*&. ....1..;m..?...9_..&...>.$...V......9..L+U......5A.i4..C.Z.R...>......U@f..l.n...'@DK....\]....o..[.VJ.|#...[...M.x.C.D...V.A...@&,].HI@Z.Vr.@@.....C.......|.c....5.`\...y..R.^W.%g...x....R....y@..c.oh@9.~....;vo...R....nu.il.......J8...{..L.K=+...).ri.....(..F...*....n.....]i:..0..[...(.. ..C.%.Z..M$9)m.\.|..(.Z.c..{.......j...>..P..x\.=.B.(l...Z.....c.(.rxG.z7..Q%0.LY.:.=..+..!....=.E~.P.i.n......L&.......Nw9.}. .vR7.....j...h.H\..81U$..^Sy.E..ko...eS..H....e..N.`XJi..P.....c"m.an...W+.p...PY.W...l.CS,a9...wRm........\........k`M....A..f^!.R.h.ut4.iZ..p.a.z...K6..../".2..u....?E...A.....i...`..CG.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\2B8DB5289EFF0A466C21F47412A322A36CEB5044.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):105774
                                                        Entropy (8bit):7.998114772428748
                                                        Encrypted:true
                                                        SSDEEP:3072:m1nLy3NgBpIFgYENkYbrumgIfZWLJDS3S:mT+6JkirkrJx
                                                        MD5:52DC94BF84F78AF95065F63A33C261FD
                                                        SHA1:31626F1329F81FAD3F2B403C9F70A29FED56098D
                                                        SHA-256:36EE9DC141E710A0EAAE273CA34440F617DF31BC667DE86E4962A26850D97F9C
                                                        SHA-512:1B71701D77C92AB4A95F625064FCB05DE832276D221FA1944B21C264C3AAD94A5FA9D8680529FB0824172F0E465A4F3F047B644EDD35EBD94E4718DAE143F3C1
                                                        Malicious:true
                                                        Preview:........Q....pK...Y] ....~.\.;.s.C.....S..c.....X..W*.-:..x"...e~...B...1.'.4.C...ax..:~.G.....+...bV..P....8>..<...X.Q.......Y....>...O.3.4.w.R..Wo-S.:O..\..U,.!....8.5.-.h...I.P..3Bc..2L.)...*<.M...}.M5.P........M..(.*I.Tc..b...K.S/U\K.~.6.~o.bLs..j..<J...4.......%..l@..*Vi..]e.?A....0.g....K.;+.u[.a.....Nr-...3{".G.`@........S..GS..@D.8....j7*Y?...0e.F.[..3;..j..>7A....hSI..98....e.#(.<...C}...]..!.;.$v..==..\<...6h..d..J@'X....,....t..|...?^.". ......p..#@....y.......".q"P&.S..........r......._.3..^....C.w......{.I......a.f...e.- o%..(..V..0...'.-...../.Z..R...C..".<..=.:T_.....}...........R..........E)..[S\..0.zp...c..^?*.TG.$.fW8*?S&C...X.a...'3.2.....E.f.)..*~n...t.G...\.a^_.r..^*.}......6.._~..F..N.d4Sz..D.n..N.o..:.....:@.)........>Ez..X.:M....|U..r..`>...#G..I........{@..o.OI.....h._'p.....2.}.*..n....>..pi^..^.q.!>.f...[{....1.j.8e..Q`.:+yJ.Y.?~..T.....q... |..u..F.... nyl..[....7....[b.....n...P1P......a^...L`./h.Y....mr

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\38FF788A718C79DDC3D1E23EAA975517D9BA3BB0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10214
                                                        Entropy (8bit):7.983372092369876
                                                        Encrypted:false
                                                        SSDEEP:192:15kIpc0QeP95KxUTt6jVLGZLeQoWkBN1MX54JdnhZYz8V+qE5YzF:zc01oxkMVa6fhHGGJTZURmzF
                                                        MD5:D4C12D3ED52B8AFB1AB38905051EC1D1
                                                        SHA1:7ED9F8754A606CC15E0D2824976D2A5FB545101B
                                                        SHA-256:62294F47277A0E0410F9F246665D89DAB3440E66CA450A9F01A56CEE11A3E594
                                                        SHA-512:BBF8F6B80C6E885A896F0C251455AB7D1AF85A8B17C478519CF60B91BE0CA8293E192535AA148D399A724C23E82ECE922D2B1ADC322A244887DD1E107F62F36C
                                                        Malicious:false
                                                        Preview:YE....T.?..GW..x{...R./..n;X.<.O..@Q.I}..k..T&./.h....-m?.?|...!.qP.".....n2_.:..#.....61.......6uN.*p.;.X.K.]......=.R....#.p....*...!3..o....7....?...W.jM...D..G.U.1....x......TRzv...E ..#..NO..0L#.x....b.....LFvm..^... .G.m.%....."...u_..l.c... ..H.(.P...4...?~..W.T.....&r.<P[.Od..T..z. .<x..>...V..Ck...i..Y"!x..F....i..}..7..r...<.r....,q.E.I/*.s.;..Ln.I`Es ."..K.:-....p.>.*.?b&86..d|q.+.S;U..{....t]..Ik....W......2.......1.S...P.......H.s.F@5.....n^.......Gn.G...b~lL...c.@'$.8....].....d..;.ZH.!..;`.`.1..C....#.\.....%B..js... ...........bq..-.`.C....O.Q..z^ ..R...mQ.JU.3.........!...{.y.x.oI@..}p..r.).....&.|.T...j...M~.!Pz.ep.....4....1.%....H.x.........Zm.e?.XY....J..#c.?..N*b.>;...tj...^.:.u.........$w..q....+..I@....t#p.-=.1.v...Gg...A.O.I&.{"......[...H...9.'....s..#.m....I .^....kQ.......6.l..b.O.2..1~{.[-...+...cM0V01F.~..rg..Ql....@P.%{..A..Q@.21..H.tN....;..Q..b.v..b.u!%...O{.Ao.7t...p.....6.{s.T._>.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\3C9B2D192D535C347CDA9FB12BFC88FD40CF0382.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):97795
                                                        Entropy (8bit):7.997760704055552
                                                        Encrypted:true
                                                        SSDEEP:1536:jzh4i+lL37cQAH7WRVhhYGswzdwPf4qGbXu/E0P6fJeefwQn4LVykMeDbVNalv45:HhJub7cQDnYG5dHbX5I0eefkLcp2bVNh
                                                        MD5:2E7C0702309A15AD124E0BF3CD166596
                                                        SHA1:930371FBFB033B24D32C2BEDC46D8A0FAD3DFDBC
                                                        SHA-256:EADB69EA8B9804F556368500BB15B66F305972676E79DFD65F0744A142E47319
                                                        SHA-512:84942015684B03F5C72DFFABBA214F2AAD8F3ADEE6912CC51935B2F3EA6D93108A64C011A430950C90DEAF2455FCF49FE47D71928B82B3829F2E753F81C5DC31
                                                        Malicious:true
                                                        Preview:.n.d...K.z...q7.=`.b.h3H.k.f...A.o...f.5:B...j..v..t'">..Q.J..].y.J......^...\.o../.n....]s#.fB.}...$....]..0..t....STW...w.iUi..Q(}....#..mX.z.^.O.....L5...61.\...n...8.S.....D.......o_tS_T.r.Hj6&}...b...:?t?e...v...^..f..<....9.)..z.4\-....z..'........8%..`.Wg.G. l........%H..0f..d...W.........$..Z.k.j...x.&.\.l..sd..iTR..$h(c.Xf.nJ...=....1.....D.>.3.O..6Al<.k.......2[..2.V>.5."Y.?G...&.......\m..o.G....x^#...K.FM;B1...K.v....y{@inr.cf......G...pH.@@...@.M..E.T..`....... ....4 .$..W...N.K{'..TC\...5...q..".....Q.2y..&..0TR...e.u...O...i...@..;F0.E.%.:.&y'...{S...[]%....7V.r./...|.V&Fj......~<.{......=.5.#.q..R.6k.v..*.D..-j...Y.Z....X<......\.lt.:....8........T..O.r..i...lrs..pf.S..e.Ld...2................)G..F..$...{>].h.x.p.*2....D..........$Dz..I,...7......\3.k..[B.F............/.n..GZ.Vw...._.......W.6.Bk......[......x....m.dl.m.].g,..1......4....e&;..-.....s,z5..,.a.P..+........U.a.~*.>M.f..B..^?S..i..+...4z.....,q0.x..EG..E.3.f4."/?j.'

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\3F5BD2A3838305545BAF11838A20DDE8D3F6CABE.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9612
                                                        Entropy (8bit):7.979779306274249
                                                        Encrypted:false
                                                        SSDEEP:96:ImEaWE1r8JpxSd9MHu+nXcZKxUIjtlmRNrMLzQK7VKU6PBaaIfFmHyiGuQK435o3:7WEaZ3nslIMrUQztauxLOm8aeB2gV+F
                                                        MD5:85D212902F03CDEAAD9800D9AC561342
                                                        SHA1:53352DDE3217E3246B3F375F1642EA1BF3740599
                                                        SHA-256:6A2EC6B2D85DB4CE74482D21EBA9A4AA6E17F6D2A5850CBC8D354F21FF41F772
                                                        SHA-512:0FC36A4075DF78E2C6626F573CA1F9FCF44C6B7C0F7EFF990950C867A31F8FDE3134CFCBDA24924C4C7F50B74D39CD605074310CBF868E32C22E0BA3C83D05F9
                                                        Malicious:false
                                                        Preview:u...[....q[Z.. .'..2.<.....e.........T.4OA...=.1jnt9..m...mSP;...f..........s.A...0.U..$..!..N..V.k......A.#(.z..P)....J`....:r..(..hY.w..O~.q...........DO.T.I.H...<.....;..u06.2.ZtA%......0.5.y........4.b..............z`9..T........H..QBF...h.......t.p .;..h.o..5.\e..........zkX.&..W.....1...RL....t-...u.$..D....1..C.:<.#.....y.....}...A.?.3.{/...or.....~+u6M..&A.wa...SaFDA#...........0n.......5...-..........~|a.})CZ%..t./.}...a..-..mf.....wr.r.....&..'.ojR.J..).w.t....C]y..A.K;..-....[_.w..u-f...:Z*.J.#.... .......T.;....w2..t.`.BZ.V.v'.......)..-...Fl..z@Q.._}...{Nk...'gZ}..H..P......an.'.......1O;.v.m..A...o..Z.!..3..98..U7$.~..;q.....or.....%.t!."..J#.|.p..Np.SW.w3I....G..tI..Qk.=..nzd.....)b..\g..];.M...D...7....v.?@.(.....,v.&.G.E3....C.`.F*.).q.E....b.vd.....0]....../.\L...x8........?T<%.@..`...0.^..l..A:..h........?.(d..b.!.P......ST.*...v...O.u.!.X....Bp~.....!.%;.....]...eE.`;..X&`#. '....!...[L..`F.n..p.|$..C.8W.D

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\44230749A38B6989F56217B435A03E84CCADE62D.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):28323
                                                        Entropy (8bit):7.994615109665624
                                                        Encrypted:true
                                                        SSDEEP:768:1BZYBQnB7b56x+G5wMKXHayJZjCwfSLRLRnQBF:1oBQnNb56xx5wMKXayDjZoLRQBF
                                                        MD5:155368532D2F40AD2E32DACBBD7CC8B2
                                                        SHA1:9F9B0BFDEF5C125620C82CD2FE658CE179ADD339
                                                        SHA-256:661E51970106D60EF7880D3890E3BABBE58B0F6C49471CB2CEC1B9322EE2920B
                                                        SHA-512:A77E3627BCFBD10F660DB3A84748FCEB912ADAB7E5F58E1142BC030F7AEDDE86F1E01845106D22C1A772629B82E639FC5518A55DD561555FDB6F5D98FD74435D
                                                        Malicious:true
                                                        Preview:....D..yC....#+SW....".8|@8A.c..~5....`..owuEJN[..9?R.._.......~`.....;........}...;/..~J1.%...{..j..Kp...t..<..n...6?.D.33..`2.L2q.EX..#..t..........U.;"....~...6."GF..9G...R..{XLo!P.5......Y..2..TQ...~..|c.FU...i<.?.|Y Ea0..E@.."...&.$y.....9.G.....0...|...#.R&.R....4.0"d..m..'/....t.U. ......Y...ZGM..P..p....d....pGur.O...\z.$.....!.....v..[.Q.7`0..J..O...y..wZ.F`....3.1.9.\...o..&.X...!..P....o+T~[3.Y...{v9w..?......t...........^(.Q.f[U..MI..eC..uy....y.S:.u.TDi.=..?(`...s.U.....6..HG.....+...!D.I............x...K.!T........_...!_....Y&..:=.k1.(.L!X.x.N...[L.. W./.$....J4T..-...k#l..Xf?KW[.l}..!8."+......64..6..9.....e;.....N....MG..%hyRvp...4".......X..h.S.7.7n<..fF9s.h...e...sWM...}./}8E....5.......x....\.#:..0..?....QI....~e.......Z.#.....*..$%....<2..fis..EE.n'./e...'s..`.......03..].p1M...U0$(7Wp.Ev..rW}...:.,.i.*B..4.!.D=...q......U...@>..f..?..].......'D..<.....E.l.NhM.!...-.]@.m...I....#J........;3q....F.c.........6..:.[.;j=

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\44F3556BE808F99573969118A8E36879BA1ADA6C.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12489
                                                        Entropy (8bit):7.984545436157607
                                                        Encrypted:false
                                                        SSDEEP:192:paQqaGRkoLH/H0Ze1TaifgDx0qAHZt+aadU4reVIztzUb5ifZH5RfwKF:c3PRnLHf0Ze8AH/+awBB25OP7F
                                                        MD5:41C0CBDC4F9F24BB4711C403F89048E9
                                                        SHA1:34C4E07C2FA9487B4388976D359194C7B4D8A151
                                                        SHA-256:6B03E99F610DE02D8F933A4A1DB10BAF9FCF01AB53E113E84D832358C18C0B3D
                                                        SHA-512:91146874EE531623215BDF5595893F3D8975E8A9A491A69C9609097507FBC778B94CFB68D21D36A653FC24D8E4C8B92BE8FAA4C8E4F03F35A8C077266638C305
                                                        Malicious:false
                                                        Preview:Vr|..Bu...p.m...@..-t.( ;....qL;....\.7....,..........u..h.i2J.....#1...m.5....wB.;.y......I../s.s9`..\ZXa.].j_...Qf.._...........V.*.........`.. f...f......%.n.P:.R..'..L5 ...;[...uC.!..&g.....A..dC....j%.....v:K........^.4e...0..i....|.z!....4...~.....c......t......E.;>............6.>...+...7.P>-'T'.W.a0j.4....0K.a.,....P.q!#W....f..."Ds..4.W0.AX..5b&.y..W.......RX.S....._).y.$.O.'la..B..U8..O+....8..Z..\*W(/..,~'.F.9Q.M9..&.q)m=...?....T.1..-N_,......Q4.....qjB.6..%{.iBA......._.~...BC.OA..!.r.?:<..S.1.t.(.(..k.G7.Tcg*...T.S;...L...J..~!.q.....l8)...c=.=...c$1...6.{..k.OW.}V.cd.....M....Am^/.>..'..'...h..&x..=Q .S.8f.R.j5T.._....R.d..zB......d...?.C.c..._h.e.`..<....(...8....."..x......-.Z.M.5..)....G....H..>.~.X....V... ....R......N`..N.yR../,#..._...F.P..vl.......5.......+t>...3C...x...........7.}....F..S......S..C...}o..'$.F..........b.)q0.^.O...D.b.......k.r..g..z.ON$...&.K.......N.w..|`n...3.X n<....$..............u.'........74w..p

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\4BEEB42810BE832BBA91594E58C616495F4E9510.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10068
                                                        Entropy (8bit):7.982007993704979
                                                        Encrypted:false
                                                        SSDEEP:192:gUSEqTcHGKdCT2TAFrRUSiFNgqJGBk5gE1jnuJ29oBPNnF:gjsGKdCKkRG0q8AgE1bw2gPxF
                                                        MD5:59B703E9F2644C079557B47B546C5A03
                                                        SHA1:AC8D225F0915553BB45E5E9B5AD4A9E641FADDED
                                                        SHA-256:D06BD661C0CD5331E1F2C9B41916B22192C134273776E9E0D869687A8C531939
                                                        SHA-512:E0295C0B442DB026971D2EAA9D432A3A50055443DFEA3E6235483CD2A78B0928AF292ECB47116EAA00D69FC392334E306833C5FFEF68CFF5D1D47E98EAB6AC2F
                                                        Malicious:false
                                                        Preview:..e..^^.D....s./..Z..O.Y.C..o.!.....g.%....CM..B.U....hM.0.......@..F|]1`y@..^7.......O.G.f`l...#. ..0....m......m....<E...D...c.4Oh...#..U..&.z..>.e.B`...._.F...g.v......e.....8'..O.<ff........|..f<v.N..!......?..q..8fm....g.............m.z?.5.D...I.Ay,......$[..Lek..2.XSZ.b.3.S....?...?..lG.....k5....&....h..#.t;4wU....G.lt....]gL.RNn(R.....!...m..A.uG...M.&.*...f...l"......^j.)SS..A%.d.G/DCP.........G..%..Z$P.z<.....yr$.........s....-.._....9[....M...BT.v.s.....<...Z.ySG........$#./....u{..e.^.\G.&&\....ah.M.X.G'=l.V..sB.Oe.\..n..w<..W..P.....<.<9....w=O<.'.._f..}...6<....\l.w.../....w^Kb.>...J....$../..FY(..$...#....M>2{.....@..|2.9....mW...!E8.."3...........jj..4....).P.u.....OT.=.G`..3..y..X.#P....D...........W........R.......,w.....]...^.:F..5....S.......F;......}Fl$...*(+..T.. ...y...!.E.#.=.#`..7>9..p.\..x3i....4...5v..h.qn.....0..$jEXiw8u...pz....1.i.*xQ..c....?Z.w..)&.1B...RzK...u."..`.....B.J<.(.[.^.D...i[\..u...!..Gp..T..t.jI.%.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\556841CC95159B63845C2D77B32754EDDA4929D5.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10070
                                                        Entropy (8bit):7.982307272810787
                                                        Encrypted:false
                                                        SSDEEP:192:XAuR2CSTxmriNI3ThfX94y26VygGNbwf21DCuiP0v4zTjKCwUXc2OMiF:XAYSlQ1fX9DHggywe1tiRXK9D2NiF
                                                        MD5:CD5C0760FF076D740CCEAEDF5A5E9DAA
                                                        SHA1:1D099DE6AB063DCE6491529A64ECFACC8A5B0628
                                                        SHA-256:0BCFC94C7C18D3D98862359C1AE0F912E5A5BC5B908019CEDC97BB82996C53B6
                                                        SHA-512:D35E539CB244815847EB808322D1D606D5EEC48AD60F0C9D432082C724EAEC4D02983C3E9CA7FAD43A0C44F627BCFB7B3405309F48BBEF89F4ED82C321B02EBE
                                                        Malicious:false
                                                        Preview:0J..:;.\..K7..,..q.2......Nk..y...hb)):.*..[....-H.}..~..J.t.z........wf..o.F.{..P.....p...+..FE72....s..3..t0j.....j}..|.Z.P.fZ....SB'.......MC.:E(.O...M..E]LeX....o..#.>T....u...h>./e../0..|.......R.}H<.E]0.rL.*...Ky.X.w......Q..~.ec.M$@.z*`....."..{.o.z.J.....AS....$"./........|...C.h.T. .....Gpx.V....(.@.....Cc,91..OK..|X.1..P..~<.Y}..[.`4...g.*Ci.....Q..=.3.m.6v.V....8sh.6.\...J..#.4%..B(.c.[....I#[.,`.q...a...$!......i.z6.[.0 .6.y...3D.A......e/I2.........>#.E.B.>..C!.L..F...j~...h\.aZ..x.J...`..!7*C........|.2...v $$"..(j.S...#.:...+......B.>...k.....m.).l..Oc#.F..S..z.....@.~l..X.A-..g?....z.v.F...6...n.F....9..-.....rD..i.Mk.&'[....~$xu...tC..<.i.MF@S@.U.z_.#.y...4b$&...Z.......h......z.i^.}.D.b......f.J.6...[...m.....+\K...u%..?...8.l.:..L>M..Cu..F.;......_...$..V3..5Xt..<..H...}#LW.....f@).{5.."....X...B.....4..5+.q.tZ..R/..+....K..+....j..,D{.....<..y..6....2..............%o.[.[.N%.r..@|..y..~..%rd...i`E.M.e..9.`.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):14527
                                                        Entropy (8bit):7.986513986643296
                                                        Encrypted:false
                                                        SSDEEP:384:URvUt1qlBoYvi5AJx/o+FTuYEiriNBVgXfs6mlyF:Uc1KIqoqTWirii06kyF
                                                        MD5:5291D10A82E25EC8469CB58AA6E69EB1
                                                        SHA1:977827EE3F2DE76917E69505CD7553CAE872CD98
                                                        SHA-256:095E00931F0B81522A03148BB0328D9EC9BF83FC5A028E0055438401168B2A37
                                                        SHA-512:5A8A1037D9548B096950498B53AFA56BA823EDFD0221912B7550DE350E9F66805D6CE8C8B113BA751BBD3B3E26A0604B089A086109DE18CD99446E0E4CBB2B94
                                                        Malicious:false
                                                        Preview:....~......g.1T.W...V...X$.5?..c..H.,..V...1..' }.A...&.Y.b....U....G.......yS.4....#D...q}..x~..l&....e_Q..S7...Mk..."%.._E..A{..>"-.0.vQ...Wm.YY=./.P.....P.$SX2...ZD$..K..x8......P.......d...|.a.&.z..#.:.e+S..y.Y.>chE...@.{.*E....l....G.al....3.<UHZf..&{.={@...MO..J.........Ht...w.<.=.(..H1>p..k.|..<y.@{..[U^...a..o..0!kD.Uk....}..f.)G.u... ..{.{&K...%....cBQr.M=%..V.K..K.....se.\.....G...../.:......(...{$./.70W.z.qr.}.]..t...._...X.JL.,.6...xo...........}%.Az..\....>.R..F......a....M0CM.'..b1...r....:.fp.7.-...+..z.\..........S.*,..qs...E7....D...|.(%?.i.r.}.{.FZ..F.....1......\.P.a...D..!.....{\....q..B.....^.......{..=Eb..C....`R\...m.....i........:lU.r:..-.p.5.A.}&?...G.-.....*Y=..2I....5...../2A..Br....f..(.~.W....{.0EY.|P1{.:.;...+.{.].N....%^Oa..l.....k.`&..Wg.......>~2...........a...,uWtoY.Ts.4..7<..#<.2...z...`..;{b2....{.A.*~y.....K.79.....I...!.KQ.N...X.<.~...7_T.mS...#........../..G...L4Y.7u{.!.G..x.;I..-......X..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\58FA4C93D2C2293EB9F0554BA83740A06674316F.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10395
                                                        Entropy (8bit):7.9834949576814855
                                                        Encrypted:false
                                                        SSDEEP:192:zmdEAaf5ciJcGw83SCT7dUz1Og+eaVmWxoXveB4fV+AuPq+BF:zmGf5y+vR5g+iW8fflydBF
                                                        MD5:8FF99AC514247E97401F5FEFD9458DD9
                                                        SHA1:BC25B42A2F0F5F682C9EB8FF3BB4BE94476F0801
                                                        SHA-256:5BA7C1106445845E8211C967CCE0F0BAEDE8198018F9647891E5B6DA7809B2E9
                                                        SHA-512:ACFAF56FF922C64AB271552D799AEA344F98FB2976A3AFD706B3BD6CD835C8A5F70638D0FA84F3B798BFB8684D44047554FA5725C812CDC187D8FD35263A499E
                                                        Malicious:false
                                                        Preview:.H......W.....Z.._.y.%..F..a..0.......X.......jqg!#zn...>...T..B#|.ZW...m.f';.Z..-....F...Z).Zwj.6Q....d?...[..BG..@D.....@v... .@3.".9...ih..^..z.....^u;N.....5.n|.L:v........".lD2..O..YX.... ..~.....Z..B3.#M.....|....T..M.q....SFD.cwZ..#-Ze}...e.......y.w..bl.c{J.0(....s..H..f.E.A].i ..b..,HIZ.m...#@?.j....l.......k..N.1.%.G....t2Y..C..k+....}&..1.....HA..+.r.....^.$l.1.SP../...#BuQ.....=. 5.U.s........>.p.^....z..hoC-..jn..?..X..l......F%_..'..N..u~.7*5q...0mtD;.l....,8b.......,Y......%..v.D.6l....n.~(......'f.(.!..\Y.....k_;B......0=.$....7.'.."...NQ...n.T...z..Q....h......\.k...]...:j_....H.I....>&...!8@Q.(...st......e..|...J4.d..G..8.V.`...f...}..?."_..?HL.5.?...+.}'QG.?..C}..H...:DG..../h,.......{D..a.+.>....N...Sq..J...a.9.....+..............FB....@../jY\..}.x.7H.....wT.....9y..t....s...58..1.N...WO.H._.B....F..N?.b=BDD.....q{..r?1-...... y.a%.n^... .....K%=..0...r;r.Sd. M.0......39.g],{.5.)..N.p.].8...u.M..C.;..O...c[...6,

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\618AA02AA865814C279225AD803155E0A84FF649.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10070
                                                        Entropy (8bit):7.9826600089670485
                                                        Encrypted:false
                                                        SSDEEP:192:sR6BeTotdqBAocBGtCCNR2IPhz8JHoZ6VvZc8/IgoJ8j/WGNTC+i4FU9WCn6pF:sRyAoLFooGtbF8V3BP/I78jtXFCxnUF
                                                        MD5:F87AC4CD25E07E5379FD1FE9999AE03A
                                                        SHA1:7D3E9C03039317E478894ED8E0F18A171FCE1FAB
                                                        SHA-256:8DF2D268335ED3046796FA8C5992C5843265149549B8ECEBE553C7A7BB586BBD
                                                        SHA-512:D5536FEB66ABB3AAD493934DD11A4CF4C78A1D08CA5A4E81E88C524570C5CF47FBD2C93344CF079A22B25AE3DEDB9378ED9B481800EF0E7AC82DA28155297D1C
                                                        Malicious:false
                                                        Preview:.x..@`z. :..KKea}s...2p....~..l..M.v..>{QB..!..FS.4.......@...9...'............q..&T4~(..N.ic.nAi..c9....f....0....z..+LO.6.pV../..+.6t..vR..IeR..}-t...~....a..B.l....).....i...|......2...(...1.v..a/..$u.:.-...@.h......7..m.....G..;.i..Z.'7..j.....g.x..N.....Z^.THmi...>T..~......GR.W.O...C.v0t....?.d~..4Re......q....#.W..VL/D...iY,d.;..B9...D...hP/.O...eG..>0.J..+...Z.....@C_..E.$....k.o'4.%..Eom........</..`'...($.O.t..9xf....]...mr.`...^.=mF.f.$....2m.D....&;t..w....y...*.%...&./$...~.R....j..~....\&*...{l...dxb..\".8.<?..OB.9cE...X...3RNM_R.#..k.{.z~....?........D.&..7...C.......y.h.~v?...m...Xz.{f...f........).....#2....._..op....Jm....y0.6...^.H....KP.o.SJ."...&<../........|..-d-.m...)U...I=q......M..1j..q.).Nr.dJ&..H........t....\...K.k.z..Y-=...z.';..o....c...G.....![K....B.9....Nw.A^T.0m.T..em.W.J..9$`7......~].r.S...?.%..w.Pn...#s....I...g...z[.b..}^.-...e.Y.....)..Y.....M.X..`..L..c.e.Hc.O....-..;.....0..~U......F...#..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\62FC1E8DCE1991EEB55DE9EFADF47EA578A22AB5.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):27876
                                                        Entropy (8bit):7.9928215969481275
                                                        Encrypted:true
                                                        SSDEEP:768:FXIkUjczJ95b6Ju3GDbERMbgZtVj9YHx3fwb/1F:VIkUjczZb53GUtl9YHx6/1F
                                                        MD5:7043B46A74002CDD7A5B6D11B97EA541
                                                        SHA1:721016C45A1B8DC7E0364DA4B8A87EEB2FEA26AB
                                                        SHA-256:BDA0A32285A75FE42485B8D318ED41DDB226A394A6C35E94DF2295169FA0994F
                                                        SHA-512:7ED1E20DC0A92399E127A1FE35DDD068470EEB0A656EFEDC332C78A09F651657F682394E4B79664CA75F366D96D60BD31DBC11266A9766C056F4B3DD4899FD13
                                                        Malicious:true
                                                        Preview:..I8...E...........k.p.H\9/.Bu3..hi.a....`jP......6...sN..=2......?.zx....@R..../.........gM.C.....-s".....Gml...O.-7..\$i.-hp.d.U..$.....S'.5.w ...x.....p..4c...r..i..D.Xs.....p....:H..|:.pG...Z.O.h..a...V...........$.{:)<:Z*..c...Z....C...}~..s/t.^.c....xG.aLC.n.U...MW.bA....s4.?2...W?q.......8..S+^..QB.@...?.m....7..."1n.h6...c/.X6....y8.Ye..<...Eg...|....\.J..5..0...y.U[....v.A.. ....}.......< .-...vD......X..)Jc..,Y.!z>....!....J.u..`F"^?X...L.iAm#V2.|../....FZ.zRk.=..i.Y.tu..8&%.....i.T..3......,..b..].4..3'...^....T..9P....w..D_.)..F..:.......Sj.F.....;."B.z}.N..!..0.....9.8V.../5.i2..^g.....]..p.\..U..-Y..........7..9.vw.Q>*..x...D......n..........nM...'d\#.0./.../.E.H-b_...h.._.^..'...LY.A.}....I....z.T.....l......$.l.U...=.:..BkS.._R..=M..#...2.......4......P...p...Ci.x<...........*s....'3.....bT.....4.Z.A.M......S.P."..._lO.XT|B.!>G..B(..s.k...Z.$.2........4<:hd..Z.z.....(\.............F<...yF).U...[.`.....P...w).7.{..Y..X

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\6471FE741131F408228B6C4776946BF7FF3BC4F5.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10060
                                                        Entropy (8bit):7.98233210308955
                                                        Encrypted:false
                                                        SSDEEP:192:AXmA6V1Z4WF/mHbFI0939hUtfxsmuypvDgYZZSOrPyPjXsrxZ14pz/F:AXY3ZHI7FIietxsqpvkOrPejXuxIpzF
                                                        MD5:4A41357BC41FF1D71FB63D37CB023298
                                                        SHA1:E77F9431C925E95FC5E57286DE262BECF2075D56
                                                        SHA-256:B296B646794B3E19E18E275DE819EBC68A35309A773267E89EC67AC7C25ECB60
                                                        SHA-512:90D265A1796D22066E394A94ADCD88849C5160B748B8F5FC1A1D680A108BB5C49E53623F8334095996403B8D7305A13ED28F30FFED41EF91EE5A9EE60F6521E8
                                                        Malicious:false
                                                        Preview:.....a....2XCT4.g.).pO..`.i....1.%....t.3.<..:F.......YBF.9.1QR[.t..{..1p0...........a._.......^*..../.+..bfjR...@..;C.mP..J..V.<...8..k...M....v..G.q@..I)^..j.Gwj_.?...0........N<.}.'Ie|%...~M.[.3i...sK....J.#......+..0w=....E6.1.p.Q..E.....=..S....\IHk..*..P......w...6/V~uu{.<@. .U.'.b_A.gly...5.)r.Y..f..<.. ..<.v..).....'......e......g&"...WI..>JD.,.B]..n..r@O].*.RB........l..<F....B.....y..A..aRp.l0."9..Z'.^.0...a...A.fOT...e...!.........vG...0..Tvc.z.Fc*..-!.z.[..~k~\.)S`.`.'y..~4..HY.."..0.[.......\.B!,f..+X7...~..,...P.*...T-..?.v|..*!.uy...w.:.u.G..(..f]......{.O$.$?.Rf> k+.w.@..7.Ip.(.m.C...v..|..z..@.U..."..V%...w....!.,.R\>?...x....P..D8......<.y.....B3...*.dm.u....D..._d..j...........E?.$d+.....X......u &.ew...a+....;.k....W...6..`..{a.z.t. 1.o6..o.....1N.%.x...F...........U..C7..x.4..|......7...7.5.....z......E...}..........]..}E...r..A.d7\MbD.$..b2rP...'7.IG...{P....).%.@H..5..1..`'m..?h.U..P^.....=...(....(p[.....u

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\65EE852228DC3C1F75E39BE7FF19C11BE9B76C85.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10067
                                                        Entropy (8bit):7.98169066199951
                                                        Encrypted:false
                                                        SSDEEP:192:YA5xLwsLFr4RE1oVn1FlSE2i3E2JQ98v1T0600ML/R3AvwHs5NQvi1TF:YacsLFrtyPFlS1i3Ey8A1nRmAoM5NQvW
                                                        MD5:CBC6249F5C77A0E463879BF618756CA7
                                                        SHA1:99608820041A311FF12C0ACAD2E5077AD9118724
                                                        SHA-256:9C64C305D4D4322FC561FF063A000DCD40676CCFEED0562CC028770E291B489E
                                                        SHA-512:DE247FD48E77DD0BBF503DF8595154F9B4B6D4ABAC1B343535776673A71E6BD008B60755EB7BA6D0040A5F0442C192EFDFF8FCA31AAE29E8821B6C7648817513
                                                        Malicious:false
                                                        Preview:z.{...l.&.n..&Rf..)g....w."r.lX.Fz.U.`..I.,...].ui&\".|..L.v.S.)..!>.l\|....a|.[.....of^.i.qS..:.x.Fjb...u!U.1..Y.T....j.8.S......P.~......kv..i.FQ....o..`....1....j.V..V....C..a_.J\=..HO.......fR.z.J... ../.c...z.(.>e..'<...........\....l.;.......m...A...]z.~l.2..(......f......:><........s..xl./.b...uN....Z.:.....N..nj.d.r..`o.Ii..z.."..V.,......n@....lX.......o..".....9*]....bn.n.y7.H...XF.N.......F.V...M......8wy..h.9.D...s.8*K..M..Dz.. .E.;...~...A..qq...`<.......I.\E..A6.N;.k.m^......h...<....D.....wP..L..($.....6_..=\^j.o.q.b.b..8...,7..h..^eg..v..l..k..~.2S.'nx./.D..]L2D.A..h.z.....S.......~.r..4.....TL*e!..c.k.....n.M...7..$T..l".P....`E....PT.{Y+3..Z..Z..A1......S.r..F.....F.f.g.Vo..f...7O..m.V%>.;..t}.7...h.j.... 5?.o...,F31N'7AU;..B\.2..1(.GN[:'I..N......k. ...&5........A......$...}..A....3Tg.t...Aj>...:.. 7' :.../....h[f....R.C.y .....X.,.......**c!t.f".J.....hD.$I~Q4..qH.>.w....7.........,.....o"/*..._M...%.X..D.A}..{

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\66B74AA167026A3DCC4BA7064E8D6E229DE9D806.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):11105
                                                        Entropy (8bit):7.984519051982068
                                                        Encrypted:false
                                                        SSDEEP:192:ryNgWZyswAkDDUoEO2aNbQYDMb/TcrAI1D5hZiWbDrYdtm2dVXw0urq0Jwzq2F:YgwykoEfWbQJD85hNDrYdDdVXwNrqy2F
                                                        MD5:CECD6AC0108347BC6FAD712B19BCBFD8
                                                        SHA1:E343841C5A5C74E19498CD2647FFD13EF5260FC0
                                                        SHA-256:4BEF06CE57378F18C50E3F94083D48118B27D0A5D18D3AE11E5833E1AF758AFC
                                                        SHA-512:6DBFDFAAB71DBB7BD03E8352296A15B404E5815E00885E8FD7322199D4AD00941AB55250F11CC1B6BC82DFE841B266BE645887B022246799AC9F16D8E76419AA
                                                        Malicious:false
                                                        Preview:`D.e..w<.'.w].o..,.{..H..J.......Bh........k(....g.h.....C..w...A&.W4......L.0..{(h..W...#5iM..Y.....L..1.f..{ie......^]....2Bi..".J.T.,xUMA..{sm.z1V....<H....t..L............#...3....x..m=...%o7F=K.k.N.......w.].Q.ic%..E...../..KM.L|...(.....^...........]...e.b...................\EjEt.....5e.K@..Z..|+A..8.z..+...uha.DE(2D..."9~=...h.....{V..r0Cq]..A[....g.....;rg..1...~w\..$\_...0.N8..V..4.-....Q[.f.VK<Es.#.......?.g\.?H=".*+i.O.lZH... ..&..q~..pM.oQ.F..J..)JA.Y.L..~..da#..-L.<...&cO...l!/.wB.#....k..\.9VX81R{V..C}.iG<(2...$...K.%k...X..?.nU....q..-... V)/.x...TS8.V._F#T.......L...0x.X.......2....f.'....>.Q..ir.5a^H...{.........{.....t..N........66Tq%\..@.......<.*...8..........Sq0.C.}J!..{.hb>..%2..)+g........0 .../?,..A,.u...%Y..[...........1~..F.w.uJ....D....S...w.^.z...../=...?..n.Qq.g....8..<%.2(Z.......6..76...xeoi.X.m.J]@V.g..t.P`..;...t.w.V.,N..Bq.aam...!.....P...0a........s^....O..._..w)b].GAr...*..?..O..!W.....H...0..`..F.s15.Y.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\6762E24BB9F66A6430B9C774503510453B4EBA21.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9784
                                                        Entropy (8bit):7.982263583865724
                                                        Encrypted:false
                                                        SSDEEP:192:erhnxh7JUe9IUDBUykxPmnuoF26mmtCqC1+lkWxMy0N7LDUJsF:erRJ39/DhIPeuf6CnwUoJsF
                                                        MD5:E368BB470E2F325DD3630891CFF27061
                                                        SHA1:C3C0DADB5A4DBF976251E140CA8A0F6F97103AA0
                                                        SHA-256:7A99C586A1FC175B84649FE701EC41E44115BABE5B40D3FE612EAD17567CB6C5
                                                        SHA-512:E00D499936CB75FCF9F4E5797C6DEFF353B42EAD2EB077799646F4F71E828B1387E95A937E24CD30A32FAA7B866CDAA67901FD727FEB2FACB315D8B83FC667D5
                                                        Malicious:false
                                                        Preview:aK...5m.r....eu][...(......g......z|.J+..f.@.S^.!9..74...p......,.Ql.+ ....>.x.V.2i(.Og&Uwy@..r'.>......)..acx..b..3.%..../F.&..a..I.e.U!.o.............b....-..F9/.Y..e)&k..Z.......gB.8.J..!......c..~.^.t.<f...S.&p<..X..c..>t..t..2=..:.....-,w3.....m..4}.1y.-k:. .+...i..~...".&...Z..{..a...<...._1:.m...)E7 .\.l.x........[.Ea$7.03...M.8.r..]".L.RU..[...k."......j...^.........z.+7.D...}1..s...^K......4..X>....1:.?`.5..T.......{....^(...&....;.bV..@.h.....%.....76L..{*=;.1k...i.....<.o..y....ww..j..&.G..d....]..=......S...k......Jd..Bv..6v.Q.13..+......1.u.....z...T:.{-...wM.y...`.[r.=7X...Xm.S..M.W....C...b..."}......G31.o..A...'..O6....z..e..T..U../............}-^.".I^^2..B .b.xPHP..p.#5(>...a&...N.b..5..6......51.L.._....n....j...m*F...........B..M.0Z3.{V..z.VL.....=..R=|..~)-..A..Y.&:....,...w[1.....\{h.g.3..Kc.s.. ...N/ ....y.@[.bN.Ar.2.....?.n.)k.,..B...i$frX....YA.DG.....<....<7...&v6..n.B..... ............1.G(rQ.\...T.So..l..".].

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10351
                                                        Entropy (8bit):7.98419379281138
                                                        Encrypted:false
                                                        SSDEEP:192:lQ72jOmhn/+JC4AOeaWfINaVOjie+ykXI2/eW4DK8LjPpqpLA6c5F:QInG+3BfISn6/pyLAH5F
                                                        MD5:4E11C04F1D4B6027E44F866AF834376F
                                                        SHA1:7E536AF2E5DB78D4CB526490BA7925F5547E56FD
                                                        SHA-256:B339018A847E9AD9563ACF19FC97BEADF934079C8A76B5C0FD6CDFB52B1F0A42
                                                        SHA-512:FC14A840663FD1B6209EBBD298E35E56B32967450409A5EC6A7E6B5A65972D44A078EAE22A11C5C69CB8A77B155951F1A99E69727B08FD2913826DBB1DD51B31
                                                        Malicious:false
                                                        Preview:.>.F...if......y.b.6I......2.91............k>......Vcl.M..K.>y=.|.:4.......>.&|........-.j.?`..........XO....7.F......u....:..$....?...z...Zs....$u.{.4..PA9_#..+r..$>...B....1..$...>Y.c.i[..h.^.aVy<w.(5'>...s.+..,\.....&)....aZ..s.|.B>.r-..(.....#.b...>..4...i...,...h..d..A.*...g.u.}..]...Y..v.03-.../.K..,......X_..T....K.b!.0`....d.k.`..[..v..*..G].@......\G..w."\.DC..R..ME8..'...e......p..#ig..i.+.[q....+....<.I.\^.$.sA.v.....b]HN.X.|t.G@%.D....53."me......>.:.Z$..P...Z.`.8.v..}..V.MA......'.I..U.N.3.w.l...j..*w.......l*8hY/...G...K.Z!......o.....,.~.}.e..}..\..V...-.A.....}..F...8SU.7.G....t.u.......~5.#.V.A1..\.......CaTP.v..!~C....=..+...`.)..I.}..I.Q.....'3b.....;.x/`.._..83X/p.....1.H...9x{.&. .X...ngN..I|....%......g_)...i..9.9..i.S.....#.>V$.|[..n8......4.......{C"a.(l...c....8z.;`..j+.._..P.M0.|.c...k..s.xa(..#|<..$.....Y.....-m.....j...2......"QI.....M.|n...\.8.1....`..N._..F......[....M. |..b.d-.C......*]z.;.]%...r....+.z.`.B.?|..&

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\71F4157689DEE0CEB59F0F4068C20E9A259EF1BE.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10061
                                                        Entropy (8bit):7.983278064841194
                                                        Encrypted:false
                                                        SSDEEP:192:HRBaKp9NEC66UBqcVGT6ZGUKxZ48Hox0Zi7tt8Q8QbM+F:HRBaKp9atVGT3UAKjyKM+F
                                                        MD5:097B764F530FDB720A08FAC554BD6865
                                                        SHA1:5211DA8AA3E39402A64413FE60D8952CF07D5681
                                                        SHA-256:B01D8F737988074FD53B4985E42284B76F3F3FCF680E45F6EA363E6B876BA851
                                                        SHA-512:6BDBA7F8AB3A9F4736469E6860946776C94CB16869B8BC9E1479A6BF3FF8C362CA8B26421765F6502E9C944EB35FCAA05D28E2DA7AEBFF7D90D0A0AC0B7432D4
                                                        Malicious:false
                                                        Preview:a.zI.i.I.t`G.B.T.._8..B.. .....i..^...H..sK=..s*.OfF/Y.D............G.D.A..[.+H.!.T%..E.L2......C...K..#..V..l...p."Z..3.w.m7..u.SVY...`.~...zE."=.].>.....f.....'.P...L......yy0.I~zB$.s."....Pb....}.3.......:">.!\......R.r. V2..>5..GEw~...Jk..E.B..I...0....7...H.zs.#.,.l.$+.E...}.~$<.HN...n...Z..K.....X/..... O..WR..{hE....D>.Y.q.U... q.-1...N.4..jQ..a.._.W...D...z.:.*|..A..~.......?47.t..K..m\jU.D.z.......f.:=.b...b.......=.Y..).N.....[..FI...-......{..U.Y7.t............t}..^.c5j...h..i......5.P......C...:.......V.......!.P.......W..}..-...*..1Z...'K?,k.a%.,vC..:...O..J....O.d..2w.J....>..>..S..J.{pR~...A.. .B.Xh.h\/..O..~3KN.>F........6..Pv...Oz.%.X4>?.. ...=..%A..1..z.II".L....X..\....:4.U.%.!...!I.S.r.c.|..F.G.Hx%....-........,..V.>.S.......,V...e.m.........#.X.t...,'4.&|C.)k.....a4..46....4.....K.:..;j...{..DI=l....W?3.`T...../....V.{.R.J...p>...M..3m..=yYF<0Tx.GU-W.....V|.]_...L..g`.=..wI.....eo.[90GXM....]3W.j..4.o..t.^..&.s.....

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\7DB3359FF1AE28D679D8DE03A74F2C06BC18D50B.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9511
                                                        Entropy (8bit):7.982741552373388
                                                        Encrypted:false
                                                        SSDEEP:192:TImGDhlzSBSzlbhj0Sda9Q1vApwRx/U1Dr7mWRYajNcdF:eD34Sz3AdwAHg4YaBcdF
                                                        MD5:D7E79DB969F2E2B096669420F24754B3
                                                        SHA1:BB0680C566634204152FE4AE2A62C983301E774E
                                                        SHA-256:9B8468F5D05185881F41FCDF4A573D24639C2D702D2A852DF13ECF3A4EF86592
                                                        SHA-512:DFE502A87E0AB7833CBF2D90755BD8197DD1E4F24E063E6180AFF8F061184546AE6E2D16E9CA815559445324C409AEA49C077EE622CB2AC73A8C258CEE05D0C6
                                                        Malicious:false
                                                        Preview:..VL;.p...j.5..)..g.H6n..v..t...O..U.H..7......`..._....4(..+|}^..:..$e.1.F}...S.A.M.{.......p."....G.3.H...e..M.....W[....|QsOC"}3..o......JmiA..M;.".[6.,...r.6.(.X....q..K...B....9nQ.....0Z.d/..,..........Y&...t(..{TPP.6...*.kC..L... .Q..+~.s?Yr~.k.....=.0.&.......i.l.U[A.3.......<...R.W2v)#k.a.).....\%.Xo?...V.N9.dzB.........~."N..T..c.V-..3..I.~k..,........i.....&:..NCi?VR.......U_...aj<b.2.SoH,..])9.m..&......S..'.|8P....f!.;....V...?....<...n........X..8k.._....;4... ..;._c.Qq....}...K..w.s*..F.B.....#.../...<..p.h.].....-...WA....c......G..R.'.)R....|..n...$j...5u..5...6..p..x....Gc|.7."|.......[w:.%.']dn.:<.C..Y...N.......BSIl+._..{J...AEm.#.*.d..U.+.<.S..(~C..=......o.....^..\.g#d....r{...uy..WL...+.T.:.~.X9.)..........U.xJ.2I.*o...c...Y..O[.....d>7Zl.m...~].....f.0#.caP...:&.......G.....L)..4..[^KC.&...8....$..z....6r.:......n.b.z....Ld......:%...F..@.8...=T=.....m..g.{.wH.....'....8nHr.u+S.t....x.m8..N.:.R#.r...]..../Q....^.{...9P

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\8226E2CB0DA57E2CE8FC06A4809DEFAE864949A4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10041
                                                        Entropy (8bit):7.984110404138406
                                                        Encrypted:false
                                                        SSDEEP:192:Xki254ashSxsqiSxwW+OP3A9acoxRGlFGgczIwG7f46ROSwEEBSzyUtYIkieatkF:XkiU/mSxRiSnbP3Y0nGygr46ROSwEEg2
                                                        MD5:E07427FE8EE3DDB1406E98AB66F1C98A
                                                        SHA1:54AD3F5733EE770C9272936E8C4267955AA09127
                                                        SHA-256:213F6B2E21C453739B6977ABDF8CB3FB8C95B7FCC2F3E2201D11CD5AACAB0F62
                                                        SHA-512:2CFB6530158E94753BC890C059D6D177B384A668FC0D88BFD173381294E1FBA8705C198607E3B4DDBAE063BFE49A901F329D7D676F07E3E2BD03611C53DD6F66
                                                        Malicious:false
                                                        Preview:.USK...%.t......k..?n.-a0!C..4.,...{...\.X....f3...:1Nj.....(.pnh...^.6L..O#.s.1.Ay.............c...W;..4.p.1.W9.G.....MWh#1,j....#.(.\./......u..n..(d...3\?..I.....YB...#>..a#.&..8y.<..H.....a...A...qF\..i...V.zYwv=a..ub..).#.;.......-v....f..=....]fe s...y.,.../.9~....|......-}$..l+x....f3yrH....PK..[q.z.tJ...:.6...6.a.'..#.....wR#V...6..}...;3..ca../ Q.'1w.?........JdR'.[msb.P.....FM._..~+>...a..".mM.N.........W)r..xo...b..|.L..`~\e.2.R..._U...Hd.L\..&..Y.%T......J=....^<..iZ..z..1..u.4......I.9"...Z...-..'.72/.W...c..$c..G....))..F..R.b.Y.&\R.T..l|.pf..%;^_....Pi.>..`..[.on..`.....m.W>......u...}.....~...p...:.=H.}Z .......R.W..V5....*....EO........z.....c~....l.nb.h. .B...F.M..IDMP9..!.h.....A...r5_.PO...}.c.(.........Q.ZCv+....&.,;~WC.....Ha.L.,...,A.X^...x....NF.......d..F.%....-.:..d....U...Y....6.r.............(.'.!.........x..&&...w.G.....&.. ....!..!(0.......i.tS..j..qg.0....Z....@e.>......[u1.X..........5..MX...n.e.Y.G_

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\882F9563CBC46021B7E6D26FF3A6DF8B530A6906.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10040
                                                        Entropy (8bit):7.981633713745446
                                                        Encrypted:false
                                                        SSDEEP:192:2nfEcQwbISpD0Kd5SOrg4S+rFGR6SXG7rkpRy2yQlJRyjxF:2faVGRdcf+J94GfMjT3yjxF
                                                        MD5:B8C817760C6BB984F914268FE88A0CF5
                                                        SHA1:BAE25A51A19BEC76DAF35672B1FE94E8D82A712E
                                                        SHA-256:39A3791A5DF2B590DF86AF3E8E4F3918BF06A165619CB0A45E325F8DD4006B4F
                                                        SHA-512:91A791817FF0B225C2E40338E1F6A21EA38903DDCA47F4D5FCD5813EC92F8A7C6B115974634E3AA8C6F23FE19C9514818A0D4855D43DF80D5748D4FBECE93B9E
                                                        Malicious:false
                                                        Preview:7.;'...H.(5..........aP.P;.*1.@..L>.^.*.\v..j.98b..}.9.[YL..|.x.....w.+./......)|..v..M;.h...l.....z`XR..!...c...z."i..k..J.....|*X..0.{Wr.IJ8[...;.%....Y&.D.4.*~....$Z.5......\...zu6.Q.......]........d...3.4c.X..-..4NB.R)...#-..Z.V.-........#`....b...\..;....i.b-.......sGX.i.1.4..*.6NB ;V.n...{.&j...R.4}==...t`.!.....:.eRw7..[r0...j\...!.....?.,M'...2.J....w:MRq.pG....&.g7F.....z..........mAf@;7Z..s...f...Sh..W.@v......")...D.........Y..M........iU.Y.{.....Tzg,~.7..P.....W...,k..:;...A[.5 .+..A...H. ...d....y...+.q..,.F.......2.B...r.d.._..~..!._Q......$ ...)N.e...`.;..w......"....'.@..ry...........]..-.G%^F. {V.<.i.:b.`_.%.*Ip...b..ox.G6..h.w.x.-Uy[..md$...._.w..h;...3.,..X......[..._.c....B..A.leD...2W........n.. F....v.~:.....%.....}....<.g...k.4mj............)....a...(. ...]..h..9I.j.bWqss28J./.<7.I......O.......SY.,B...z.G.....s..q.sA....s....a..VC0l.~.i).1.S.I,2.%.k.G....AO.j..F.L.#"..*.%.S.b...n..%v../,|...P.....;3..U.j.q./.d...

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\89C9B59023C6004C5FCA8E641B2BD533BAA7F06E.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9610
                                                        Entropy (8bit):7.983791982242346
                                                        Encrypted:false
                                                        SSDEEP:192:RR1ZDl0lSBgcwir319kqpuSaWAH7FUxpE3XLB/QUpOYWCPK20zZQTwKqF:Icw4bkqof/bMgXLuMO3CCvzOxqF
                                                        MD5:FCDA52103A411640A1AE86DE01F2A63E
                                                        SHA1:0E95D738D4F244D058AD6F9B6E9DA3A6EB5E72C0
                                                        SHA-256:9DF61D09D03988ED9076EA8E2BEC2FC36179025D2A88A820AE6A3BCB59D871E9
                                                        SHA-512:F19BE90893325624AE29759382492C8BEA4B82DBE09B53FE88902CCCCD1B384ECA109963A61A94427372E4EAAC1461B31F526D087EEFCB547E0369214481E0BF
                                                        Malicious:false
                                                        Preview:...x,.....f..Ot..r.[..{M*{.W..o.z.Sy/YIv...C.@2n}tr.#...k.....0z1.E...*....=g)P..T....8.'.-....W.w..B...2;.....x..U..>([.i.q...:.....!..k..{.....h....T....{<7p....<)...Qb....X..l.(..(N@.....W..0.3nO.4........;.^>W.+...A....x.On..5........).6.!m.!m.....hC^..f.Xy.8..-..%.....$.\.v...:...._2^.t..xpo...BC.m.>m..u..S.t.d....GHg.+v.N.........d...^6........?+z..w...}.JGq...Fp......Q...^.ri[wt.q.K.F..]Y...,).V.[.q.."31_yZ(.#V....8>.M.Z.0..{.$H....^.2.....9.st.,...|$....\..p...^8|R.....].......|.-n1....NaO+.y?.kw..M>x.,F....._9.4...i#..u.v..j._k...V.)q.4.=.......p....1^..Q.eUz..h{.W..F.>..K!...l.NC...]3..v....f.%.Y..<......<[.<..m.[.p...q..t......u.?..Q6LpM....GEn7....lb].'7r.(.=..{...sOk..r..A.>i9.ZPTSi.*..8.s<,...x.....s....<7PA...<.G.Y..Im.2n.qz.p..n.SoL.C.:ZPe|M7..a.V4..0{...v/.j`.........aT...Q......E..c..F.J.t.~4...Y.US...'v.k.I3.]...?nr.{.H...N.DY......F.p....!K.<0....v+..%...E...".OrY.DZ.F3...wk.....Q..)tOA'......[...|...`A.{L.%....3.#f..C.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\8AAC17E1FAE55EE2A26192601B20CC4472AF5CE5.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10065
                                                        Entropy (8bit):7.982746945515705
                                                        Encrypted:false
                                                        SSDEEP:192:XapASgqcpltlM0Gk2OrPwNgCLf+Y6hVglNI8B27h3MCC4d4asa/Y1ZfhYjNsdhF:XapASBcuOrFCLhnILN/YnZYjNsdhF
                                                        MD5:A1D12F733FA586C0520CA205A5685898
                                                        SHA1:069546F1D3735B7E5806848159318F7CE0D57F07
                                                        SHA-256:CAF9FD0563526980B9B9C255403238CA0FDF2FC4C2F24E816FCA597D164E384D
                                                        SHA-512:E5DB430F762F67F3179E516E12CCCF0A0A52D93D250E41D3872139FC893EE9FBDF249013993F49E49D561BC8618F9C28E26E3978596710848895E9E932E110C7
                                                        Malicious:false
                                                        Preview:^.....Q...#......SL...........1.li...\..9...\{q..YD..(:..~p</....d.3.;...6Cx.x..l.?O`_`]....PP<C..`.....(,.,.... ..j.........~....5.Lg..v'.'.>....}..?[8....I...}gh......e..l.<.ZF..A........z.r.nG.,wLU.*...e..G....cO..9...K.y.6..!v,....w..G..^..`C..>"%.... >..`f-*.T]..o..Q.#7.t.4$".... .N.......qm...n[..O..Ct...Mg..L..5O).Kt.\v..%..0..../........wAZr].m..<O..Q...".ci.u....2...!..pd1.../..IH?Ijq......-..7.W...|.tw..3Z<o.C..?............4~S.p...p..^..f...!.j.RB..PW.(u....x.R.Y..-..h~....E9#e.C.............L...F.*d.X..b..<..Iq....A....I2.i.9...0.X.@...._p..bV.O...`.C.Qk.....J+P^.9..n.A..8..l.s...b..8`.&.w.v.....".e...../..r.....;..f....].o.Q1........B.k...M.....+.|/hK...s..0........o...............j...t......{r.........m..a..,...>..<....\.vv..^=BY..G...H..av.-9l......bf....-...u.v....s...2.6...8.6..*..m.........P,..F."...@.E>M3...92.#Q.7....0.......z..fo...p.X.Y...Y..!71..K..m.K.l..1....f.!T,.4.6.1L.x.Ov ..;...:.Yg_....d...Q..N....{b..."^k.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\9648808B6C63CD1AAD97A7B68F84F35C95682143.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9637
                                                        Entropy (8bit):7.9783579144278
                                                        Encrypted:false
                                                        SSDEEP:192:9SjmYPjwhBosHv5+COGfF5nX/sFGbvVwpO5eJLHvgknNF:9AmuUnDHv5mYECVwpSoLHvTnNF
                                                        MD5:1FAEE9A91FC5513AFCEFA7D84136D7E7
                                                        SHA1:5FAE2ED1042977A3800044D674BE9B338217D4BE
                                                        SHA-256:75839BA08F41E24D54C3FB7A1E0BF39DB095D668A5C8B84D3BA41BE2B8F74C3F
                                                        SHA-512:6A9C36C8EEEF49FFE146AE2ACA8389CBBB4AF5441C45F744C6A90DD129EA9161FBCAE1F99E619E52FF6CA3965D939E1920EAE866B360E093F53A8D9D6D9659AA
                                                        Malicious:false
                                                        Preview:.................9|.K|E...D.....2y..2)..XH.|..J.Z...i..G.-......`..W..m.....0Q.'M.v|3A.x..$...'g..<.b.......B.s..f(.F..+`..\ 8..b4...g....;#Vy.4R^F1.....yO..K2..3.w.".)!..>..(;.....]B..Gt.x...;.23..M....2....|V.a.e....k3..Rv.R.....<..G..\*..+Ti...B...j...U...........5.C..`p.......C|.....S}/....>,C...x..../.$.S*i....G....O.. .@..b.lz.I..#..:.4..9....x@..`,.t.R.6p........h/u.m..;..R.......{....+..&`U.._.~lque@..m.+.O.q...V+.k...F.n..A.....2...+..-...lM.1.!(.......@...z?..0.$.8.{#W..3.+.f.u..*R.....eQ....Q..{........4.....*...<..JqR....~)n.A....vN..A..F)..`f._.4..D.]:_..^.&..!..G.).....z.s..K<.......0".K.\/....vT..j......F..x.`......qU..^S...Q...AQT.....d.b.......cfh..'Vf49W..U.JD...D.q3u..D.[L1Uf8v...w..O..s.T..6..?.!u|.=x..1..?rHB...&.P.u..l .An..d.....(.>..Vac7g.aED.JK....j<J..)...f.*.-.x.4...V+.....T....9*....#...E$...m..$...._.`...Sr.&d...'8*zB..V.o..3.......a.0..J......T.j.c.N3.q.r^....&.. y.....w./...r.D`!.j.=C.xZ....L.......

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\99B7BF8F4F0080766794EDBDC37140FABC009DF4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10398
                                                        Entropy (8bit):7.981214012949262
                                                        Encrypted:false
                                                        SSDEEP:192:2oH3e5Ao70/Js4hgIiZTTMXkJa53GWllliH6NDuSQB9P5+F6VNR0F:/e57my4h6ZHMXYI3GQg65u1zV4F
                                                        MD5:2095F4A171277F35489D0B384ED8FF3D
                                                        SHA1:9ED6D9464407C9A350F513384C21668AAD62E38A
                                                        SHA-256:F553C0AF1D8A555F11097D7CD3A60786C3FBDE8802220847C55ACCB308681326
                                                        SHA-512:1DE1E3526FF9644699B5DCFCFE5CE0ED48B8B6786909ED4FAB6C3F8B3E78D45C04DCEB9905568858E94E233AF1CE05415CBDC3ADBD84B6A417F1A2C97028AB59
                                                        Malicious:false
                                                        Preview:..N1..X..s>hK<e?....0e._4Y...p....%M.eRca.S..1'.d^0...../6.C.-Q.=.....#c~.........HB...1....F.T].d.;... .hbq]..h.QG.z.|..AgN....]..........P*/......CC.......*...@a....q(R...b.....{n.t....l...L.E.J"]$6.-...O.Saj$.....)m}...$5>..}.......h...u.......Zme..A...a_._..4........3,7..D...N.S.....B]....T.\..Cy6wSg....2.-...(..|.yK..c.<j.......a'..,1.+.....H.v.....y2..?w...=..A.?.u.E_..t.q.....b.FG.)]....dI..4O..g0. E.9...<q O].=...5v.{........ .Z..q.....e....`.<.h.:...u...r.......w..X.!.W..{Y..[....A....[[/\..V.....t.W.I..#@...>'.g..'(. .N../+............?..XID..qY........b.(`MW.bm.1.U.......e.....g..IJ.}... Dr....#5%]...,S.....Q.1..d........=T5A..u.@,P.Be.CA.5.k.....R.5....-...o3...3...$..m.4Ck....z.L&"...N..|2+[....K....-{.R&Bf.d...i.....w.Z........y@K.RKV./.l..I...jG.Ecqc...<Iu.k.P. ..<6.3.....pAl8...nW=.....O&..^..u.i|..s...w7.0_.U......j].c.{.A.5h.N.K..)..C.a..,L.M*J.S_..FN.....(c../!.z.../.-y./%J. .I.....D1t...C.........?.d=,zlX.+.q;.p..D..MR&.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\99D01D160AC7ADE6301F3559541FEF1A6F6155F0.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10975
                                                        Entropy (8bit):7.982507099365626
                                                        Encrypted:false
                                                        SSDEEP:192:IYbCXMmfY5IVe2w1cYzNBC96VSdYvaT9MfJrYmb5JU6yJsh1VB7ktKF:JmXRfuKeX1cYDdVyrqJre6yJWDBwAF
                                                        MD5:987D973884FC325D08082CF2674B4560
                                                        SHA1:05FEDB1E70DC58EF66E11F2E1C4772B22B56F7EE
                                                        SHA-256:5009487D0E258BA84283ECDD9C72E0D61C77E420EA1EDA4F4DBDC13A4A1F8769
                                                        SHA-512:D1102E4D190A64B778D26FF7CB554A59B97D62DED6A0A40CC9A94E4FFA1ED91665CF99B4F7E9A2DCC2B0C61A6674EAF1945BBFD4527FA8A2C34C1404ADBFB6A5
                                                        Malicious:false
                                                        Preview:..(..]...4....}...........P.Z.#.]..D...>..0jJ...'P.<.....r...bS2.S...y..X...4.Z.;.v.y._.1l.E8..y.V.Dnw..T...I.]...[....]&..pIJ.'..|W.H....t..!.cv36.Q..#...q......25..Y....J^...............W%..\b...TG.... .I...6..n...f~...e2..ZB}I8h...&....^E...p..b.N...&....>.re...Y..w...{.K...V1..~..i~.3....=....x...=Z.0...........n:.f]x..-#A.D....L..#L..u.U...bI$S P..Z....(.0...X..|....%pOo+.......9....0g{q....:~M.\..H.52......^.}....dF.:....?.NI.'W(.x.1......Mk.o.L@w...Nn..U9G.Z..-....p...`.b.Xu....0Fu......`.q..9._^....@......2.e..{q.Gl.^...a.z....J...F.-......v.~.....|...da.g....t.Q.'.Eo..Y)P..j%..p!W...$N.....27J.@"}.4a...,....3..`>C..1.^07...?.g.Gb.........Y......n....XLw!....v.H..d..7|..W....W.K..qVV8.q.|.4.E.%!..|....#.h........B....;...DY.;X......^nq....."X.'.tO<......2...3..T19.X&..7:..f..!;Q.8......z..2.6......Q..m.-F....7y..p..)..*R...<..:.F...!..+....D.B....h.N.Q....M.l.L..Ef...7q ....-...V...9...xW.L.j.....n8q>...'........^.8F.E.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\A8743ACDA513FF27A72604EA39BAAE662138F0B9.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10575
                                                        Entropy (8bit):7.983801266437341
                                                        Encrypted:false
                                                        SSDEEP:192:LCUZwqKdArRq0xQuJ/o1H25s1JX9m7AR0AlFRrWuzViqPEvFf4zVanavx6F:uUMdmNJo1W2RMsmUpWuSQJanmx6F
                                                        MD5:F90884716AF387C0EB2CBCA6F6A950C7
                                                        SHA1:55F16C308C1DE2F19DC261421A1AAD9304A7036C
                                                        SHA-256:9F69CB77E813A1EC5FC9A058BA89CF79B9BA2DAE34FEA9406C0D3EF9FEDAF8E2
                                                        SHA-512:B93B321C7C3A45C54B1AAB3817CD66603DE48B2F1C639EF14254701B5FAC5FB0F126B298AA916C38713C21A7B9AED3D16648C8BFE40CA139FA1CA543E42EBC96
                                                        Malicious:false
                                                        Preview:........P.)#[..+.....k.#2W...$...E.J.3Roc....C..N.;p......o.......B..9!P1XhA.?.~..\$?~z..g...[...R.......~e.....)f.'OOU.- .).,.k.W..ve. U.ww...H..8.....J.......2...O.4....9.._.......S...R}./..A6+.....cX.".\...x..mV.D......6.......!^!.j.|^Pa....V.F^..L;....+{.DD,...+|....ig.x3.oh...... ..Jy.@...........:ol...rDW.l#(..D.0\.p..X....!..-.B~.Q.....3..........f&.Wf.....P.i .!...n/..T.I.......J.4l...N.+.`R"/......:....0.....]....[..K..{..6.!. .}&Rkao..U...:..S.,&.#..K9/.....*..:Z.po}A.Kc._...\.k1.~.k}.8..^g.&..}B|.&uD.f:{...pz.?...J..Swzc. ....L\R..,Ff'.J.2.S.u .....8*t$.]W..u"@f..6.f..;U..O..3.....]{m...X.,4.i.....!lq|.Y....xF....H.o.......D..^..?v^;-.$:2....Y6.......H."....G,.....sj..#......j......r...t.E........z.+....g..a..u..........[7..:.7.V..T].....d....M2l.......M=.......2.hg....c<..E.R.d .....'HC.G`h~.O..TH)?s.N..A[9M$..5.9...5.z.Xz.cP.T...Y....]g_%...x.V)..Z.R...6.X..0o.O..?^Eh......".p..)..$.X.(...g.Z...y...F....o.2w.o8.E...

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\A8F5B51786B52AA4D75E21BED0B23433A7965AD9.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):15321
                                                        Entropy (8bit):7.9873806938066245
                                                        Encrypted:false
                                                        SSDEEP:384:GGsa7kph8oqHnV6OP4u7Y4Mlj9fcutKYjKXnjF:GqkT81HVrPv7Y4MRfHKyKzF
                                                        MD5:EFA103971C159EEBBE7CF7B6A1C371C6
                                                        SHA1:6FA92AFE2DD4570205FCB4E2A45BC986CB0A57BF
                                                        SHA-256:708BDE7A3B3F8789F16B4B3A6E8F737C35B790105D6337695677AF6FAE1E443A
                                                        SHA-512:1EF5944A7E2B2F26E96D90BD766A7224104CE60B1D5969F48745BD76CE3C7895AA4354D42F0C592407431E5AE55E6BD489B5C64FD40118BA617F4E1CC05DF3F8
                                                        Malicious:false
                                                        Preview:..x`.<P..U..B....cJ..g.(..'.&.[...y.....r./..t..o<.....l%{.2X...^.......U.D(#..L..-.9..w.. ..P....c.1B.....m. }:.t.AL....g...}...[a...'fF.d.....1I.......(RW.......n2.U..E..~@....Y..!qt...:..Z..sDRO..Wf.4..=...8.9...._T...w.l.2.0!d+.zyc..\.....+...m[...`.6....c.^n..'.....r+..G.80.s...Z.D.:|....+..0f...f...Y.....M|q!..S.....O..on]....5.N[W.!...5N.-.T3].'.v.e.C.... ...]...V.{.l..._...i..}1O.A.#..o.....7..v....4..OAa...0.5... .3.g.W..^.Z.......{.}.^..o..O...C...y.x..=8J.0.W.......Z..-.qm..<s.jb....V."...9|.X.}/.LcIi~[..k..W.z.W..MN*n....%n.O.L..#!R5........2.e|9..m`pqd....^..l...&2.1..,Qae.....0...R.bY.."...uo.jUn.....JT...o...|)L.b.J./..h.KG.).g:..O...%.C..cPE5p...T....T-.[./.jY.G..]L..X[e~.....p...q.O.....9f..G.<!.......8.\......u^...s.r.=..*.H.....dl@..'...l...#,.............Lr....j..f2.....$.X?_..'.@.mkA..~....[..e....3^..).!.e..q...e~.....}........x../. .....W%~.....Q...(o..2...@.72.o...=..F.......|..<......Uu..........:rU.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\AA70DA0EA77AF599D16F76E79A98272BA138060D.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):17156
                                                        Entropy (8bit):7.989686885814529
                                                        Encrypted:false
                                                        SSDEEP:384:FjrmTf7o7LpID/GvFfE1shcvQvazJR6RuRhxkQLk9sZF:pKTf76LpID+vFs14cYylpR4WZF
                                                        MD5:95BFFB9EB9378B2BB9960C8AC9236836
                                                        SHA1:51B376E7540A7AA363CF05D442D271CAE00510A5
                                                        SHA-256:932BE95BF68EFDFBC572288E276F2D431621CE1FDE6B4BD4B550782C2B7008D5
                                                        SHA-512:782DFEFCAF1E2C99A5E3BEB2460AF307E54BA06ABD6C66986E8C7CF7274C085FC93505DCADA5112A4A7F9D1FD3EB8340EEEDD869037E36ADA5CA00F706617E3F
                                                        Malicious:false
                                                        Preview:.`.M.Y..S.<A...(2(.V.?.o.<....(>..I.....9.#}8,6...........?..Tf..5!w.I.4.Y..!..d.FB..... !4.F.....{A.....3.6e,.[:Y..{...;.0....\.....L......3/I..kuuH.}..`-.3H$...~^......U`.w..K..|W....\qG....;gK..SVS.I..9.l...yw....)ZW.yF...Tr=&>B.D.....=...8G.fV.U..V.r.rZUH.U.{...W....._.wp,-.".u.{..``:.P_.wb.wUXL........"j9.....1.sOu.'.._.vi.Yl..o..]`.O.>../..i....9K.).....|n..X.* ..]"a..Q...e%...v...@..K..L..=.4d.... 8.....9.#.....x.G.H1......}+:...H..L.t....q.k.9\cA.{..H8.l0wl..R.,Nw'.:...>.{:0*.lF..E.n..R..aiq....UV.4.............4..eR....,Q.7.[......pH.<&.......\.....N..zd.....]...3.B...-H....I...K......(.BRi*\I.A.z..v.cv>...9. .!*..t2.@7|......n.j.... .6.92j....h....f./$..E.....%.d..........)#....Z....]J;.dE..G...b..ei.S....XIOU"..K."..4.p..Vu....h_=>...D.E....{.......Fz.....E....=tY..j!..@d...Sb....5..9.....%...a./...[.C...fS...[C.V._;q.=..>..0K^(...1..H...!...u..}..G......N.Y.L.....:..W...T......}.Y.ACv..g}7.\..(.&.5..~.$@.....$.~....4j.9.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\B964525B23D45DFD792EB4662ED5DFC78F8C6246.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:COM executable for DOS
                                                        Category:dropped
                                                        Size (bytes):10058
                                                        Entropy (8bit):7.983805151366803
                                                        Encrypted:false
                                                        SSDEEP:192:E+DYDBXx8C+vQ3iw96g9d4H9b8qQVPwX9VH+b27JTx95vriwKYF:E+DYJWcRn4db8qQ5wr+biTx9BrF
                                                        MD5:61D84A60ABD4F05F8E580CD1F78391E4
                                                        SHA1:BDA7DBF639A44B1E9751000C9DAAA3A0BD2AEF16
                                                        SHA-256:4833FF20AFDAF708773CF9F93F532D0AB7059FEE516BE2481989CFD3A3E18C65
                                                        SHA-512:42AE080F706F6B98BD18F4CFFF0CCDA8750F8BC93941C5518DADB8ED2CBD1477416E1404A45F7C3E6D20978FD1B4BF8E11E633A6F07E2DE4CCA4B28E6773806A
                                                        Malicious:false
                                                        Preview:...a,..ve..`.Q...)."....".p.n4.5@../.'i..d.l.Qm.m.iTh.zK....M....3.........G.HB..Sp...[-.+.(.3.S(......U?.2.....no...2F..%N..f..@.>.C....qc#...9...0g...;o.O\.z]9Oy...<V....R#x..h1O...s.:.i...R..|8... [@BI..1wL.%............n...w.0%v.....N...............e..<....|...G.....D. ...r..6...H'Z&.d.aS........*.:j...-@...1B.......A...?...-#.....'j.h..EiY..IU....H0......l$Y7.<ys....|.B).w..`.:.*.N..[..&z.-.W $=:..i..nU......pz.a.Q...:.s...9lQ...O...}.N.#.b..'..okr.+r{{..6...C.h..Q;.z.G....^xL...>e...oNWMFS?.......F.~...Q......C.".tq,.......:pf..JWC8 K]..#I.....RX.......).{...$kE*...g...h6(\J%........M62hE+..*...5B1..{m...0..P...:..E..:.z$?Q.qH)..y.QE....).B.<x..f.VhD.<r....b.o..[..`...@..}..gL..(s)C....O.J.&.Eo......)....1..T.nA-M. \7)8.&.....pw..6.2.E...%J....X....*<...+.cbh.=y*~`.>.@S.fR...}U..!..?......\.}y..S..Fuj..L\.^]b.uJ........ D.......?,...\...]...c.B>54t\.A.~.....Q.5r.g8;..n).A.J,..c.\n@..........O^c......@..(.yf0q.....Q....

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\BDE5E55BCB4604200C70FB908FA76903C94590D3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):126795
                                                        Entropy (8bit):7.998680362770731
                                                        Encrypted:true
                                                        SSDEEP:3072:pUL15MzWX3K+ulOTGgcWz693n3rmenD912wFpbV9Gk0Wto:pU7MaqeTXdz693n3rmezbV9GbWto
                                                        MD5:45C61A622D4A60719B6965850932D514
                                                        SHA1:BFA275835A00836D6D5556E5962878ACD56D14AD
                                                        SHA-256:7A5A9D7441A580BA17FC46F93B9A564ACB3CFBEF12F8786781BB38C348403A9B
                                                        SHA-512:14FD740A924CBE85573E27A3122263F0163C9E2704D62553697628274E90BCD68224FECE0FDDC76D8D446BE048739445D41595A66488E360A5C69FBEFE367C19
                                                        Malicious:true
                                                        Preview:.e[I.dy}=....1;.Ji....I.b.x.$.A.?..J.....i.....,.8........u..7kv..2&".57..^..tW.9.......1..h.1.....(.j.n..Z..0...d}.&....f6...R.YW..ac.u..../.*......D.....Xc.u.s>......p.....O.4Q.U..Qi....~R.....\....F....R...x..H...6,n.... ....E.g1\Ee...*.,....w...g.:P.....}..^.q.?...i..|...Mka4...K......G...L....r|..W..&_..>....Gx3.:..0=..3.....w.Q#..B!.Sc....,.r(..a...#.qeF.~F D.tK.iy.4..].....(nR..9.j.'.A.lVrPW..62..E~6..\.l'p.+TO...B....Q.5.q../,.r.4.q(z.hW7...z^G~.r..z...w..l....1.3...Y..P.K.L..!.dA+.UY......z0x....J...v].r.2....5..K.u\WD.1..J./..x.L.....n!,.........1<0......laPLmju.....a.OG.|...3.rH..^........C.J.\...`.....~.}.........)..'.....uauw2I....{.<C..@N..s..~..[\..{2eMj8gc.....K.1....e .9h..r_K.....j..1qT......^..oD...A...EC........C.*M.c...T...M..`.....D...uN..]Bq.`/.c..b?..2oWKr{.O<].=..3(.~G...)5..-..s....E..O.k.J.`..l.g.....Lt.....^...x.R.!....$.........@_....?.....BEj......y..;@Zl..7.#.p.*.>.U.5v...(...#.7.[..C.+V..sa.Y.M)

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\BE4820D40B48E7D6E96297A9048EAE2279EC43A2.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12247
                                                        Entropy (8bit):7.9839173434737125
                                                        Encrypted:false
                                                        SSDEEP:192:ul7s8tQNbtPYrToXT98pTWMucXeWiveIaDr9UeJok23cbt74AeM0aSs4IBRIL+4z:uxNWbmrToKpqcOWi2rr1h23It74Axynr
                                                        MD5:7C65AD9F97C130AE3440055235DE44E4
                                                        SHA1:B68A785CF52F0FACE01F792BB41E9620811BB643
                                                        SHA-256:817E9C79DB5216111B2E7A829CBAB7DA23FCA987A37FD5F232956AED534A7A7F
                                                        SHA-512:1FC3D1D72B77AD7BC088E9883FDFE40CA305A928C0A293DDA69BFCCCF8A6E2A4C6E1C40BB3B634106695DA6ED3BB29275355C01BEFBDAA592FBB4DB9041BF1D0
                                                        Malicious:false
                                                        Preview:....'....+...V..B.8L;z..)9..r.L.;t{{+...O.7q.....W.m.>.....C.."3T..q..j......|l..FI"..E..T....S].X..e.>xh....'.*.D....~R..,m.d];G..s..= k..9..)!F...(Z&.{b .3%#.v..d..D.Q..c.{].w..!.Z.%.l..*e_.~..H....S..Mf........sN.^y.6.).5.B.?.2..x[P.8./.t.h.1$..U......S....Q.y.#...]..9.xT....ZL?.'..3~..=wC*..)%.|]j/.!..V.C...-#..&..;...'52K.fi.Y.A._...40x.%f$C..T%cv..F.T.a....I..O.=.....l.-..b.t..........3....=.%..@.$o........N.%.....^.^;;*..`9u.S.C.G[..l."....4>...,#G..WW..c...^..6.Wk{..".8.5i.V.%..1$.._.`.}.R.{......(..3...h.qSF..+..s.@t....<...y...H..;..D...8u..d.d$G{...-......</.W.Q....HJ..'x.-..b:o.S........_NAr.'..M|.>t.q.E8=X6.*...?..s.. .M.qG.50.y./Y.F.;.yfv..rvFr.p.FD.kh$S '|....kU.Q..x..Kf.tp0...9n.xd$.E....=..t\'y.../S.O..O...5......w.t.~G..0./...L..pCU..L36.f%....tvw..L....~...........%.$3...i]4.>vi......t.Ce.[km.`.4..;3.M.gj...'"QB`.%O..x.G#.1......$....J....S.T8$_...hj...6..+".*...G ..&}\j..?O..XBC..Q..e...p.I.oFia..6.=.Z.U.k.9.h^.#..GP{...

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\C26B0FEA6AFFB80A0EE137492C8CA100F87EE29D.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10065
                                                        Entropy (8bit):7.980800760821373
                                                        Encrypted:false
                                                        SSDEEP:192:jy1suxghifyEJzrnMwzLHkmgOtM83DBrXho+RJaZvr5mUDc5eT8WwES+5DA+QF:21xU2zr5z4OV3D1/UT5xYoqES+5DGF
                                                        MD5:3D5D1421CF9894EDEB652E9D9DF88002
                                                        SHA1:8543956E87F4FDE8548729D05019C028864581C8
                                                        SHA-256:995BC12F15EA3EB807FD038E68DC7A91C0520801E7770B0B649650205B210BF5
                                                        SHA-512:5A477087C1F1A985DAC21E04FEE1FD3081663C06C5C1F28056AA18215C326350C58468DC1DAE13A2DC1DB85D52517DE93F4E16D81DA35B4F952D8773913341A9
                                                        Malicious:false
                                                        Preview:.7...E<......1..E.A..B...C.u.{..ci.w.....B.s.T.7,.`.....nF.M..0P.g..'..x..].r..~B.%....I...71e.3...~K.".RT.6..=.*.r=....HN.]O...^...L.....SB.......}.......#N.9.<gA.p..d*.ox....$........i..j..&.blY.L.....c.....f..+....pE{.-2...@....7.xVd.......;...jvhdX.d...K.......}.A..^.HF.....r...........`.=..{..-U...........M.B...OMS#.G...-O......S..;....f.u>...,.^....|.q....K.p..9.e.l0s, @t.....!RU9b..k.\0...C....=../...=..+.J...=...g..M.i.x..K...\.c...vs.d....G"..w..%N.t...m.G...4o...z;.........(..qA.......l...vh..H.&..{\]Q%.VJ............w./.....i......w7xGr9........w.?SB......'..r.j..&*.-.1U..O/}....$........*J.J.....9.q\.U:t.....<.~......P...W..j...c..AB...f..~3.I...../>3.....(/..I..K#|.$...}...Q~......J.j7K{W\..../..[WF..iZ.V7SZ..........0...&kX..'.....+E...-....{({.7.qIx....S..3..q'....o.6.......P5t....4....A6......G.....v..k..+..-.....R.U.}R...lQ.6+.x'....|+Q..51....Q........~..J....qJs.%#)....U..el....b...(.py.....v.,....@..G.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\C29C07F946FC89B4DE10A21D8C6975FCEF3E2E39.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10071
                                                        Entropy (8bit):7.976015531703976
                                                        Encrypted:false
                                                        SSDEEP:192:myX0xXSEWlx+at7G4ufTwC0Bo1b2oqdQNZLh0F7HDE8TJNF:9X0IZdtaDfk02oqaLhWD7lNF
                                                        MD5:6E15CB3AC3279533ECB13E9194A3DA16
                                                        SHA1:B1439A03B37ACBF468A716A46144E9B3F12D17E8
                                                        SHA-256:B8500DFD59F9C1B5D35DBA747B24F03596BCF8D092E516FAF199C45F0BE84DE4
                                                        SHA-512:404109FD8774007B1D6FFAA2809812C7F535A37E17E159CD24469A93E2D99183BD78206F5830C5105CCA950282DA7E0348D53260F701BB10A2EFC5A050021FCA
                                                        Malicious:false
                                                        Preview:._....bRV.g...[.,L....1j.~,. .B.o...GK"..z.{.S.z......._.c+#^..>......2s.sI.#.\...l..Q\.....[rR....NY...._.u.].V...C.?.%y...L..6...l.!.>.H.h,2 y..@&%..xIlI.".q....@....~.....-.i0..G.........~...@....f=.R/1...y..G.f..."K..s.R...Z1..........f..%.."..`.........).....4X:.V..-.T......f..Q"=......f.6a.\&r..!......9..I].$.....B.=YL.D^;W.V....Y.........K.J.....4e..S..RC..x...c>......8%TD....`..P....u..l?..7.*...q.+..M.;.`.1T{.+o.%...g?.._L#....G..H...a...e..i..%5i.k....A..j'/23...@.&....W......0.1...BDGI..]....8J\j..R.:.c.Io4f..`?..MDD....,..;p|.b.|S.q..6=6.2.......BY.}.%..y{4r.....K.....J...Y?....Z..2+....9.wP...^.G.....]..99D`..f.Hs.N.......9..;Z}l*.D.FE.3....+,.>....x.."/....~.A.......$.....aU8..5.2..V.^...V.<S.C.=..8...R%.ej.$5{.5oI..X.=\clk..~1/.0$g}..L..X..,t.........H.I..*.......\.w....Ic..-.w.?...Wt1.....{..(.0..$Q9.U...#.t..S...r..=d#J+.....)..E...`8........Z.......`?......../.]...1.k...HDV.\X.....&........b.?..M....m$.'w.Z``~..hj.Y.O..w..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\C2C43B688238A5FDA9ED4731822C4EA8F055F683.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10060
                                                        Entropy (8bit):7.982728199410145
                                                        Encrypted:false
                                                        SSDEEP:192:L+CJP7QhiIsfuPRVSmGx3W7n+ItcN9mVuxZTb5MJBt8KUMDVoB71xb3JgiCqF:SEP6PdPRAx3Yn+ItcN9OwRert8dGk1xH
                                                        MD5:815FF83BE1BEC8713932474F46ABCC4E
                                                        SHA1:4E0E7B7B87144F3E31C28CD7C2B33194FFBF1CA4
                                                        SHA-256:3B4D9046707C708EA8B334848154FEF8EF04A839B2C70D680E79ED9571AB6871
                                                        SHA-512:8A191447F1348E8239181A7DAC310262258696D2D96FEA53EBD111E4112123CB8238DC4BDA2C4E2A93B329B0EDB3A41375546D2E78C41BBA9021F06D05C33833
                                                        Malicious:false
                                                        Preview:T.v..k....x..a..x.8..........m..)f*K.[T...,.K...DK.....5..L..l;.3...".. ..I.T.H[R0...b.C.:.]..[H.. .<<+X.ts....$0o.|9.@n.L;t.;..n......wl..V.h.UGao4.3w...NG..mt#... .KLe.vl.R.`^8.......Be!..`k...}._3.$.pG...{...+..0....[..J...el.v..v5W; ....Ag.....t...?.f.FDT..0...C.<o5.KD...BW......7......>.,........W...du.....%... ....`ipr...@.Q|.R....Bpb...>.p..kD.....@..K......(............Z.I....,.D.....n...2W4\.6..oW.z.R..5hw....7!.W..E...$.^..xS...........:....\&{...*?.....7...]G.f9ZQ.$z%.I.0MP.8.Z..Rq-.\..@..N..u....Y....(.nj`..[..........*.....c_K.;..1]....{.K6.v6.:..[.|XWx...!.V...n......./ZD`3.i...U.}....Q{.GkB..g|....^......O.UtV^...0..bq....Qs..r.d..w..~...GC...C...W...0..n...'..I..]p..8....`..#...8..c..303..*...@'.=.5..k..{.Ux..z...H.|7.m..N...1P.....!..>..;.........=1..i.=.{.M.DQ.....\Z]wV..u..,5.KluTa.v..Q ..-..z...Q-.Xl.d.]R}iujc..Q..p.M.......M.....4.2..K3Bkq..]...J..u.r%.{.,.T.XKay..."n.]..i.>.....'.ku.E..j..FJ..Acy3S....._G.ARX..J4.HC

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\CB58BDD87AB882DAC5784A12AA5FB3DB8E4BDBE2.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8347
                                                        Entropy (8bit):7.97814684442004
                                                        Encrypted:false
                                                        SSDEEP:192:AgVpAWQHdqLqtg+K7xu25720P+jRi6ZBjZ96Rme/leTaUF:pqxHdqOtg+K1uy20OTBYmw6JF
                                                        MD5:15BFC42A663766A4A45B4730B1BEB423
                                                        SHA1:5B5FC06A99CBD264E5370CA2395CF673DD353D5F
                                                        SHA-256:1E62FC689EBDAF6D4297C1CCA448A52B24BEC60FCD57AB7E48A20044411D32D6
                                                        SHA-512:9FB631B04C9BCF194C8DAB557FAC49DF9EE412EEA60214F2F94C0D2BC67141A3D3B617EF7E4F909BB9D2DC3A0BB1E2C50C7E2B5640F8E5AFF4AE3155E0690535
                                                        Malicious:false
                                                        Preview:.a..^..,..#\\n.ndV..-.~.'_....('.?.cw.T.4.J..Z*.......8..s.&_.....M3..|...S.G..z.`..s:.h.........@b..E..&.;.....h.T....;..M.x..[.Q\..r.V.BZ.$.B..DK..l..52...O.b.r.RkH.4..V.....IW%..)..Jp.l.[..M..p5....G.D.'...%..{Z..\.BL.(...sw...Q.?9....,a}.bVb9=........oI.l.G...<.y.\.vj.L....#n{.x!....N.1.......D]....6hO.RR........C........|y...z....B.B..a...._..Zd..#.p.=w@!..L.(..__h^y..{F .3....q.OHv......b..[X. ..`fm...N.12..V&#...p.]F..n....I.......a.p.1....z.1'y..x.6...P.lV.4o_aP...Ya+).Nj...dqX...@.yyR._.C1..Y.|%..E....[..I.,n......\.w`.A<.%..m.!..h.5..S......_......O#+c.c.:<..%.|4..I...e.L.@.;..Kj.t"f.U.?m5....]..^..]..pL.....6E...........+...{2>6..NH.N?.k9.XC..Q........2.0~.u... g.lK.?.@.2.5.-...Hz..DJ.._...l....#...P...k.m}._.......3....I..0...9.Y.vq<...-81L....OF..KN{.0.a.vE...(.a.....<..a.[T#*0..f.V...QQ.s.....e..y..).}....K...%../..MUu..5-.....I...L.e ....:.~..A......}&Rp.q.2e...-.(.. .9....oX5.|..0._k?i-...9.3.........U....E

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\CDA62003B1B987A64F1FAC75D1484DBFF94F08FB.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9636
                                                        Entropy (8bit):7.981520478573917
                                                        Encrypted:false
                                                        SSDEEP:192:xFWyULUr0sCwbAOhe4ccS0ilNb9Qa0wtM8GKqHVjzJesAbFfm2bSF:y5Yr9CZAe4cc6/bfo8GKqdzYVtJbSF
                                                        MD5:86960CFD9067D0880C49372F9390B5BC
                                                        SHA1:E7E3984B0B28B7B303DF08CFA97AE96CC989C0F1
                                                        SHA-256:019B01163BE27E8D38A2A1E8847CAC091D6439730CD6FA8E75FA85B9684FF3EA
                                                        SHA-512:9D0B16B15980688C576DFD64702B65DB068451228898D14BDE9B614DAB0D3C2293974037546711C043661A1F8BA03C97145121E47FBF202BB049E4CEE14B619A
                                                        Malicious:false
                                                        Preview:.=H....Ot*.o.O.....Q.Z|EFH.....A...O:5.....8.>/..%..........~g.3....s.M.8C..g..h.9.l....b\.<..*.n..W.;R6V..>..H.Ly.W,...Xh.....!....x....w.....3....q9p.x.......^qJCuA.D...l\G..~..kAxG..PD......e?....~.t..e.2...........".F...~.{..s...wM....P..t..G.y......R!....\e.....x.....j.d..D....E.dX..+*C@.a.o.N.....x...z.]n.........*ta....n.1.....D4.W..6t.....r:._}.Vs^wrdo......]...^.?.9M.d.z,.._..8D......)..wO.X)....|......7.....4..7...r..YHW<j..(..\.\.......a.Fny}d.c....o1...A..m.I..o.g.OZ.h.. e.X.....$.....x....4Q%jTE.;.-........Y.r.........f...Sw..}JwI;4*..`.i(Gq%}..?Q]...GR_6.U.(.nf&. ..p3...\7.. ..tR..1.....~@...~Y".^A^..)7....).N....N..+q..w.#.|..._.z;.a...O....vu...t...'d.i.....].l.IQ..`..".)O...q...<.9..>..-^..B..2Z.'.C.m..4./. F..P.<..3.Qg...q.oUD8k...._..T.....\.D.C.pTg.~....L..D_!n[....i^*.;r...O...)...J5Z"$......%.M$......H.@.,F..N....K.i.v..x..*:....mK!....R...8...N...z.T).....y.6'u.kB..+.B.n....{9....6...>..1&..1....&...h.k.RF.R6d]r..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):39177
                                                        Entropy (8bit):7.995710708217689
                                                        Encrypted:true
                                                        SSDEEP:768:Fy97KzgNzmf5WelWFw6IjeaC9sIoT7wwPOrykgT8Pye0iGF:Fy8zE/w6Qebk3H4yNTEBGF
                                                        MD5:D4724DFB34B756FF8B6C5C7DD21BD8C7
                                                        SHA1:5032B22B5DEFC0F434B8171DB204C6E410FC4C46
                                                        SHA-256:086C3E223A9B576FC694253A4AF24866BCBDB5B5035EF13AE6CBDA40B804B4D0
                                                        SHA-512:E5E8577E76D28BFA15B7F23E06F1924F6379FEFE3E38CC3AF28F76BC0534E591711519B0E2CC164A6A52907B99697C511BB58715EC040B0B09312CF5EF7BB5E2
                                                        Malicious:true
                                                        Preview:..;....'....t.=v..:.R..DI.g.I......T...Ro..:.WJ..........t.F..sZ}y...jW.."r......< ....@.]..<k..u....s%.M<.G.3..pFd@.y........O.....e..1...at..v..]..K..l)_..|F..y...A.....g..mh.NP!..b~...`....\j.,...^.l.c.k.....>2.!jI.Yq.L..KQ@.v....LS#...M...i6.P.:e.......4]Du.a@"..3....R.;F.........J..E.s.*L,>ivf..k..\S...W..2C.%..]u...Y.[.X>..\+._..,.^...`K..5..k.C..X.......9.O6....(.......q..r..F.t<...Tf...<...$Du.U....)+......:.h'.2........Q}..,P.......O-.5......r3..s....y..;...5 .G..<.P.fq@.1|DV{zZ..~...l......*...nW.t.A..c..........9.m...:.../. .X<p)....;...Vu.d...G....a/i...i.@..1...y...zE..Ht....d!...Z>{.....H.%D..,~.k,[..........C)U...eA.j3.l..lP.0....Rl3..9C.x!o.O.s.......#u..R...`..#...4....L.f....H.Q.Wn.<..m.e.m.hj...b..#sn.C..<.|1........%}.<6.8.7...F...T10.....eA/.l.......6...u....Z.....cR.7.O..u1..W....g......3...h...0.....<@.0k...1<r..@....6..o..`..A......f...G......*.#.4......J.....k.}Ub.Fb.5N.....p.8.&...%.......!%.....|.n..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\D23F7952044A1A6016B80DED46FC563716A295DF.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9658
                                                        Entropy (8bit):7.981385801248885
                                                        Encrypted:false
                                                        SSDEEP:192:HVUCXda93XRzDtuS//qwD8Bo1UshPVNRutmraSeKTJWXhmPeMkgMF:HV1X8tXFDzqKhhPotmraSzWxXMkgMF
                                                        MD5:5820CD87C7089995A43428313E892A09
                                                        SHA1:0418A8DD59C7E30E6B114AF5A3A6BEEAADEB9C24
                                                        SHA-256:AA724D30ECF6851976D770B3E86982F9C6A2C36FB5DEE3A4AC9F0E62B23B369F
                                                        SHA-512:2946746AA7C7ED1C986F21B8D3C94486C9F2C2C6A2F002C136F01CFC3AB3BA161B55188D4481C46D7603867AEAC371E13E65E8FAA0BC603E0A4EF2A63D7707B0
                                                        Malicious:false
                                                        Preview:...!..u.|..u6..]...%.p......_.4..-z...`l...BWBxG!0c.4...q.,fCc.]...W.>...U...'.1}.RMil.i/..$=...`.me.]......g.Q..f...].....W.b;5..}>F..+.<Yh...B.....w.L...c..)P..&....6k.+S.]%x.R...iM...].~...n..9.;.>..B.".].....oo.......Xo...(.....8.j......\...x....69;...D...T.Pt.....C.W.......4...XF.mO.].g*a.=ch....e.0.U.j.z..x.Wg.D(.A..+5..t...."Z..8.%M.0S..Q.n..v.B..S...=.u.....J...&..o...R.87T..<......z...,.`.E.TP...6.V<@e.u).~.<.!.R.V...i....C...L.....`@.L......n!.t?W9..u....I.1H!.3.K.k[...G..l..W5..6M.`I.....`...P.Zz.p~...JS.H...X.h..'NA../...@5.g.....[.\..r.b.......F..I.uI[.dh..@.1.nj....fY.|t9.......a..g....F6.....5..........k6ch...y\C.P. R[.r!L1.*..`y.c....C....B.....&.....I._.#w...L%.(J..Wi.....Xz..ltM.u..s..v..k.".......Pq..F.%,.m.ZL.........H.;W1.T..z5_.~AI.......Lw-..'R...f...M..........3.$..SIr...Z?.*.,..PhpnM....G........v.|.?.z%.....T..8.....T..{wqXIc.4.qP..M.K..l0..a.^B.%.g..6;....;....3yO..7j........2...+...8z.!.V.Y.8..Ss

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\D2EC61E8A6DC6F6B45A8D35DBEE8A2EFC553F32A.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):11546
                                                        Entropy (8bit):7.986711238306821
                                                        Encrypted:false
                                                        SSDEEP:192:ndgp0cgclgWGZ/TsPatXI0F1RPmc+HtskTNgMBM/U7CVuaP9/YzIPhZl2I4p7h4R:ndgfTlgWGZLsPU1NINsK6uyHVPOzIPJx
                                                        MD5:A5CFBBAB7DE2D3E0752D4CED4DC27576
                                                        SHA1:387B54BBAFC2137B102AFF43D473FD4A5C7C2743
                                                        SHA-256:445BB59D878A8904A6545DD04D27C5DAA99401BC6FCE53C1CADBDCE8D0DBB10C
                                                        SHA-512:1EC16EB5D33F386047B079C8117AE346CD64E844268045B0E3AC1151CB1AA27AEE2228F746EEDD2296E1CB5BA6BCA87FEA89B68DCF33B7BA4A6BCC8D65CD773E
                                                        Malicious:false
                                                        Preview:..b.......z..Q.....@.K............e...|.r.>k..[..x.l..w<L...lKQb,j6.^....M&.G.)......G..."%...^.@^fg......N.!..$..wOh*..u..;\c....../..=g'._...._...%f..g..m..o...D$.*.K.Ux...O.,R...=G....~...7{....n....h]Q..42..-........../..p..3.p..A....}I.d.%./...k.nLXaE:{HI....G..P..U...L...Z........e....y.!....je.|.~k....!..[T..H.D)K76R..&$........l......m.\P.......P63..IJ3Vv..Y.H..@.s[a....gEA/}..5..G...|.X.5..|./....m2...bh............Fo...v;D_.. .GSW....F..M.....D .l.0.m..36@....c.P.L.{.tS.......`9x...P......b..m.rF.9n..8.Q.......G.5fm ......RI.g....!..x...4g.#XC$i........W.....mh.WW@r...,LW..S.@..*....v..X....O..j..!o...<.&'..{..oi......p....>....~@..=..;.N.....r.==../A.......6...q.Z35....r.....i..z......eS....W...*....%r..#V:...>...$..@.PAH...G1.j6..G...7..`.}...G1..Y..qD|.2...DK.<.....U..X.E.....Z..0....i.^..k..&.L...WX......,...NW.9.....!..GKB......BK2M`.....)z.%......r.~...BeA......f.-..5....+&....R..;Orz[......LBF..2...'..}....}X.G{"-A

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\D6B0ADD0DAEA00708CBB4290B85CCA0E0FA79061.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9633
                                                        Entropy (8bit):7.976155176877036
                                                        Encrypted:false
                                                        SSDEEP:192:92wJimWjJzPmPhBe0KiaVINwM8CfhuWcRxSkOXNJsAUznRPVLC7VBCfF:92wJimWjJzPmpo0KCwM8JWQTFAM7OkF
                                                        MD5:1A62F106A55D6F0DABAB1E8B43A48D11
                                                        SHA1:994A5AECDEACE30A816FD39C36EE413050691A19
                                                        SHA-256:F2D875B8E40C73F1439606392CBA4A3A9280CBE10B85531D9B0987577CC6DD0B
                                                        SHA-512:D7F4C9AA06BF2463A6AA8DDDFA7ACE26D55AA3CC70CF59FB3F42030FB89CBCDD2A4EDC4C10187B9E6C15472F0935BDCBA88469D24FE8EFC590E846353A6CEFB7
                                                        Malicious:false
                                                        Preview:Q..Q....*C..g.M.}.y........b..M[i[<...O..<..*....\T...3.N...H.-.....e.#u.[....o...x..e....:.......A....Y[m..|..t....C..[......^..D.^...&.....w...{5....k.!y.nt.d.L...l6...)..ABn0|.....a...~...1..j;*te'.U.Ed.h^..d...T..+)..o.OpWW....Yy...`.. m..W. .K...Iu). .IG...m.U.b.....||........y.KY..a..g..)..r..%.../...u5..^{@C._..JG.....~.....?.>....#.Z......@..I.t|..R|..Q>..y....B.......?,#.J.h.O..y.N]..G...;.D.!..{NF...X...._.e4.%\+<.>.J..<..U..H_..O..-f.h.g.....i....0.....1.:..%..r....... $.1A../!X..\..;f..V~,..=.......J#gc.K.....=.._>.+.f.B.t.S.q]|$a.^#dU....C.,.h(I.....1.k...4/..>..z.......,....\8c..1.JX.t...NI..`.:3e'.{.nL.e.<.l.8....{W.r!3C.J..g................A...$.$..z$y...a.6.v9.G.@.>.e... . ..TO... .".qQ]....~..a.3}yd..F...fe....d...o...t......jP..jm..'12m.;...f}-.".I8A../t.H.....".._...K.......rH...|o..Fz..:.....WY.17k.M..5.....Q.......w..r..7..u...M...N.H.?.|..H...,g..^..{..+og2..0.......R...CU....+.li0^,a..~.n..n....=.E.U...........5..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\D7BEEC8C1D80E7AC7310130DB5854DFB79191F44.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12994
                                                        Entropy (8bit):7.987112189476576
                                                        Encrypted:false
                                                        SSDEEP:192:03orQm3nDpxIqPM74uBCdP8lInvXsOHkJcKJL52GkITiMAHES3c7hXz3F:04rQAoqldP8wsOHGLgGRiMAHEdBz3F
                                                        MD5:875F87FC94E1247435D3943650662E37
                                                        SHA1:42F8CE26B3717BAC030708FDEFE895990AFF06EA
                                                        SHA-256:5A72A22D01DF174AE4A5B12347B7333A2A1F395214D5545DBFFA20F4C3EB60F4
                                                        SHA-512:01B1DE03BBD15F0C79038A120D04E7CF0B79F55EB339CE281EDEBB001054EF3A8A5B50E63F7216FBDF872B28CCAD99F7CCBE7FDC1BC6DEA34F9ECBC2D92CAD1D
                                                        Malicious:false
                                                        Preview:F...!?OgR.de...l...=9..udt......B.e..+.7.......}{d|.j...{....l..C\yB.,.P....p"o...+;0.|.o.`J-...V...Ud.........1.....k.<.e..0...O....,....JX:.C..Y.'.P.....$..@B..z1.{..ZeI.O...|....?..C<....P;...{.<.h....\`....y=.0X..t..!.B.h...S..{C.S...&~.x.>.r.U|Z..9N...m...$dR..VSx3.26.r.~d.e6..r....}s..qh...w..G.a....'u...F|Uk....w...#..E.-.N...P.d.w....f.A..Q.kvE...s9F..`.L.......(.y.k{....A....3.a.A>.>.<:.0z..M..B.....s..t7S6...`m..i..j.^.s.W..Y}..>.......@OH....K.@^{s*./u..Pa....'Q(k...+i.9.....B.X.X.......Aq....r..N{.!'......X..)ltTP}...P....lL.wr.#+!.......{..v..U.i....4.t .8.}g._P.......*.....=.z.n..u...........~.(p..U....<..d...=..]....][zdq.x.u%Z=Z5.`.6.. _&s....:..=N..pj.*U.5.0i..|....p.;!.Ar,7..\..S.%...|..\....k....;..(.>.......b.D.....7...Ed.#......_...c.XX.Vt%....'..uP...2......x...P.`A....h........}.Q.....>.......w....z....8.?b..<F+.0X._.N. p..w..*3...Bm..<.%#u.........f.!?..OR.I....I..u... .N.uL...n qt.@_.<x.1....i.....fh...|..d`..of.$

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\D8EF12DD3F5A0B350AEDF5A0EBB7935D12C12CE3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9654
                                                        Entropy (8bit):7.980030581935316
                                                        Encrypted:false
                                                        SSDEEP:192:qACQIzB8tC8PaI4Yb0hLGyyJWW1dGQqfajWkvJ94+Gm1+WF:p6ao8CIqa3p1c34W+J9AE+WF
                                                        MD5:3F3E05AA8FCE07E133EE7DFBAFC5A6F4
                                                        SHA1:71673ADDD677271B0D898B99AD7FEE68A788AECC
                                                        SHA-256:8905D04FAA065DC41A578B4DA5025D05FAA0F1C81CFE1CF47473E0464B93745B
                                                        SHA-512:147EEDB8F47A7A8BC78FDEFB2D37667C578797F956AAC775589D7B07EE1EBC30D93CB83C9D157CF86C9FE5D592845F639D7A502104DCC198F8594B3F7E586F2F
                                                        Malicious:false
                                                        Preview:.J..E~$+@..E(.>....6....7-..=.X{.U........{8.G.m../.x.q.R4 .<.......a.%;j../..>.n.x..'.Q..._..[.t...LD.sO#.~.8.h..sY...."..m..sO...q.....Bi..l.#.MS....L..3.1G.p....j.5C;.Z......$....`...<!. ..........Q.......|.]f*...{.)r..1.G...I.....y...j-y0..O.......4Y.........J.n_?..8.....a&I......`.........7>....f....B.'5....l.....`4.>..e...o.Z.....-V.5.-.}K..hO.c..2."9..P....7R.>?...7J..`.o.....].U.c..yRKrH{a....).......F...J..l=a...v.m!.H...u..R...C~....g/W.z...q..?......&ec.gNr..S...+m. v...?..@....?..............\%..D86.x...eo..Og......9-./.......q3.....*...u....C.....<.w....<-Lr-.R.v<Xf%7..r../)}....u!.T..`...=..[.JJ..F.....'.>-...0|vD.K...'...W_..MF...Q.r+..n.......,O-.2........v.....ZT..Xxx.;....[.rg/.{C....}.t.{j@...|m.-.V...B....PMi..".....1-zA.ui.|..[..s..o.@.+.<.G......!.i...Q...z.'...........A.E%.C....8..i....=....kA..........LM.....J.'.,.E./..e&M|.......|.qo.+.t{^1.P.;.X...f..|.....b.L.s..........p.(...\....`.C.g...F*4..Qn...9..>wp.`VPe

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):17206
                                                        Entropy (8bit):7.990599351994194
                                                        Encrypted:true
                                                        SSDEEP:384:5g39s7OVrrPMALsLl0FKX5cQGK6db98M752ra/RNkHoy153F:8ZVfFKWVHbWM7e2RNyoyT3F
                                                        MD5:90807291B92C3BC77FBFF65F7635F9F6
                                                        SHA1:BBA2C5E26B9FE58DD07F0AA56CF72A8070294236
                                                        SHA-256:A6BC02C6E47CA8C6FE10A625D8D2E3B51F422987149878CE3488A7F0217D6201
                                                        SHA-512:8C3858A415D89B60461BDCCABB5A8B07FEDBA234C3298A15650D60D1C74C454950D31BD14D45BDDEFFC5257E48B12BADA2E6B243CC545BFA3B6E5E813234ABEA
                                                        Malicious:true
                                                        Preview:.4..%.~....".N.AT..$..).u...5..-....-.K.&... w....{Z.hA.../......P6.....=.La.........q.ug.m......^..=f..#./..(...XK.%Ag.<O.$yAb...u.C.a3.P}.'L..V....;B..cK!.r.).C.MZZ..x}9F?+...T..>$......./8D.......7$....q...x.%]..,!..#.._b.).fm._6.p9l..+...q?.`GS.......p.b.....%R.U...m..k.Ab8.........r.a2EZ4.rI........Z".]...BPD...{..d.z../..n.z....N.b.......n.*..'.6....N.s.~...5=.....p..i%3.{..v..|..:....t...~8.d. R..~..!E.C.......M.....O$..4.g.....(...Q...7....'2...P:<.*....1.....;b3...Qg...9..W...%..........-..wH.C2....YL..L....[h.5Q"..^Q`..K.:.lk......F..........(q..'D..+l.4...2.P.].NG.QQ....`(.5...[Y..%.n.q*.vw.-..2.@f......D}p..~.ko...6..... ......#{`.N-F..[..A..T..._.....=...p...3#..2xL..._..v.SV...T-... fPIL.v..a:.0.w.....Tq..2.`.bS.Pws....7F,....!..............sK.....DvW.].....].E.l..r=%..........i.....Aq....l.n/q@`.3..F....r.F:...q...R...g32c..n.v....0N.b...C.0..."I%.X..-..'..3^.2... .g.....l1..nU_TP.J..7c.....'.-$.1.t.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\DF0CDE23AA0F44779E78EFEDFBAED16DB1B4DF40.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):12424
                                                        Entropy (8bit):7.984927295538214
                                                        Encrypted:false
                                                        SSDEEP:384:HLzFMNF8VYVCa+oqlK3MwHkiBTLyqBel/gFfbdCQKMEXcZF:nFMNZKokwHkiBTLyselIFfb4bAF
                                                        MD5:42F9DAEE67A0099182252E880BB192CC
                                                        SHA1:5617470A0E54111211C76A6F1EB3C2E13E9BF7B7
                                                        SHA-256:DF2D2A55780E1C2038A7C0A5C98C1B5FCCBD1F312243C4884A98458CCA9FD392
                                                        SHA-512:6288F189FAF86A6B52B9DBBF07F6C48747D2B5B327FD89911FB00FC22BF59F37F29DB7F7A4B7E9225C1FB96D14437B62503E1AC88C9EF7C52607308A4ADAEC67
                                                        Malicious:false
                                                        Preview:.h..A......l....g..."@*..P......LW..);.9..E..b..%<...K...3..|c..9...R.U~"t...$f..w*......w.D..1.,........I"Z...3WC.v.A....6...X&[.U...[....w.e.....q.Ly.0.a.tR....4..........Wz..[.....{...au..^.wwgZ(2fm.3..\'v..&.........uX.{X8/.2.>...z.+HZL.Y+.@Z9<......,.......`T/.....=....dm[.:..K7..a.g.T..L.E...L.#...'<.y@B6.....g....'.H...gT...R6.$[.R.,..|q.6..1+.md.tv...H..b....K..s.m.3;Sp%.X|.=y......x.._:..$..G...........M.5...a..{.'.......1..)b1VR._9..Jb..iY.:cH.5+.R~...H..O...f.or.D@s...x7.w..g....+../....y..-..4.X7.U.7..!.6....|.Y..3...,V.._.&.U.(..12..l-...m....b~..8m..T...n.,..J.35Um#y=..'.%.F..%.K.....5f..(...R..(P.=.a..&l.J....w.2..n/.....h.....b.........?.w~..T[m._...*2.s.~jr..?U...j.....8)..9.@.O.ZoZ..N.1.....`...}...ApQ..4...t...B.?b.m}n).JK....=S...q^....U..`..7...8..-*=G..&.3.vQ7k.or+.+.....M....l....[.a..9.Vv..HA..-..j9@^~A....<..}..$2--<.../*..........p.+~..$.`..XQ..).......-/.w.+'......m...*.%z........Y.tq...(..Kk.4....)...R..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\E673CA89D86A2DE6C94ABF57948CBCA43E7B8EB2.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10061
                                                        Entropy (8bit):7.981175341780338
                                                        Encrypted:false
                                                        SSDEEP:192:wyQj5Yu4PFOb/EMfD8wC2W0OYVBSEOu89og7LCkUD81KszzIZVzhjdnyVfQDOc5w:0j5VeFgffpCb0OY/SEO9B7LYwKscpnav
                                                        MD5:B936096F0CBB0E10E09A09C3397BBC10
                                                        SHA1:E53F13BE576D5851300D2941492FCC23F80EA791
                                                        SHA-256:1A462AD1F20736FA07A05EA0AAED174DCC58DA331E33AF73EB0DA140469C2558
                                                        SHA-512:6E53C54C32AB58042B9043A1F49ECCB17857A95567156881826AB372AFEA200EA12404193400E1B71EC29852CD37FCA918C250FCC118199B1174DFC76C58E44C
                                                        Malicious:false
                                                        Preview:...>o...Q..O.(G.4.q.e..."..I......x.(..r...lM>}.N.h....o.>..._*J..l..z.-......~......z$(..FoU-:....x.J.&P.4@..9.g~.4...\!..-w.Rh..k...J../s....!q.[.l....}...U.]...J........1.6...O,.....x....O..f..._o....~.H...~R.P..`.6.8...3......V|.......'.~Rxo. .jI.......*N..~8+.rq_.@......=?....6.....P..$..G:..g....L..]. ..:_Q.A.#Z..I.Z..:..$.k~7....Q+..8.....G.X](......=....q.....z:ve..P2..I.O@..LXu;..~D>r..z.yF.}....a.2....|....j..4...h.9.m.,......cT,Wq.G.\.../...h`.{..n..m.E...(...f......b}..........3_}./NK&./..*..F....(.y>.I..frv;.....@...Uu..L.`...M.\].)`.*.l.w}....q... y.&...c...L......Bbp.`..gs.r ...V...jz.?..qn.Z.......#.....T.c!04/.....W.lN.......Y..8..._..;,.W........r..5H./B....k..a0[U...K./3... I...,......ZG..N.$V|..z."...V.=...7...........#.,...e..~c.X.L..T..$11.3:.4N.............k.g...(db...T};e..-..DL.3.).N......r.E.....mE..M.J.5.oE..p5AxDT.`.....A..,#E.rV..VX....o..}2.@.X.....M......3...-a..rhKLL......+ P3......(]B..J..M.?.

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\E707EC8A256322E87908664A49F800B7B48E0961.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):21316
                                                        Entropy (8bit):7.991959166666475
                                                        Encrypted:true
                                                        SSDEEP:384:AQbTDlsNgD8uRSNbNoDnkLDS3PL+CwrABwUto6i6OMG93DOebD8VhcLLkMEZF:BPBsNfuINZozkLW/L+bASUIbtHAyLLkr
                                                        MD5:8EC34FD0674B5E39C06EE0DD02E2A6E0
                                                        SHA1:B956C8BA4C290E206A82328630DD754F0D077FD9
                                                        SHA-256:A8837B06253DE2232E0565BD4F723F966BE9FB3547EE5EF0B34651F2EC95B03D
                                                        SHA-512:BE9B407A1705BB609EF1CFB7D51E7D3543E60CD6A06D05FA0A63FD3D9B76DCDB2661DEB48475E772A78FB19DAAAA9CBCB35A2387783AF8D86C11926974E3D3A9
                                                        Malicious:true
                                                        Preview:f..0.qcM...................8u.6....eG..../b../......Je..../L.......-..;...*.8Z.W.<.....i......7.rQ.b..P'v....."m.`]..QR.4..B..........E......j../3{..n._%..+.w_`....>y..2..+Hq`^.`_...T'~.d.E..C2R..B,...E.C.d[h0..*E...>..3.~I....|.X.a........w..F.9...PR....*w,...K.#.{XL3...k.P.5e..d...r....M..hWS.k....$...A..k......9v?...!P.yt.|...w..'...S.;d:}....{.eZ.n.O.........i....Tc.......F....}...G....p.rp......`.^..v.!{.......Y....Ql.g..d.....Yt...yu....)"m.Z........).z.6.a....|u......!4j._7m..wU...lB+^.a..ig..........yZ....\0TK.%....vc?iF.E.B.:.D. ...5...*~.LB...<...&.8|.)..f....P".L.W`.....b.?.>.k..E....].v..........r>.........,5w..........g..8 =..~.H..v..C7(...v.....G.P3L_......T2h.x....i.(R..zy....6.V.5...FZ.'..D,....*.o....\Thf7..1.6,..p...e..m.?..=.l..t...*......."A.v....=.9...4,.t.ui........c.G.w0.<...m.s8.N.i.....{......<N..F.[G,.#0..m`...0J..G8..{.2R3..5]5...L(..V.....j.;..1...m.EH.F!.....=.'.Cg.....B......<...."B..d....[.7..x1...\.4. ......=.B5.....

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\EA1E3132006CB34CB9058E6891C35B731B9C4D9B.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10600
                                                        Entropy (8bit):7.98103626189198
                                                        Encrypted:false
                                                        SSDEEP:192:2aoJBjTpTvzU2eBJ8g+UVShYp4BAdC2m/O8uZa7ch/Y5Y+Mrn9mmF:0rl/q6SSexdC2rfRZT9mmF
                                                        MD5:41C60859EC412F2FE91024C7F6CC91B5
                                                        SHA1:71B363EC9DFBD6DD5AA721A9D1EAA88C397F7491
                                                        SHA-256:77692469C663041A838CA2A51ED2137DA326D736AAB58C5659C18ADD07B3F618
                                                        SHA-512:D314CDE3D2F67A86302E92B43929A3A4C2195C6AC0CCF0D029DD25FB515098D34C2528E2FACBE18EEB0BBD16693FEB922477616F48345EE5717F62C5D7F4DDE6
                                                        Malicious:false
                                                        Preview:..P.ga.=...0.rm......l..eY._...u.5.q...R...Z.A..].^.......zmy.;P.M.]....nw..+..<...K..-.q....OJd......^!k(..y...........L.(..r..n...)\_9..2.....s.Q...?K..q...b.=...S.....j...5.*...(G..0.Q..0DT;8.v....Q/P. (a.}.'.y..T.....g/.f....6..k./wm.:......E...%...Bl.>~...h.|....$}.CI..f...._G..w.t.[.@j.....-....3....@......A'..._.\{2....(^.i..;....{.?j}.."..t.-.U..7x0.O.4Z....w....?..8.c.....H.....`m(f........ni......u+].AC../.JE..=n.{...c..-....~..Z...'..>ck.=.9..vT.P.. .B.M..]....w......f..Uf..N..c...l3.:...gk.T.4..._W*6.`i.....u.\.>..lo..[....6...6..iv.].0{..6.!.4........#Z.1.aUq._..#!.Q....{..:x.(...)I$S..8 \B<....u2(f.<*.......b..7.x...*...{|.v(.L...EV@r...~}+..u,.o../....j*p<.P..;......|..;5...4W=.[..@.W.......S.Bz...].Q....n."w...7U.....%v..y...~#.#..P=.FL..+.U.P.].}.<..uAC@.".....t._@...p.0..W....k.06Q.&.......=7p.Z..S..XH!..gOq.Q]....|..(.RN.....o.M.b.j..-.q^.2.V:....RW..V..`z.H7...!B.rh..O.f...GZ(.dt.......81........tu...e........a...74

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\EDE675BC5BD66B9EEBD8A46A4C06CC47C388FD92.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10622
                                                        Entropy (8bit):7.982327898773783
                                                        Encrypted:false
                                                        SSDEEP:192:RuK2UIvM5edAc6ayg1UQK8pxW/+C3Z7QBxBAMlh+5oXsAftzF8DgaaF:XXIvJSc6aycU/4iT3ZEzAQKoXBH8ZaF
                                                        MD5:32E8D63ED6DB8FFEAFBC5E588157414E
                                                        SHA1:74A3E543A6B0DB2FDA7D1E9362B2157DC88BAD8E
                                                        SHA-256:A19C92EB6A5C57E527BC2EADC3FA21834B051B657A63129FF84D673576D2DCAF
                                                        SHA-512:2B949C419CDE305B77B69A261E72D582F3B04F63E59901BBC196CAFC196E69289092B1C9F789C59CB3911B0FEF27AA28EB3C33F9BEC1A044651E08D1AD6F5CAA
                                                        Malicious:false
                                                        Preview:..W.@.._.@.......3.......x...u.3;..TbQ..y.O..B..&h@C.P0K..8G~3/jw6\.z..oB......}...2...^....)Cr..Vkl.~......`...v.......Xj..5.......4....._@.cu..,..!..$..p\.........%..s.#Z..Q.Ok(.K%.....@.H5E.b.#..&...rFo........7.7v.mC...K..^zsJ.r..=.S....C..>.>lp.'.1.6.j...l.6!.9...3:.....k...v... !_Y=|-.o.z.:.L..\$..k.xKg..hn.....0..Hp...%g.".i/...x....H.<Me. .4..}....{....h..C......\..c.......{r.>$GM0...S[*...<=..%M........f.......Y..G..d....l..5...~..I.pq.,.C.a.u...N.B.......,...m#..n.....@.i7.ow.d.aW..&!..U;..h.YM..P.0/8.8".a..st..Z1...|.-.w|U...@..D...p.....9`.|M.....6..n..(6..h;$......`{.(..C...PZl...o...../?_.j.Mc..&r2.......:.^...y.[m.:0j4.....}............).t.8..^....@...S..e.0...y.....j....s....x.....lI92(.....NN[..a3.....*.m..(E}.yQ.V../.J.x....Y.v....Q2 .....:-.....8. J.Hr.J._.v..>.s...$.2..........E.}..-.....a....f..\.,0:....6..-..(bR..q. .|.....G'..2....8.Mu..#..;Nnn(...t...?.0..A.?(~}..&G....)..,i."..)...6...W..U..B./.G.}h.i!<#{.Ob?..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10166
                                                        Entropy (8bit):7.979653197178549
                                                        Encrypted:false
                                                        SSDEEP:192:Z45mfiijXyXbx7IRJftGw5ubiM+fahCGNDSbeHl3Jkq8Vfzc2JVBb3MEuTF:iWjyXOPtG2SXbpSelyFI2JTzXyF
                                                        MD5:4B59BCAF4D3AECB191876E3A9247DCF4
                                                        SHA1:DB36E7B309CD07EC5CE72A58301C615B04F3FB6B
                                                        SHA-256:D50112E322B48A5C7CB391FD59ECBEF96AF50434E86DEA7B34FD5EE3264B589E
                                                        SHA-512:039E97B5A0A91E2C03A20DD823EE83003AD87614502A5270084D3C400B7C23AFC6A777D811CD57D5BB02E94C626628D084A28896D54D5DBBA391C627AFD981A0
                                                        Malicious:false
                                                        Preview:8.Y.Y.q.p.....v.LsF...3..Y...';.5...t.|?"9ms.3p.e2...dJ.7.+!.1....G....&..".;....,.7.......v.....s..`.....5.....$..lwBE9..vsNwc.~k._.e.H...........|..G.CQY+gs.&.y(...<}...Mh.....p...~.3|*...&.]...l.%l.u..-R..6 ..8l..P..1yy..f.]..z.i....+.>h........)...N.[!b..0Xs.5.W.W.R....._....=$o.1....S0..c..dN..4...d..-c8j .;B........4=W..c U.fq,.....S.......n.x.a.o.P._.....6....j..F....g...<.(.v....KL..L.?_...pd..%.x....QC].L.....z.d..`...a5z5..g..S....... v...=....$..ai.~"......q..a......V......R.:..p3..V....N.D(.e0 .ku.ra...K..J.I....jJ...LQ........7(f.t..4..xJ..3)ik...[h.n.D.........c#.H.#..4..Y..^...Y.9P*2{.."..j.R........D.t.a.h.v.4~.....~.B.N......F........H.../X....i\."9JI.Z=.qu."..E.'....NJ.G..3........I.g..[..T..%~::.,...V..h...........+..0..B...y...S(..s..'.../$...K.^...P...;..d.n.dmR.b..D.&..6V.9d!*.a..`....*...[4...X.q.8....L...kqh..v.e.N.8......2..(...>9...-.5...H!/....|....D.*...6.......". ..p...W..*.....*......{.0.....y.o}a.$...@...8

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\F8D5B76A1EF679D7E128B67E60239325BF22714D.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9539
                                                        Entropy (8bit):7.980162942929178
                                                        Encrypted:false
                                                        SSDEEP:192:gHeYaBaicQZUyr09eGaBpuikyIztSC5gUA42hulb12zVLv7H5uF:g+YYVZUyr09ZQpARSCE9j5TZuF
                                                        MD5:BC03536F93A48FE8F0E95313A3C21F50
                                                        SHA1:ADD40ED86557D2993B3567EAEB50A4860ED00D5F
                                                        SHA-256:D9BA29969E22B375D291922251A32BA28E983A0D7BBE622C95296B039004B185
                                                        SHA-512:46B5B8F779D6E3C9E9EB684DC4C14A454AB8735C3483B958DAA967675D22142F646509742854163F3C31833185208A0810704AC812B2C24C025993B26FEBD318
                                                        Malicious:false
                                                        Preview:2...=.q.7Ro7IPC.e.U.p....*./..@.d..W..)......N(..V../........Q.z.-.a..I......=.l...|X.]..W.*8gee/5w......g.!8..LvE.:.......3..*.9.m..K?./t.../.t.ss2@..<a..]^6.5...3..@/~b{9M_!.Q.5.;3...T..-.......+..2..Y..sTl=...<.q...t1.f.I.v.....j.=.?K..w..k.Hf.zh.qL..o$}......3.bz....w.?H..+J.oV+...n.....&._.<2Vi[so...bb ..M.....=. .c....,..:..(+b.z....>.|./...^G.5[4cs..#...3...y....]6..2n.n..`....C....s..f.zI....e...w.............]..3Z...X...hk......v.X..I..mcv.V..\Y...;QakO7..t..2.[.K<.4:Kr*."B..S.8..$.0...3....q.+.....,.W.Pk)K....;..#z....b..z.45S%WF.........c...5wCsX...h.4&...1R...r...w7'......t.....`.}.Z..?Tb...+m...vL&......>.%...EL....0.1..q.]....]..]....h.b4......\q..kr~...p?.a...-...I...~.8..;....=o.{.8.\\.C..O...4<........,...."y..........'.O.y.....>D...x.X.t....+.l.9.c...P.n.j.........n.....v.2=..L.^..m...}\6.%..oa.*./...M...bi..u.k.)S...4.w..u....E..K..6.* M...W..8_.}(..P3^..3..|2.....v?..Z...2"\U..w...z...XJ...<....Z..F@(S....E..(;...

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\FF63A96CB0EE05C4E8600CAFADA617EBA0BAB35D.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10073
                                                        Entropy (8bit):7.983127705162922
                                                        Encrypted:false
                                                        SSDEEP:192:lXeEczvymUu3ZB3JMiInK5v1nEID45fYcigzJzIRFgIRvIoF:lOEcrKu3jJMpMGDiIeFg4QoF
                                                        MD5:8980A3C3EE3C23F38629659B713126C3
                                                        SHA1:0CE3B14A746568A5332326A01A41736F07FA8308
                                                        SHA-256:0B9925795C53A8A7F75E547FF8F58E68D01E4740858EB762506C77128C4AAB57
                                                        SHA-512:2715C2E79E8C048F2E0D773394765EAA0A84536915A6BECD26C9E088D5191FB22203654BCE96009912A872EE8C76E40479144CBF7BA98F9A1E953875B7411183
                                                        Malicious:false
                                                        Preview:j.."q...y[......f....?z..2..a.-f.w..q...py...V77..$....8_...t..|+..}. .w..x.?^.P....h!.d>.....2.~u..t..8K..\....IN|..].i.@."......... ...C3..e....o.;..eCf..'Lk|/xZ..D.o.}.d.0.g.]~c.].........&...6...b....q+;0.^.ye..~.D.s...*Q.......{s..\v."6..V.........L.".G.#.c$Oi...p.l....g...Wm..../G.]...,...P.LM.4.z.....n..](t..,..z.y %.z6.P..._&$.2Z..g.a....9@...?.Wa0I<G.i......Me.P.*..<t........O.p...Y.....A.w.h..e.S..t..~.tm....-....U..!..W....b.......q..x.J..Ne...0........[.._..)l....9.h..`UQO`.n.fR.}..i..a..7.....m..n..=.t....S.Z...l.m.wh.../JtI..q..........b...P1.XA....C....N...O'd^a.6.....5...%......m.[.r$...`.7..GQ\..c.. H..U{..,oW$.2.....1.4.1y..Ib=..)...8.....GLOb...>&.c?.?......j.1.h.-....a..$...!.5c.....]..m".H.|.M..4G....\M.;.T....{_;.#............x..l2 ...).....\4>...|VI...........&..*.%.h3...{...T..|....3d6...O.w..HxR?.n6.f..t..)W...l.W{......0..C"...BD]....J..E.u.....A....\...U.i.N.@[...h....M...T.....|...p..,?+.D.y...N......yF....

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598\13723.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):39028
                                                        Entropy (8bit):7.995633138307944
                                                        Encrypted:true
                                                        SSDEEP:768:wKRbdfEPsawWx31GZpD4e3UNPPyY3mGGKJBzNikHlVocHQs38OXjUMgMIF:wKE0mFCdT3UNP7WGHJBzNikF9Xpg1F
                                                        MD5:2E731F1C956A129795D7AD3E16B35705
                                                        SHA1:FBF57D2315C1A78A8E4A9CA8FF66C63FDD9BC1F6
                                                        SHA-256:5FA4FEE157BBA40C69809302783D17D6088907DCD073260AD9146997F1C36DF1
                                                        SHA-512:F801141A6B473C000AD70A526B7BBCCD7DC73A3D788A94EA926FAEF44A5A4D18150B6F9A99279BA41BC0C1AD309D1212261253B2FFAB2BF4A81EBD582C522968
                                                        Malicious:true
                                                        Preview:%.lj.59@.......`.Q.........[.rX;*.!%...L.l5B.@'...:LB......>...M].O...W.....$..........0..B.'....@..LPk.7.%..Z..j..2F......kJ.../.........'....x. .z..v.l....,..<a...)g}.R.mw$P .3)]~...*.?.h....KH.W|........%iC...oo.,.3......./..$\zj;wF.s\..x....D.ril\.N.k..[.-...CIJ..........a.[..d.e..K.|..HP.....<.U.9O...:.L...........z..%ow..L..&.'oV.=.j..Pd..E..r0.8:.."'..f.s-....)....F?'j.+.M.....mf.%..PR........q.h.....h..nhO..X.@'.......w#n..B..8.W..g.DL.$}......84.;...w......\`..s.;./....E#...f'Z~.4S.....c ..^..|,.i.[v'H.."...<.J#n.........'%.n....}@.(.r..wH......|.....l.......1H;...V..<...........l....E/..d...8..#,.....,...F...rc...Bf..DDY.?..N.0..W...@.B.ga......1..~&N....B\..`{Q ...&.....l..,.TB....$.O...$7...>...,ghm........".AH.....jm.+l..L.9..$un......j.xz+..K...E.'[YQ $....z.@.aJ...z..aZ.T..JY|...-S*.....Y9E;.k..T...[.l....#._x..k...oi.G ....m.uV'..}....twH..[..[B.h.L....7.....!Ih..B..=..%X.1...4...`B.......}....k.f_.:..Jv9..........o..t#\.(Z}R..

                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.976698261429561
                                                        Encrypted:false
                                                        SSDEEP:192:lxpvIaC6/V+h8A+kojKJJnvu/ar5riuLQT7QLW2X1+9qR1rLE00ZCPBANs9GSF:lsE/ZKJ9WSRiKB3+9s1rLbPmsMSF
                                                        MD5:4CC73BED9B31289F256EA2319A4AF14B
                                                        SHA1:252444E2DBB759E2C2E69EECDF012C48C6F6751B
                                                        SHA-256:83F878447596BDE1FBAB79EB05BAE104F674F906E20B166C63B2FC18742D5456
                                                        SHA-512:917980C676E2E6A09B8B1B996BE072ACC1FB4A83A76A41C322BAF7721543A141865DC4C3344808E8A0CDBE3FB2C74B036A5A1A2FD6C08B1124A221458125BB4C
                                                        Malicious:false
                                                        Preview:)'h.=.0G.....[#.7y%8l.G."4.7z.=9c.W8..D..II1.{ksv$...F.U.M]..8.y......\)...|..RD.Z....,...G...4.....Z.*.....tN..'f#.n.... 8@#.....J'#.~...IN...J..`.z;..3.......AU.E{_...y\...N...Mj.x..<D7G^....s!..8.F2d.v.......J8...x..+;p.....k.D*V.D.g..0.U......9.q..X....g.t.[E$....LZ....N.k.2..O...}'[...._j8AV.#..3_}9...2....A.......:..lS.C...._Z.| J..:HO.?...!*.K..}2..h.=.,...I...^x.....Yrv.v..Kl`P...c.HT*8.V62....a...>.RI.....3|.t.W.,..d.u.cWG.wM...&(......A$IAV..j_.......h..F."......_..DHHn?..L.gt6....I[.....\`J.......V..S.` ..~....."....L..(..(R...w...t....Q.A!....@r.=....?..o.a7..Z.........v........#......f{.i`R.o.i~.s..A...Km..2N....!.^..r.$..m..h..$z(.....9...c;,|9Z..Z..B .. ..n]>.W.7.....A..:}^U\....*.m.y8....n.h~N..ybn.....#.^A...V1s-...-.,0.....7D.O."..3"@p........{.w..".f..PL....7-...SaS{C.t.r...Z.9.u....9.X...]...,9...m...@.F.^...m..~..;g......*Q_...HN..B.~..I.1l.b@..&.........Y+....*^....9f...|w.2.!..v..\..&...W..r.N..{...:...;<..,....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.9773640937553685
                                                        Encrypted:false
                                                        SSDEEP:192:TpIDek1hVQMWd0exU0JBhK8Wl6AjBoRv5IlMJzT7F:TpIDekVPDeK0PMNloRv5cMlvF
                                                        MD5:0CE2C9AE35948F9788DF4AD1C5EEC6DB
                                                        SHA1:0E34C65DA93974BBC912C99CA50715222E9C3C3D
                                                        SHA-256:F264F1D3272A74A944B8D803B3A5B6651BBD464064C5DFDDFE3BA659CE4D0965
                                                        SHA-512:46ADAAE1362DFFE8AA2777987773C6B4A60EB2E0E27F84A330D745A3FBB2682F061E372AB07154E52BBEAABD98E921A9C11544E53A538897B13AE874279E3CA6
                                                        Malicious:false
                                                        Preview:.U.."......B.&B...T.c..G..x ...........?.\%@.91.B.y.e....OfW.,..*..>e..R.h5s...r..J..m3...r>.r.k..v,.p.....3.......;..$M.(........h.4....W7....:..iP)..Q...B..Gw.!...\...E....+....cm....D......>.u..~...O...p3....VQ...............w".n.[.Sd...Y5...I.W.c....Y..%.........m....E=..mM.S.........sF]^.S].p.8..O.....Q....}..>....:.P.n..;1..0E.\.).K.g...PJ....zK.....9b..)D.U...t.T......5}BGR..r.I/O*...{m.h">&N-....*..v.E?..':k.Y#....! -..Rj!....%.In..O........V...cE.4.....bf.v?.zC...O..x.}..D.|[..k.a.3..DU?..9..0V.3..;..y...[...N. K.k.c..QOE.......W.................d......C..+........5&....P.(.....!OV...H..z.N$..}WUQ/+c.h.............f.pC%.....W`<z...O..r..$....%~.....?...x...G\.15OU..g......F..&.$.KG.....8+..8P:.N...8.....`E.......C9r+......9.d...../.........7..`.J.A;5.y....G..6.f.."=..{....auN...0.3..)..R..,..........%....].S.U.m~..$.U-M.h.TK...E.Y#............i..'r...(.S.m*...D_..a..t(,)[...'.f.U..=.....^H.o 5\...Z*.b..........7...C.F....V.CB..."..n...L

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.978835119613671
                                                        Encrypted:false
                                                        SSDEEP:192:olM/YmFRu5qphF+mEJWlxk38QTCB1BbRuLPb0uLGgUa1F:1/rusph4mEJbTCtCPb067Ua1F
                                                        MD5:1B7A1C6F50DE8070A58A5CB5DB8745A3
                                                        SHA1:260B93EFCF93C0604994F85EEBB9574051F0ABE4
                                                        SHA-256:ACEA929F2E5B839E658AB66B7290D6B47F1D484D343BE45FF40F1881DCB4D3C8
                                                        SHA-512:BA16814B2BE21DB4DFD94A46153022FA9A2787EFD561C6F3AAF01D494B4E4141E8FBA95F9BDE95AD3D4F647B0FD0C96D4A9BC54736412923AC83C09327B4D811
                                                        Malicious:false
                                                        Preview:,..T.../....w+#|}....(...t....,*...8%-....k.j....b.r;:..m...._..vh..~F>Fx..(S..`.@$2.-..7.<.U.;.$..H9..f(..J..p.u./.y5.".[.3:{..Vc....s9U.........`v....f..S....Z.|C.t'...h.L...J.......8..v.KJ..Dy$.\.9B..*.A.K+....8F..Y...,..|...{.k...O...%..v.)V..J_..] ..-.Q%..uS%D..m.d...2'.b2"!.YB.7..+.K!t.....k.......o6.Z...^V`.<.k.b...+F..M......`j.....,3#.A..z.D...}f.#p.:.>Hw..N..N$./!....T....1k..B..:YvS..vf.l...Rw.....f.:....lGJ .^......|._s.g.0J%.1ue=[..mR.........5.q... :....)W.(...Q....w.~..o"i<b..r.:....d.,gt1.3sw..=...gZ.j $.Z.~J.....E..Oq*).f..._.N<N../.... .Hs...+..F.D.4..9gU.f..9.....p......3..#N.K2..t.....[.......5.....QR..2....0./....E6......<...S:o..iQ~.e..*......n.XY_...W....A.......;...O.....P...W..T@=..zoO.b...U...]..Hr,..x.*F.ol.........3.]1.-.n.=3.a.n`9..........$b...F...gV....>...c..w..I.$). ..V<...=...9-..$.d.@.:....~..s.36.].!*.2n_...sn..X.N.A...A15....Tg...."1........-2...&,.7..1+.^.......%...*.Z.T.N4.V..!a......?T...F+.CS.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Secret Key
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.977192910008155
                                                        Encrypted:false
                                                        SSDEEP:192:30Fs+VHO4nhVoiN/GtHl12xppQZ4OxORYXmnP12F:31+VOGhb0tP2mZ4EOGXmnPkF
                                                        MD5:9F8779D09EFDD06C500E1F626C661005
                                                        SHA1:004B11CD98A3F5AD368F40DC7238535000F7FDD7
                                                        SHA-256:09BBD2BCCC2D33AE197E9BA75C864A8081BC8B103349739D38DF1326048010C3
                                                        SHA-512:EEE40C5A8B508C3C7E5E7C2DF28D955BC2CB896D3A7EE24B291BF9E10B144B671F0B062BA942E0262ABA25CE60392B12141DAFA6352EB4179EAAEC2613BD0EA0
                                                        Malicious:false
                                                        Preview:...}..4...r.........#)_O./s...V.......ROV9.-..-cP.._i.Ux...r.]V.;.4:...z.8g.x...k..........b....G.H.T\A...,x.N...3.Z...=gc+.e.gcz.g.;.Z....u..%.s>..p ._M.#.....;.|...7.d.G.....7.$...C3.z..h..... .|:v.......~....Wb.].K@..T.{.x.a..gq....z.J..o.......Z-j..{z.]-R......).......!&8.#../.i...6:.pr@I.^_fb.@tL..8..Ri"b...X.F........NVg.IL..6P.....N..G..}.'*M.&o..`.uO-.}....atl.k$..;T.L.q...n...{..c?-.NqY..b.%l.DM.'9.8.`J[.^s...A.F.;.[..$.>6...6Q..*.~$...3..8?.....W.I.J....]2.X.........?"a9J1x...-.Q].@...%.._...d+q.x.e[.wy..cM...[.Sos..i..g........Kd..xO.Ti..)]...c+...K...h.Y..;G..E.,..'...t.p}.....`.M^.....5U.i..`.g.&zO.....<-..._...9gQ..bl.d.`.f....\l......*1..a.!......)..wM.....4PI.r.f...7...G(..=.i[H..SI....e.k.o...g.B..........g..F.:.^-%.Y .~YE..Dz...........S...>..!..qaN..hg..\...x.L..P.V{.V.{e.T..^$n..*.4....&p.............B8......r.)`.......S....e.?N.#. ..w..5..H^.x......I...T.g.9......7..s.h......tL\<..e..X....u .>.9u.L{..,..N..].n..!...5.....+

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.979742366047363
                                                        Encrypted:false
                                                        SSDEEP:192:OgWuWNKL4cDfk83Rv8NHX6H8cTVJVFfXq2ftDQ1XHF:OpuSS4cAqRUNKHjpqo1QpF
                                                        MD5:373CCDA466F5F4ADD50401AE4B928BA8
                                                        SHA1:7E9980191F6CD2D3763BD1593ACD53BE10BFB64C
                                                        SHA-256:6827A8F13AD950F823813D6F17792743D2A681FA865B6FD5DDB5C47074DFA3BE
                                                        SHA-512:5D8F66D7F32DD9A2E7614396FAD76C97B137450711CC084C47CDDD1EFFB91A1D89B979267F4F8830B8B0BB50240DD8B6E1FE1B582990B2AB1D26FB6CD22472FA
                                                        Malicious:false
                                                        Preview:..v.,~.....qs..{.'..H.-..g;...$..B....O.V....c...hZ..-.HE.LHu6..?...*.D.)...h..eM.....d!l......=Osc~.!..+...2..w.8vX..Z..2a_......#.l.w..`...]..f.e.)^.V..q.Apa...e).1E|.e..K.hh^M....%.x.L..y.....O..........=.u."q1...^O..]Z...YXQ"........C.gi..x/.y..A.......[6..^h0b.u$4d..&|q.G....=..........v..kV?Cm..s...k......._...$F..#mK.~6F.....PL..{S.C.q..h..5....?.MB..x.p..d.-0w.Y.j{1.&.Q..+..x9b.*..cs...C...C."..H.uB......@u,.''.].....q7.......y.b....,N...o..V9..0f.. ..../..X.b.eu(,.A....@;8.G;>}..Ac........q/.N....+..T...-....."O.....oW..xH6NLOR.P.M....IZ.h;.....p.....`O...fj...rwL.->.eZV........,.L...C^..wm.t..%[.[...,..I.q....^.{&.S..KJ...~...w.nZu..H..[..dw.....`."..\CK..XC.~8 ....b..yrlU..M...(^F.X\F6.M.H.+sf.<.$..t....+..h..T#..l./.....~W+......7<".(=%...+..m....Hh...Wx.}.-.h.....6l...^%.r.J8..{y.g.Z...B9#...q..G..9.5..ho&.L.(H..0..M.-..R.r..+W..zf..(....h.\."..m.L..Rm.t7..S\...]W4I....J...".|.K.v.s........p.....C.r.I...........PX...m....R.B>...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.974273369389981
                                                        Encrypted:false
                                                        SSDEEP:192:T+s5FF2Dt4SqKAqb/90jdUfyYEjti5Id1GG6ugoWY3O++rF:TRF8nucyJti5IKEhWYe+sF
                                                        MD5:75D4604B8AF7FD7AAB8935259EA29BF8
                                                        SHA1:C9227A6D67D47417ACC883BCD9CF930B04E7EEBA
                                                        SHA-256:BE5E39CC1FBAE75ABBABE933D93B0E7ABE562000E01B10862D4C4EE508857733
                                                        SHA-512:C6C7AF64936FC13767F833BC672E02FEC6ED4629056AA27385458962A66B694D58FEF8183C7558D57384CAA9C81057F4FE5C918FA208CDF68A319F4F8967E387
                                                        Malicious:false
                                                        Preview:.\4F#D..h.BX./...G..6.=..c.......g;.p..d...#......."....N.].;..."..{_.......1.....el...^\......1a.p....B...G.w....9.QP.........T..f...2z/...HY|.=.W..;.De^.....N..z....'H..YZ..b....A....7..m9.B..{..NL5....G..}.$...@..4....mv......5C...y ...n.*|OK.NK.J.nU.U...!.....).._.I.V...]...b.T...b{....R..\e....2~&.,O...Z.;.cg^.?."..t.F.Y..D............vy..md..0s..N.........#?`v..x....... P..........}]NL!..y........j.Dg=.p[knn.n].*?n..g......8..DD...M4:...g...y.#..T!.......X..t.f.]/...`U,....ym...a..5].io...x'W...8H.:...QB.61....%..\L.Z..?...t/....j.f....}#....".....jeq.....U.......KT...*.rj....a..C.N.hUvy......"^.?N..\....i...14O.2>Z...S60(c`.._~.E....4..\.P.:....1....}1.....>@.s...oKT.9.!.!....7._3..F....8........).[.U.>..........V..&.&..K.h.J.^_it....BzU...<..D..4....^6.\..~..\W.^.....j....?..@......0S.......6..%...Z.(Bz.R.../.ZsZ.cm....3..4....]..7..@LfX.#h..Z.\e.......U!j.O(.?....@..Imj+,oS....3a...#S.f.......k.7......8...t.y@.#.5}...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.97938504641704
                                                        Encrypted:false
                                                        SSDEEP:192:NMqHwyA9ITUsRHxx9bIv8ez60LZ6zF0dkW2+g0DMPu8cF:SSc9IYERfbo9m0LZk08+gaMDcF
                                                        MD5:9196362A30207DC5175D7D5053BF3E84
                                                        SHA1:8491D2860155AC355747015DEE2B189B97690C93
                                                        SHA-256:2646B3169560FB23D5C97638D1FF6DF6EF8E25B31B1FE100A4C6C1B3DAF51ACB
                                                        SHA-512:00D660F9F3525E36C2C2700710CCABA6ED1087437F691ABD41DA30961A0A7DF9ECC2D3D8A365411EF4B1AC94DB85A71E974B5AC6C947E506142DCD74180E8059
                                                        Malicious:false
                                                        Preview::...o[....c..`......9.5x..Z..VL..?Xp.UO.6.^x?[^....b.......P......'....ii....B..<..z..:.|i...CD..a.h.ya .Y.Ac,$W....\..t.7@|..\........._..[.Sj..:7p..tlpG.R(R..y.*..9.d..M.8..OD....o).8...@.sQt.`......jd.........g..U.B...u0.....w.PR,W....g....p.?...h.+.V.y.O.S...M..B...d..s.l"....L.X..0n.T.hE...i.....N..G.U=w.g..G.+>y..iE....?..(..4....,E.X.y...)<qD..2.rX..Xi...On.....k...'/.I(6.`.v.-...J);4.....!*.g...P%p...]VG..3..t.7..4^....3...|..R.F..r.......$....p..WMl........%.I....}JO>...b.HX..C..N...+...R.e...#T....?5...T(.}.9-............"#...|.....z..RS..`..n.Gg...!...`t*F.L.+.t.A..4.T.'.....Ni..#.k..:...c="R=D.|....5..BX.{.....e.....x...pt.\-..C...Nz9..C.BT.yKj1........_^..k.$d.I..P".=..f..?.>$.+..c."..?.o.....+.G3.~a.....If0.C..h.@.j...9L{.+qT\...^..l`......";nh!}./(..@.I........6 U....s..B.J....8.....j...le..R-....~vI...x...].w^#%]!...0.&1c.....a..L..Q../.x&..O..E..\A..f.$d...]S.[......~.^..o.T.J+&.s...'X..Y..6...`..l.......Za..F.....p.T..u,....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.976757423535183
                                                        Encrypted:false
                                                        SSDEEP:192:zyogd6+LlvK6hM/YdgF9uOz4Dg1ecNrDgEbY6YtwsDow3+9JxF:FSo6hyYdgfueN1ecNHgY2Du7xF
                                                        MD5:92E4E946D712361EA1B667FDB2676884
                                                        SHA1:08F1FB4D18A6A567AE945477573BB67DAB00EFA3
                                                        SHA-256:B3D60A6562E3EE333F553DCD9174D45F9486AAA81AA0E332194097E855A2AC64
                                                        SHA-512:CA181D8F20F621EA7A5C650875C4E7DD5A4DAD879CDB844FD1A85563871927AB257718558E2BEDAE7FD88D4AD34B0ECAA850CF83283B553FF290A04EA4A3670C
                                                        Malicious:false
                                                        Preview:&W.V...l..49.5w.........2.\....A...F(.o.B~.....7.Q.`\..m.H...=11.b...Y.R`u-..Jf eI'+..5..C.........oA..^.z.)".d..S..2''*.!.C].Y..$.~PF.F.Y.nQq...Yf3..X..B...U..8..4.<.dD@.;;o....f1....vo....==pV..`Z..k[..o...-.r.......,....&....<.~..Q.2..*.......k.IF5...m..m.|j.X..a.j...J....E...,fyP\.F<#-)..{..7..A\..QH.75...`S'.P}5.>....+..z.g..t.....T.......n.2.B......5.....a.XJ.V..z.Y...7.[..v.]}XV}.5.....h..]\w.E^^1e.....}g......I.*.M.jZ3.....iI..84...AZ....W..f'L.=..'^t..7-&....?H[L{.J..j#t....g..,.J... Z.!....|U.A.!..+..9.Bx....}.".K.~....._].....|as..T.\....R)W....c_.Pgj.sID.<T.j.l...-.]..../.^....._..q......X..!..Q<..I{.l........ZS}+-....d........$.p..,.7V]-"....|.....Hcl...T.b.2.].|r...*.R......K.....?.~..C..f7Z........SE..M.r..<.z...O#..>..Dr...f. .s'Y....T.dL...Y,.<\~..F.............|$}s ...e.?.v..r..!5..r.7wQ?_.f..nz;e!..). ..\?..Np......9..is......]...f..-..3...k..!....,r@.3t7.0.E.#.....2..S..6...0.q..MJ..mn..=#5..|......,C..76k.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:DOS executable (COM, 0x8C-variant)
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.979074439781165
                                                        Encrypted:false
                                                        SSDEEP:192:o3ehsWKoRkf7SKQGghlP6lFZ+GDuL4xllFfltYF:Cboa7HfwlP6t+PL4x7FcF
                                                        MD5:BAD61C00D013915A4D2A3A5EA6FA4D1C
                                                        SHA1:DC9ACB9E388F1B8EEDC18E57DD4F77B5A9F32850
                                                        SHA-256:F325A7AFED8FB5DE92EEBF44B5356B81E0C0D45A8C85DBE9153A608826709225
                                                        SHA-512:EEB163480DC35A00E416A0229F4EC81A7870380E07E7184FDCF7725B134C00859943D600AA797A1AEB40028B27E64B862F8F7FD423533CE3D335B5A271F3A29C
                                                        Malicious:false
                                                        Preview:..<../@..yD~*.....Q..-......7..@~..x|g/.<O%..y...~T.>.W.==x.iR..A..sx..qu.Rp.. ~.)i.vn.....1..r.\..a.c^... ......[BB..if...L,i...zi...Tf.NO.!.T.+.... X.p...{3...[...Rd....*..AlD.+..i.M..e-...."Y{.../TI.L...)...1.m..|>S.4NP.J9...".....Q.-..65....../.|.......Aa#u.................Pku.,M.C...c.PI..)...?..1A-.S.....F).$\N.>f....2...dr.O..}..}(...B....G;,vY?...TR......Asj..V.E..D...S.Z..L[.V..K.:.D.R..E.oO.T~p1/...A...`.;'..l...0..vI..B.v.../......kY...+.I.d._.Ze%9Yl...uDXc..0.x.=.&L.:Ft.s.....n.u....=.SOg.......B[.1...~$.v-....5..OQR....Q.....5..p.b.p.......jn........K..J.#.5H.Gw.K...lf......{7.:....f.I..h5?u?....g!...%.e....."0LRi.C..N..]lo..7&.....z.J..;....Uu|...%sS.Q<.. ..m..ti.z.9.F..g.!...t.5.z.!.f.:...{...ld.2..".N.>.........4..v......{.-<A._..tF....C@..fV\#y....O.Wp..pvd...;*.;.Z.._.S.|.@.CY.1...GJ...^g./..T..g..<p..e.l..0...+.3.sv.....*.K#Sa..g.....Y.j.f.d.ia..).a...4\.p./.i*.QU..%M.w%7..H..?...j....F..F.9...(...,#gW9...j.....\....c.~.(

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.9790718412361645
                                                        Encrypted:false
                                                        SSDEEP:192:a/eXtiQ6C2JmFs4/kenuC7pQw2X+1dH0PoEemd+tLIs56m7F:a/wtNKmFs4seueHq+1dQex0A6UF
                                                        MD5:4AC6605E996D1258BE5E2F951DC6AA33
                                                        SHA1:2CDA06CA4899AE8978891AF612073F845D0E134C
                                                        SHA-256:38A84E7C297E0783A6266701E35B1350FDB354279EED8B4917BAC8C23FDE70FC
                                                        SHA-512:882884002BF08854BE6D699F23F569A1A1B91C91A1C256F4AE646C1A42E463F74627CDF09D8E9304C89DC228F2F705EE3B5011D8A48DFAE9A62D5A9673D8D1E8
                                                        Malicious:false
                                                        Preview:/....=.o..U..lpj.[.v@..,..J#v.~...'..C...k...0V<..}.m......j1..+`.I....i...I6....%B..n...3..57:....l.Ix.(....c.....t..8.$..nv....B.W.(..u.*.&.k..uM..g"....>>.4.#...D..^..%k..?.....A.5...{3..2W@r..&M.B...\_.L.......n"5.p..xu..$Q.+..c.........N2e/...Y.u.....u.......xJ..k.Cd&.?gQ...O....@k.Z9...0..[.p.^..=..[..."..{zW/7...{t....9..d.*..l...\......`.cI..W.*...-. *....>..Sax....D`....&.3^ .^L./3.".........).B...........Z.&8+......".8a.A.../......W.x.m....]y,..0d0..~-Bbh...Iv;...GbP U..l..L6`...r]"...h[.Vh>.'N...l...+...RnV...ow&W.L..W.o8.wb........P.....i.sT.u.C.A.'..{..,...@`...I<.t.5`.....j..E.T.J......^..../.g.d*a...K.A.k...E9j~......+.....l*k.fy&..w..Y.A...u.._.W6pL.9..!..[....KO...e...C..Z.........G..5M..f..LX+.4...WW..t'..Bk.C>.d`^..@l...b.~.s....G.%.X.V...&.....C9h.U...0`.&:...e..w....oo;.ms=X]..,..p.i...=..}p.-...I..9O.r.f.....^^4@.s........H...L.cl.......j.......S[L.6E..;Jd....u....K......T...+.7w.A_..E-*....@..+..}.P..$v.`.a'.F@

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.979782289964658
                                                        Encrypted:false
                                                        SSDEEP:192:FX4hDB2ruhhTv3gX9rp/RQCE04jAmUwx0L9bF:FIBgX9rp/RG0mz05F
                                                        MD5:F821D81330B9D9D34CFE7B6A9F497159
                                                        SHA1:7F64494ACB47B095EC033F47E829DD7453B8B019
                                                        SHA-256:D3AAEE94D9F1A0A4FD729DF92EE8CD225AEDAE1CF67D9BF29C0D31437B133907
                                                        SHA-512:0483865720F17A25C3717190C21642E5F1CFB52221891102AE226353EDE557AB7EB33F7DFF4477D4C131491CF205EBA49D3110A4CB1F446BC6FE226AD429AEF0
                                                        Malicious:false
                                                        Preview:...9.}C..e..I_..h..x."..r$*......^......|.....h.b...D.k.h...t R.........3........7.w..K6...R.4..6.s..7...,..J..8...#.=...;.......fbr.../k.p;=..[..E.P...wQK...]..C.;.<.'[5r+S.8..g8..@k.4.s.WW+...+....VA...c...a......W....\.F..e.I..z....).t...I.X..5....5q.y..<q@.g.6jy.2..../.3..<.\./...w.e.V3.r..........>.Z..Z.-,.0H...UlxIR\J.2....mM.D...e.h..<...=^..x.7.f...~...Hk.../...*$.h....L9+...k.....B.q0.._.lR..3._L.#..@.j_....?~..{..(..gR..!.8...w..NTp.t...Av).heE..;.z.8.7...."..=..?..p...>Ox...R..c$O+|._.~.r.fh.....wv.......}...f&.f....i..9....5...o....w.....C.....c#.Lm.<..8.Oc +$.YB"..mq.d...G....&.3...N'..U$.uRt..K....z...L...H.G.V.CFI2....\..y.r.......s..%......#.B..U=...^d.+}.iM..z..Kq.i."..l..5d..d......%.LM..>Z...D......#r1..f..:.J.>.O.....gf<3......b....c..........D...k..J...}...z.G.t...@..SG.fhR!.o..5^....KM...^.n.......je..9..&..S...0.(L~g=bo..-.3.t....,.@.a.%g+.M........1+. .K.=....R..q....0....$....>x..F...m...._..T8dP...,...j^.^.mUB

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33023
                                                        Entropy (8bit):7.994490990932293
                                                        Encrypted:true
                                                        SSDEEP:768:nntLT9iaXjm4myP01qazrw4BFgTXCImeODGlrCxXWdf9GCJwZYrlKF:nnJ9Rrgq6RLgWImBKlrcWd9GCJwZukF
                                                        MD5:10BC04E25B3A9E9BBACAB9128A33DBAF
                                                        SHA1:18EFE1062D23D76B297FBFB1B3BA7703CA14045C
                                                        SHA-256:54453A507B3B7BE0BB69D90FCA8CDAB734A745D1C72518AEF49665FD5C5C8CA9
                                                        SHA-512:55C631A0AA7768940E60BD562FC3B80CB0BF8683F6B72F779F36BDBEE06F97CABE12836F3E692A3DD674F09346E3EEBC585DC0748FB3751A266AA09E95E71BC7
                                                        Malicious:true
                                                        Preview:%tN...l....8G.b..s.")..?....<(.z.P%%...&M..^.P.h...%.....&r.-.~...*[z.:.>.V.Jv./......50.NAY....H&..~........$..Y.=..0.C.D.B.%.D.|..).f:...L........n..w.:....h...f...C.#.a......o.J.]]|.1S.'.["..........4D>....B...V....\G..F..g...y.E`..f;6M..........c...!\...+.k...]g.cu.na."....M+p.......O~.C.<"^ .0...m..X..p....}.>.^...}..g......s...'.i.........{.Nl5.._.V........n......Ga...,'..>3gYMe3F.Y..;......8S._....v...M.....^.L1.9$..*...J.5.l..A.f.r......p...w.z...9k.n...s..h..D.._.'..(bD.{......|.aLc}..8...........V!a.&X..Q\...v.uG.n...V9.!r.Sg7..?.!.q..v..ny...(.....uP.'.B.b;.....c..1..s<...Pf.O.....<ct..2..3..6..y.Q-.i..w./9... .....o.a......;..D..8!...u..T...l..Z...*....@.."...Z...;...Ub.-..BS......C..OZ...Q..g>.sj.....a.x...X`%...n.Z...&.....!;.^...C]...]..m...W.wx..q.3.(..;........q!.8.....T..[..~.7fV...{..%B..q.r0$..4`.".l6.....i-..wo.....)Y.u.........j..+v].H...=.d6.\.....v4.AV.w.2....J;.>.+.au.-....AH.;..?z%..5;....v.....:..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4345
                                                        Entropy (8bit):7.9520393892054155
                                                        Encrypted:false
                                                        SSDEEP:96:g/m6Exu5qr2ZjgYY0zkpCr+DYEJzGc1d9DwbMCZ/ILgxj47QleQ:oUx2xzszGGTD1Ux2gF
                                                        MD5:389B5244050BF639FAE5735C2496CEC5
                                                        SHA1:66CDBFCAC8019E4FC71E464F333225C84A3097EF
                                                        SHA-256:7DE8ADC34B6565863CFA269642AC0E6AD1976F0826C63F4ED20D816FA332EE69
                                                        SHA-512:D5D98708D5BF7DC9DD59371E466DA41FD1A6BFB5BFBC0BBABB0A3DADBEA4973F6B364F62532E786E3CAB1B83714BC7FCC27160B8340BD980FE376A285A4FC4DF
                                                        Malicious:false
                                                        Preview:..... ].`9.aC"..._T...h.~6...*..d%....)X.6.d=.f...WMb.erGM...i.D..U....=.g...y.1..8..824.pfT..+Z<gEt...Uh ...IpY.*.4....7...6..d......FzC...C..T.!......i.>...P.y...Vz,.....`.-a..dwv.[.....f.'..63,ER.......u(.m........t....r.|....59y.....c.D.......I.....kI.#3...[.O.....@))O....!"N....~.Dc..~bS.r..G0..u$$A...g.<&.t6f..j{.....u."...;=B..}....e..Kc.C..,..W........"B.#y!D..<Ul..=.B.&.?..e.0.'...Q.~.....(.X.u&&......i.....<j>N./o../U^.f7.H`O..q....ER... .I[.X......'.C.y.|...e.D...C.....e.{.r..]S.)...v......~i{...,.^.9&...Q..~........Y.....d.~*8Kn....Lv.{.o.].h....|#.#^.....l.......Ox.{G$..z......=>h:.J....[-.}?..R.....JPDBM..........a.'..5.....=..8.}..:%.\.l.{......f..I<....U...Nf..&W...<..s2.._..c.w1\........@*W!.7Z.Y.....Lj.X....../.Zn..q...1..._...A..u.^..B.=.i..@f....J]][.QqL....Y..S.a"F.PUS...*.v....].EJ^Q%..+P..V.R.cM6p....$......z..I...Z...a5.z..t$...)\....O.C{....[.....B.FO5?T....#:..L.0..h/.;..X.F......'\i..... .VshQ.v..6......&...I...uv.4.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.98109142302186
                                                        Encrypted:false
                                                        SSDEEP:192:iLi/0rv25qDx6l8toB6Xi2A6uQ30p9I8jHPQRlUQYHpF:iOavRIl8to8Nn0rdjvMjYHpF
                                                        MD5:68E7477A16BB3A3741C101D0A8BE79C5
                                                        SHA1:AF7F278918BE83EB9B1E4DBD7B717AE823F85983
                                                        SHA-256:D82286A8A4DDF7E13FBB692F7E3E08AAD3F4244F0D48854614C67455F8DFC21B
                                                        SHA-512:FF1656FC555C3A626F302BE0805E28724BB70718D2A281CA10788BC47D91193B5786471FF8FCE215812981EF631F7C510B6E92C22B1B5A41227389139EB5A672
                                                        Malicious:false
                                                        Preview:..O..^b.....*M'..V..{-.....9..A.-.......g......\.........5.Q3.~..'.h.q.....4......'w.....rz.).a...B]..I.c...g*D.!1...e..f...s.m.(.....M..S.).d..Y]/#.=9{5x..*....eU.J..>N...f.0).O.e...El.:.3~L....H.....nS.f[o.f.!<.i.q.-.+o.k.zs:....f..>%3......F\xn.n9c..*.lE,...IhtoB....*l.cC..r.oV.._..C...q..f..Js..tJ..o......)6..gx...l^Wd..?G.lz{w....%.A...^.!.k.....M.....u.2q;u.2y..........P..k..$+.Mf$6......F....w..2.0.T...]...M.]*....F`.G..0_.E.....b.7....8.;!r.....?.X....A..../../...JR.&....NO......d........vr.-.uE@.Ho3#.71xQ/...[.?C...si.j..~.*..D.-.....]Q.g7%.-.`K%....vT^..4.\..,..-o....=..h>....rzOb..N.xhc=.=9.)..&%..e..6B0:..{.D...J[...R..1...["P.@..e.}(....".]/.4.e....l..(..OPe..}.[.}4..^.36O.X.U.".0.....]..M..m..>6cd.i.O..V.<.a...CO(S!.s..Oc....y.....*.^..d....zv.O..M.....;..o..a.H.....-1.@..N..Sd.....V..K..g.v...GN.e.z..p..."gjt%.[.K.<2....Gcy....BT........J...C.GK..a..*..W.5..o..Z-B,....S.^x..Vt.7\h..........a.]....Ch...'<...QEj...S..^..f

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.9789730668564625
                                                        Encrypted:false
                                                        SSDEEP:192:Vac2Jw1ix3NpKCPIQqqE0eraOPKxon0tfS27uRF:H2qWrIQq9v7n04RF
                                                        MD5:F297174BBD6DD42ACC6B5D101D6621A7
                                                        SHA1:C004AA1A2C8341A135D162D6D30673A22D628FBD
                                                        SHA-256:7A4675A717D33827C626F89947F4D43B6AF69C79B6F9B9CD9F7E7F4244E90B8F
                                                        SHA-512:8418BD31C71E212FA1355DD061D8E724C79DB502469E64E372081B60A14F2FE22B8140E4A42DACF45F407EDB0C039000323495315AA4906828BC008770683994
                                                        Malicious:false
                                                        Preview:.?.h...B..C.[...6A.{...0.....0c.......$f.uM ~....j.VD..E..n*..&.m.LQF.%.....ax..B.M7....."J.Ok./.q...;.#...UQ...8...?....d.3.b.'....4J.Ga...=-...b.......N&.Z.vhJ.J.;..~.I..j..?..+.....>...Y.If...m..0...B....~.&....s.Z.0".>.>...y.....I..B....qG..Z.....J..kOM6.=...t..3..9...%..0b>.....k. X......&.1..j.21|eM9.,..0.......?.J.D..=si.....i...j..}"..UT.H:.:.g...d..1......*~..`.. vj.' .......f.kl...tBe.e'9........s.D....Qw3.WQ .......:.([.C.C..z.%`........Q...C.L.g..."..D..m..vVq*.R.n.g.;F.e.L]..ta&$2t..)e-.A.E.......lL`.;C>M1....p.._.b.#.....NpnS2.O.D.o[.^Yx./1.i..G.;.I.H.(a...{.4:.YiV..'. Vs-..W..z.7.g......._..$4w..&.L.]..<..n..... .g....I.[h.N...Hrm .H..?U..I3*_.].t,..DR..+"}.;..X..v.M..w;Y.R.M_..<"..(../...)...+..".p......u.].H...^......["m.)k.z...^NUA.fm..P.........w....'....Dfb...Fu.n....:.. ..i.h...(...F<'..L)r.n..S.I...9.H...._......1v.6..........;H....?1Nc%H.Ij....z..OU.'.".(......>(...n=......F...-.....j....F..,-Y..Q..kv)hHM5o.M.[....3

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1573111
                                                        Entropy (8bit):3.6001251615491023
                                                        Encrypted:false
                                                        SSDEEP:12288:BKu6qnbtKUe/lCfjX0Yx4H6OVo7RSxrChffMNpCz:AFqbAUSA/rD7bffAM
                                                        MD5:B9E84D018616634F7708B6C0E82BFA1D
                                                        SHA1:75747158C2422B0C80906097272B4AB1C5CA9A5C
                                                        SHA-256:40E5CECA8ADA63B559F0D3DCC61953AFA6D808C44B983E3CE62261F99B8F7BEF
                                                        SHA-512:12D36F556A3ED55D1C782905FC4BED56C003F02FA291A106B84AA6E8672DA6E4965662F1C0C00A18B6AAF73F92FEF3AC56252F2C715CEBB044E502DD97CF0F47
                                                        Malicious:false
                                                        Preview:.....B.Tt....Sak:......%G3J[w.>g.].."....C.F.U.~.gLm./D.l.3LE...lO\.yWF.\.:...B..O)......c&B...)......3i.X.....`.......&.u.I..8W.Q-.{M..p.v.5b.0.n..%Dv'..s......h(..}....Ct?.o.......{...z.....~....>.8.P.|.E......vA.....n?.."~d._....r&K.#.>@...<..J.>(T.rh.u../...%..._z.T.ypn...:..$.YQ...U..mc.q'.U.S_'..R.n..y.Yb.#...+J.n.XS..N....d..uK...i.%......"..d...og<"P.Jv-w../..N.s#~......1h.."`......_.3...:|.b(..M.r.JXF|h.Hk1.........fB.........z.T...L.#...P..j..O...>J../.L.J\q.32.....a...'......9}<..J.....6.W..bKXD...E......t..)..[4...Su....7....>.,..X..Kt.j0.g..]..s.......2?7c;..B.p.:...hK..._\...)...."ty].Ef.<~.y;..<.>..z'R...tN...sw2K..=.x.B/./...Q.6.H.-k..RyLH..S..?.cj.Y...K.yK..4.uAe.%.58..-H........NB8....m...~..#..3.T.]c..b.a.*.(x........c7\.:...6M..<..../r.i.ys`S...`.}..#.w..<.....x.Y...:.&..).7...o%..........1.?.D...2:..3.....b.+..~."...z....."O.jG.:.:.m.....YX..]5l.8yz...v......2.......U...EoY......T.;W.l.....I..>..,V....<.?.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):16632
                                                        Entropy (8bit):7.988460318275841
                                                        Encrypted:false
                                                        SSDEEP:384:TvJwji4WtqhCCeTjyMvNAncRK8DPrXgEjQF:Tyi4PCnzmMfDPkEjQF
                                                        MD5:EAD6D585C1A14D45B16360EF45FA0475
                                                        SHA1:30F5BDFF5426D64A6D0401167257524BC427AB79
                                                        SHA-256:8E70EFFD672D358D818833DB6A4AA64EA9C9E73CA15B791F27D37D2E1B497A51
                                                        SHA-512:38534D19DB9E26457497BDBDB0D99A999DB1FFCA7A8DCA239D938BA813F023F2CF15231BD3B3BE18E7FE8B0C6A095E83B37E824FAA13FBFF21C3A80A8789E523
                                                        Malicious:false
                                                        Preview:..........1.......Az........c.^A.@....B...H...:!.......1:...g.+....>...D.J..l...[+?.........6s3...\......#..1.!..H.YkQ2r.o.?. pH.~.2.w..5j(...'n.t2.!.D.U...3F)..4r.##V.8.Q....c.."W..T.B.].l....C./..M`).h..e*A....-.sXyw2r-......ep...gq7.Cb.$......Vl....@*....x..*+.ED.)..t..k..c[cA..#..q...+..a2..hA&z.....~...!<*(....ZQ.M......h.1.(.hu>s..?&.D...]w...u.5~DWkF..R.....Yp.Xfd.A.v"HV4y...G.+..5*..8r/./......W2>.....2?z/=[..o.[.'.....F.j.......k4C._....j.......!..9.Iwf.a...Y.RK....jMKa.QK.P.9@.l.C..*z.t.]....@Vb...[....F........9/.......P.;}.a..62Z.:..g.8..D...H..U.....j....0#....%)..".G.bd....24sl8......Z....1.N.t.<S......b}.....j..fy.B.#Bj.E..'.U..8G..}l..BA..a.0..R..h.P...(.......+.2.Q./.1;Z.t..D......Kb.Xs........I...f.?..J./Q8/.)...y.:....F-:=0.K6....M...|.}..M..,I .b..{Fx..&.b0.*.I...0.......}.y..).;.....T.n7..Kn..h3.<qt...kp..|....v2d...K......w..:..C..S..E...1#...!..}.......O.......!........P.]C....,.OS;....6HQ.[.......=.kFV.4..xm.......X

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):2097392
                                                        Entropy (8bit):2.878634727191229
                                                        Encrypted:false
                                                        SSDEEP:12288:wFJwsgP6Ha2Xz44EpVOAN4AGkRl8V+RdbPZamnnwBH89pz:wFJwsVjjUpgDRQ8VOlTnwIz
                                                        MD5:535BA3D97EBD23A7A2A271DCAA07FFB1
                                                        SHA1:D04213ACD73067623C359F78915CBEBF1AB1341B
                                                        SHA-256:090B4B79586D0181F60C8EB6F882CB5A42E3C31D2067F4DC76E291D2B6E444AB
                                                        SHA-512:80BE61D62B6159A6C8B1334661870D820A4DC410F43D128B52F0D6A8F3AFFE1DCB2301FE210115094C3F8A5EBA662FED34295521C6F93D7CABEC1B1C601CA041
                                                        Malicious:false
                                                        Preview:.....nK...P.4.M,c.v...b......6x7..y...X..v.1...@3.. x.@.$.U..)..v._..zlY:.X"F.ii..g.F..[O..<..^S...."(6v..Z.|]*_..N.;*...=...%.x.].M.q....b.h.....!...]....'.D..MzG.X......L._.N..G..B......[.+.&..L...>.......X.....a...y.(:..h...yc.<...u...\..........~.B.0#.d.d....>.... .f..C..R...E.(..D...;...L..}*{._@Uh9...8l.kd.......w..."R!...j....[R#.<..Ev../{..7...$.S?@>~.,..2.A..I..&...?=|H...L6...-h.k....x9.3V........k.d.,.!..KD..........;..& .kTBU.k{..lD.......yc|^K.5.....CXA [Ak96^.6.........42J..//@.,.......E.........V6s7+g}.e..z..e.......3.....j........!F.A.5..F....f.../.........".e...!U.B5..eU.Z.9..w6J<.....K.*......U.<Q{*..f.l6./z.T......u..2..M.|U.;....S#j...L^.'(..H].c..:......p;.g.....L.J.......b!.p....K...VU..g.)z..x2.f...b.J.8..r..%=...j....T3.%t}..+.....e6F.4*...y.:.H.~xX.....4.0...St....g(`...Q..K..).H...v...Tc.k....A.....rC..i..8.v...\.bA.s.:..i....t.9..~0..1-|w....>.a*.R+^.F..q.M...)V.Yt...B.%.UV.._....x.Z...E.Q.r....5<...XC(..Po.A7X...K1.D.=

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):16627
                                                        Entropy (8bit):7.99076622027861
                                                        Encrypted:true
                                                        SSDEEP:384:kt0wEVXMa+BLdexWIFXY+x7zqJ3xuwDsY/R9OAF:j1XMpBAxWEYQ7uJ3xnj7bF
                                                        MD5:C9E1E6B1BB1809159CD50F411BB1CECA
                                                        SHA1:D4AA83B64EBCE95A7922075FE00FA09EEBE11C8C
                                                        SHA-256:0F6FC8D99805B31F16986FC8A2B124026E8B2D292275F686AD666A8548025417
                                                        SHA-512:4F945ADB7EDFBD89AA7FD8B0EA9504B64ADF8A5472CD6CE9280D976434A3BD7C856277068D162BCC8C2C0276D08C601FD9EACDC50BD746FCD2A19765C923A5EE
                                                        Malicious:true
                                                        Preview:..h...@.&.u0.......3.F~.....AW..1..o.P..}.KCYBV...:-.,./iu.PMT..GG...]<............c4.,.4..^....z...).JqD....]O'...)....HY..*p.~...[DO...g..!........M.....X...&hf.EL5..}..t..\.S...-..Q#....Jb...K...%.$.P...Cy....KfH.:!..!.....l...a....A..q^.$...8......N. ..T.}.=8eBE.g...=....ut....6..kN..@..../2...[_7:...:."...^7..$s$..y..@...T.t.E.Q.2.m.....Y.I..&...|O.<.].T..%M.\.y .F....-(xu.*.^P|!...=.$7h.qth..{j.l.:1..W(8.{./....b...XF.>.1Z.....D....l.M.q%...H.?E.?.s..d......3...|...n-$...QK.5.......=.<.K.a..w.....c..O.[.J.e"..;..-..K&.,....Po.@^...p.}.......sOD.h;...E$.4........W.....!M.......3.(.no.."..Y...ACE4..1......|.l...G.`B...N.."......`..&{j.yZ"Zj:......H....(.............+5p.. ?..?%.].y.!&..6...5K..,..U..........c....ib.M.....j./...3[j.;....0..(....6K`9lu..k\.b..A.C3(....,.m...(..8}..K?.9..K...ey..c.T.B..U...E.C.F.D..^.... .........B.t...#..w...4R.~Rd..qsogJ....G.z!.&...V*?&.DR.37......K..ZQ..Y.{H....H..q.a..._.Du{d.....I....+Q..qPaC...f..i

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb.chk.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8425
                                                        Entropy (8bit):7.976711743224916
                                                        Encrypted:false
                                                        SSDEEP:192:a3q2mSHB2jp7Lp+J6gjcXwxfQidizyRXr0cASz2aF:a6CHEtp+secXqvoYXrSSzfF
                                                        MD5:1A29508F651CF1303D108BD11BAFB0CE
                                                        SHA1:57629EE0FB9F1602E28A01DA645943BCC6C2ED9F
                                                        SHA-256:E69686F25CFB9636302E56CEC089706E9EB23399880A18A9D765393598A51409
                                                        SHA-512:2B60D1704E3EEA76FF2D9ABEDBBADE31FD13F6A8AF06F6FA8874470117D048AC71A99B781A795BD13FB28CBEAAD580DC61B0B264C5022E2832229D0FC46419B4
                                                        Malicious:false
                                                        Preview:....Z......GW.".x?...).`Ec.t.......]...^iJV....r.0....o.[.a.P..Pn.?.mmE..m..f.t.{....N&.k..9y.+.6...-..#...z.g$...?...^..!.F.../..K.....@.!..2u.4\..[....w..Oh..<.a....9W......")..>...Q.?......C.e'J..k....h.!7.K.....^..E....d..Q.h<.!.cv..2.N`...xY...W5:.. Y$}.. F.&o..0r..U.....digN....M.c.@..........n.....>g.......,.=..w...[..;.#..:>.....~(^x.....,..9.R.r..wo..I.:.U.C.,.{.`Z...D=r...m..BK...#I..0=a!..}&...(f.....6...'.9......|.Z......?....';.....-.........>.?....a..ex3.k..^kb$.S.......K.8.%......|u.g.8L....>..F.}U.=O.....#hg..6`\N(.....+.|.K.TE..Q..XE.9J.\...5..A.iU..>..^.3...TA].3g.c#&...D..#e..U..lO...V_2K....J...._..!rg.^1.l.}.$;-.S.\8..S.A.9.3...b/.,..=O.<...p..."I.E.~H...........g3}.9.....z....x...)...V..F..p..3.9...<g.{.\....M.$n...EbWr..~O.&....^Z.5I...e..^...a....~q.8eH.G.? =2\.M....&Ax..~..!1;UO.h=uW.....%q..8. ...lbU....>...B.........;.......r.1.JQ..?.L...._....KBm.Q.A.Z......X.#.........&.Y.*4.IQ..n*+EO....../T=......n9.g

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):524521
                                                        Entropy (8bit):7.999580864090714
                                                        Encrypted:true
                                                        SSDEEP:6144:gtOeg1KBnKAgrrZ4mee2K3OMwTc5D5IpM0O1KtklU0+jtbVrPfRJL9tFzk1nkNaB:gIeg1qbgrhe7K3OffMfJa0etRjgLrQvw
                                                        MD5:0C37106215F06D973719BBC9DCF19366
                                                        SHA1:6D21D4774132BE316D3909066D346F7986398A7C
                                                        SHA-256:82B6FA97A9F2C8817D7FC6F344F2ACFB8904A14F5348555A69EDFF0A543D66BD
                                                        SHA-512:A319D78A297AA829011DC443EDC64514DF9A0EF811A9666C11DA8FFB196925CD8A6BF327FF9F7BEA7BBC409787F60E303B6B43D31C785C9AEE26B79136B2928F
                                                        Malicious:true
                                                        Preview:.E.1K....w.*.|'..yb......[.v......2......./. ...3...I...,.Kd7x]P.9.n7.M_...*~^..6.`D!..KT.v_j (........(.(.B...!....G...7.J1.~ss:W.Nw.0D.-.@....>&..........).)w.$....b...M.U...7&E.B@KW....N..=.>8._Y.=G.Fy^.tX...a...a..]c(..,I.wh.).=..)...s.@.%t....A...M...E...1\.....kL.....P.7h.$f.c.....N......9JK..n.y~\.yi3..n..M.%.@..].T[...\..=..]..+......>F.lH7f..(.....m.!...c.J....H;$.g...a.y.&.%.....M....q...._L.....1..[...`j..\:...R.L.yp..y.:.ZlpE{I.'.<3..24.HI..N....q..!.,..|} %P...l...P~.m)..V.EA.!.....lUO.54......r.@.aB...E\n....<.8a.{..EcK.>...y4z.....f.<.....".W......p...tQ.y_*.f.kz.B.sUX..x...L..^k..~.7?...~......K-...vQ..S..5^.|r.l.z/.4.?.O...[7.r.....{..Q,.V........`...r.\..B..#l..`.K....H.K.ak.4bYf.Izz.>..:. T...].....M}y...}g..@.d.l >.^8..N.p.Q.T...vX.F..C<.N.....vC{.2.af7...Y.JE.^e.t."....Wyh..c.bc=..}..F@.L.Ai...2....$..F.......a...Y&....~.<....$V6...n.B.4.k'.<..:....4e.o...p......"O..Qq.F&..+.jf..W.t....,...w%:..4..6..E..~..+...b..2...G

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb00001.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):524526
                                                        Entropy (8bit):7.999658022110897
                                                        Encrypted:true
                                                        SSDEEP:6144:+714Rzv+ZwQgKU+7lLuT/7olqE2lothSNZ9ECjL0UlveNyAci1k62HPYPc39kdUv:NVCJ7lIQ2Sthg9E2/FAy6PxCvTdPJ
                                                        MD5:FA78B6B9A656BA6613F13C2162E026D1
                                                        SHA1:3012929D0727B6549ECFAEF85366FBF21DD51671
                                                        SHA-256:F7AD7D364DF2020BED5B42C5F0552D94385702F9A1D29028B757363E908A1BAA
                                                        SHA-512:E1D1AE117A9051C2C526F9704EA7C438A135709B94434BB1A4B834B4AAE8BCD28326D82576778062F9BF9FB0FEB63B2DBE369BD737C8B9D554F94C988AB9E700
                                                        Malicious:true
                                                        Preview:.W...3D...4.`...Q.....s.E.4.j.+.P\..._ .m..xn2..g....../...R.e.*;...:g9...M<..w.{.a.3$Q./-Xj....rN..D..[eZ...d..U;.X..."MU.Vf..o.C0..s.a5`....f...O....BM. ...z.CS.L...w...].Z!...............\!.wL.F..@..^{.^..............E..e.vJ..9.....<.d6..+..&{.?K....;...L.f.._...}&-..7...n..#Y.O..UL3z^R.)#.+..+.&.I~.q..q..u'._.{...A?N..:...a........U....6...#......m...|'...S......3...u"........d..2!V{..QC...Q.I$...$5.V*...F.Ne.<.<.<.(:bz..DF?...u>..."ceS....c.....}.Z...Jb.u%...WE...=.........4..X)..ce..z..-\.N....}]^....l.._%..2.6..e.ugh......^..8.L?...<-_!..I..'<0../~.a.Q...&.*.i..A.8.w>.{....v.<)..W|...Z..4.....+.\Uo iKY....!...........A..0!.e..A.L?.%.5..8....>y..].Y...."m1.H.sB.>b....*......*..L..9.b"((.Z..."..^..J,2f.\= e..y..F8D...q..1DbWFT`.A.h.k.'I....H'F{.~..05.e.5+%.r^.6.C.m-.X?..0Z...[G.-.p.-..s.+VV..D.\..G..b...2oU...iB(?...t.Vp!....hK7n..U.|....b.^NZ...x1....C...^...t..IZ..&P.....K...O.8.....]..Y.j.....r.Bl.c.=.. 7..>.4..=.'.#~LUWD~..]C........

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):524529
                                                        Entropy (8bit):7.999664496804533
                                                        Encrypted:true
                                                        SSDEEP:12288:YpTbDRQaq0lYtj/Vy1hSoo5Uh2pTJngOk4rUVXT60DU6JdtSqV:ctQ91/VToMUhqs4QVG0DU6JdtzV
                                                        MD5:5D54FD3B1AC5DF6B22E5F9BE68D5FE97
                                                        SHA1:230EC7B8EA8CB304FA96FF530A8EE4BF0A67D258
                                                        SHA-256:450F79349CC8944D6713F06DDD772F22582A46EF2CCDC0BD29CADEB32DB4881C
                                                        SHA-512:13827ED5EDCC7453679FBA9C2FB1EF0DCD0C1CDB155994C7614468B3E9BC2C58C1714467D5601200F7D8180F649103C6B212D1AAA2A359B9774051F10B57D054
                                                        Malicious:true
                                                        Preview:.....U.\G...b.R..:..O...B..b...I...u..3.....L.a...].z.`.#.....d/...|.I..IJ.....]....79NS....G...D......:^..F..ks.".*Y.Hq.M.(.p. ..}..p...?.G......p...SP.X..6....T.8..(.Mf...4G.m..Q.=..MT...3..y.b...q[...C.....=.^79..5.w...Lc.o..=a.....s$wZ.K+.7.&(.eEp...P.....N[.YY0...;..*..wD...O.).Y..^.T.>...4...g5T.~.b..k.A...-G..N8;.-^f...>.$_.[....H.s..y....~.TL.t.OU5;8!''..`.!.0y......0.~.........FL.S........2.B'V..*..Y.....J1;..8o....h..8d...A.,.zG..Y1.'.n..z)......;.-..8(K'..aE.0j...._......Am{.m.?..7..d.C..aP&;Eo4u.t.D'..d\.W..|.{.:.2.g0{.f....F..]..A$....B.......?.i.8XW.7.b.C........)%..p.<.{.<v5...+.......K.L...$..h/.6A.~...@l...`..z.......6.".*_O$..{. ;..y.&m.F..7W.......-.v.^.D..<.j......L....e..w.q..N..........._.?w..}..o.........e>:.M~..^\.y.../.8YC...........S...w....B|.8.......(..WF*V........#a.}[`...Q...........W...v...;.;.'<..5[$}....I..rE.....'Q..mPh9e..W..\....=<_c...y.kL.B\..Fn..P.).G..w..rhD.^i...-.{1..|<.I6o.......,4....'.p\.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):524529
                                                        Entropy (8bit):7.999640425131314
                                                        Encrypted:true
                                                        SSDEEP:12288:HJ3e8PeV7pMZB6BBbwFXXoNBV3UjKZN5dUd74a0OfQaODKqC+i:HJOxMZB6XQXXGHUQN5uJ1pPODKqC+i
                                                        MD5:06C3097F20219F75A8EFD3A713FFC17E
                                                        SHA1:EFE13B1AE992F5C3E532CA77237D19AFB98C076F
                                                        SHA-256:D875D18E75E3A1E24193FA6F8DCF4F60FD35C555605E0EC7012454BBCDC2E4DB
                                                        SHA-512:F38FEC092D084F41A4FDAB6B513B36142A463F1C1BEE1DFE1BAF28C92CD48E1B61F27A6A28EE91F2A5140CB570E55E480B89C340EC3A875AA4FB0F180E0C1D50
                                                        Malicious:true
                                                        Preview:y../...8.NU!.$....f...J.....X.E..N....)-........[..O.I...i..C.....>DU.U...D.vLQ@pX.w.....XJP[.*..*-q.....eAh..A..G.~i.W..I-.J=>..l2.kX......Vq..i[...:..._.Q.x.s...2......&i..4TK......9............q....US..G6.....).....6...e.[..@.U...y.13R.t.........>Kq..6A.^..W.".cLH.Z...._.V*..v.3Z7...z...]!......F...q.Z.n0s.NX0..T...G&..Y.$...nvu.J......7..k.>...nVX....S.:z4.=...o.../y{r.Q.=..I=.....o..kH.2.UI...<...q..@.}x...9^...........u:...o.?..?.....N*...a...{.......n.w4.+r..|..?^....sV_cT....K.R.........b...%..2...W00.!i...H....QZ..g...h....X..lyM]B.E.@.....&..Z..H.Y......<....r..[)CM..N."-.&.I..H../.....^... q..a."..*.E?.i.2:.,.....(._.(.b..q...1.B......A...r.....9;..N.HV...M..3..F.%..o.xq.".J?.i....v.................]k#....I&|t...M.y...Xg.?A..KQ....X4..[...|..!S....|j...s t.kh.h.M........E1%".<..Z.W..3..h.../A.t.!@.d...uT..m.o3Q{C$..kO../a...+.A}...9...,...;HS.O"..~k..k...>G..Ab...i..'(.....$.,~........w.j-g...4.1e..=3&..rA=hZ....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):524527
                                                        Entropy (8bit):7.999590694749966
                                                        Encrypted:true
                                                        SSDEEP:12288:J+O80U+/tAXcasgdyIlaM1Yrt5EdBpaEzsVCezh/:MO80Ui+g8EM6rtoLAVCuh/
                                                        MD5:239D2D421FFC781A5E3925AF80F75769
                                                        SHA1:39F196431ECE72F46E2A42D251077A4B9162CD82
                                                        SHA-256:139E5C633EEC0F7D6375088DD6A3EC2A202D41BE717643373E0F680574B1144C
                                                        SHA-512:E27E20838E94C8DCB86D3CC54CA3B4DD18078A4D38E1D5948BE6D69C23FDF00375745B16C19CAD2055570BE0A41EFA35C0F4478EBB34441C52116C29DD1763EB
                                                        Malicious:true
                                                        Preview:.!.7..G./...S....v.........]>)\..I.;.....Y.~.7.s.j.]...].....a...;.{om. ....^..'...$.T...90.qen............8..N.Y..`,.p..`..Q..E.(...l..!...>6.g}F}.'...<.+...>X\.u...b.....I@}.....l.....T./..u..._...|.-F.9.|2T....C... R.....0.-.q.6.$q.l....jN..f/&8.E.K...G.PE.5.S.9.u.v|....b..S..2..bZ zp.^.`....6[...F3B......r.'......N+^.o.z..>. .Q.d.In..Z.N....Z2!I..a.N.(U!....(.Q......+..........D..e.E....(..$.\'.RnrA..f....nY..............!r..G...0....$..a...J.%.).m:.x...' .dZG...r...._.....e.....Xw.zI.w] u.z_..:V.....u,E.b...!.Y.l....1.Y......(Rq'X.@.E{.p..AY.s..$..[l....,.AWdzpb...M..c.]J..s.lU..(zJ.o[...T..{e.U.V...^B.........B....0SN..=..Ko..V......l..Y..D...Elrsf...u&....=..[aw.?..iN....w)*...4..W...<......KJ..>..p.-2..G....,.%..~8n..w<l,E.8v'...e...J.b.u.;f.{g......I..}h.......z...Z.s.U......xJa.s...\$.O=..T.G%s....... ?_..d.....L....*...D.".j....<a.s.d4V7..........I,.D(*>..k{.>>..Q0.[...n..@fx..=w.i.....E....=..'...4...?.d.jd`..q...U2.....B.:.3.z...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):37258
                                                        Entropy (8bit):7.9948737703851505
                                                        Encrypted:true
                                                        SSDEEP:768:jpwzP5teIldW9v78MQsj5zpRNR6a1EjI/CYH/0gDxHAtzF:jYPvle7ljlG6gQ5fxxH2zF
                                                        MD5:CA7E52DCED842973E71D95F92B3D328E
                                                        SHA1:4E1D371F20B9C8944A29B470FE08A4AFEB8E4F2A
                                                        SHA-256:FE90CAF67C5B8CAF8F4C5DE93DF2AD7B4F78409B8648B30E92C7C743822A5FDB
                                                        SHA-512:31938C7C3B1CEE78B249D3D4C8D36ED654A947E2A8CACB89618CDF0C0824B22A9059B933AFAECC5530F66CC87C4454DF1666DCB65A9555A8DBCA19FABA2B2B41
                                                        Malicious:true
                                                        Preview:.m".=`.....|..Ah.S....G.L...,..A...7M......Bh.._.....a).F.<.Y.q.....%....G....@..|.6{.2...u...w...TT.S........2.v.\k;."..CG.o.......%...F.Ro.&..P.ck.n.NoN.o........S..U.....,C......I.J....'..='Z'f.,g$j...".....z.2Jl.^j.{N..nQC`.E...,..H.[.i..T....&w..h....k.....x.:..."*L.=AP@.O.P..z.;...3{_@.P.............l4..#M.c..I...A...G05Mu..w...o.2....p..x..~3......1a.....n.I.(P.}|.h.....$.............1Wr..9.*dT.3........:b.)1.E......8^].hY{.@....2._.m2...?....M..PM.....`'...r...7..j.R8..{dy....%...j.....h..BR~.O.tc.F9.k....eFl.\K......);...9...$..%-.0.......*...a]c..G6m].....gb.N:.{.Q)@.e..........Z.M.h...B..m_.i.m..o.'kS6..QmYGp.c/.......O....htf.S`......S.a.|...J3......G2..\.(}.%`.yY...*........)i.?.+...|X`..(D2...FCO.)g......."e..>..F."...?...r-A....Y...R.....L.:.^..:.9.8.G...,X5.Y.r&....Aw.@"h,..m,&r........_.VC.J....H.H../....p..i..<..[..)L.s..u..3........r.Q.0.S....3PT(@.H]1..-.O.N....m1..._pN......$.. ..z.U5l.....\.]U.h...a3.R.../.}K.0..v.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB;PrivateBrowsingAUMID.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37294
                                                        Entropy (8bit):7.995488567779784
                                                        Encrypted:true
                                                        SSDEEP:768:NFgBFnbdnfikTJl6AbbOQXoA2hMNSQk1Q/7rLhwJ40F:NFgBhbdDJ405MMM1QDxwJLF
                                                        MD5:A00087119F30228956CB4BC8068EE2E7
                                                        SHA1:12B99A33CB9C3E53942E03A614213ADF6F308B0A
                                                        SHA-256:0CABDC8E637EB3D8A13F055A9BA395344C65B84F6EBB9111AA8C9540F514CAA9
                                                        SHA-512:76B419D756039CA05C2CA87AC19DEBCF372D4C1157326E3D45E7D04597434F3D3B68F50120E835EBA6BC83A6685260D0305368F4D38E3AF373E84F7B393DEA8A
                                                        Malicious:true
                                                        Preview:'..M.. .....9D.*0.w.".>...z..........q.*...~.P.....W~.Q*....M.>..)....LB=..mf..=%o.....l....k..S8..jVF;..A.}....O.)...m.......\....E...WcT}.v.-.g./q|hn.!.....M...1...v.d..h.}...$l..|.X.<S...@GU=...H.).!.4v.......6vL(.... Jg3...R..=4....x..9...=..ZQ.tf...s..VR%~.....9..(.T....8%.....3......H..te0...l^...!~..PE..@6..(..-j.#.w.Q&..O3GNJ(./...K..x...V...O...w....Y..EEN...\'..ia.0.9...!z...qq.,A.....'........J.X.W..:...`......bK(.?.h=..._O.=.f/n.\..To..Q.?,.%...)..K..K..........5..d..ol......u3t.b<...Ii.a.k.;...d.s5.R?l^mS.a..7f.k..Ya..@'....#=.y.!u.O..y......(X..........A=.G.4.....\V.N...;-...).].....~...[.D#*ve{.....f.E...h..s2..C._Q?..].d.{...:.0p..h..k].1.t.s.+..........G..|n.G...!I.ha..-..&...L..D;'iX.[!-Y{...y......R..)...y.M....2.^I..S.g....o..h.'R.>2...7...6v(...H-.Y|.E....6[. l$..?m...bZ.>..ALM.(T.t.iLXX.....+.Od...*.\|@..'....]G....ko..%...|....G.;.Z[l..D.....W...N.44....V1.._l...0...V....([m...>.A.~:..p.j....E.?,0g?4q."]..../.K

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37245
                                                        Entropy (8bit):7.994718131824952
                                                        Encrypted:true
                                                        SSDEEP:768:V1Yvp+SmwqamokFg98q26dggTDiplN9UP1SWKycnasYjNySu6Ut4F:V1EJnR972g6plN9mkj5nas4pucF
                                                        MD5:F02260204E7761E28254494C1157C99D
                                                        SHA1:6BA899A3C7418CD57133A058255E043DF1AB204A
                                                        SHA-256:1384F640A1410C6A45255FED5C74C02B7ADBA2EFBF4FE241CCBB2CB21B6C6022
                                                        SHA-512:2799EF1A9CDE929FA3D09763EE2BBD95293B3697FB0AFFE76984BB39242D2DCD294E405244EAF06666CBCD3590AB4BAA5A8A7FABC4DD1933D36C75BDA78CA440
                                                        Malicious:true
                                                        Preview:.].....!.....!jp..........J...Z..p.F..*.WW....\.p....b....|.p..$.f...n.|q.b...~..D..U.+.'.vu......s..P..|a.,...gPQ.'a./..@...[?.J.LYx..$v.y.M..I....z;._8.gy.3..-..V#L....._.W...c.....-m.?{eCv.y.3..Bh..Zf...\.L..M.X.9.8._i3h.-gNB%.H.\~~.k...J.,.k..'.!Oo...h..p....!...B..}@YB.^-.-.&F..Kk.>.N.k.1...<./z..O......Zq9...lu.Eq....6|]Q..]..X=.....U.. .+!..[z..A.?.....].....m....!dE..\...u.c......t]..2....{.. .;P.z...-.....j.P.g.!Y.9... .RnL..\.S&.......?:"..C..(b....p.....&...:..(...S..L....aH[.x......W.C~g.R.9ne.n....rK........hQK..LM.qF6Fb.......Xd....d?#.y.x.lx.8.....E.....DS....G.=..1.r.._.ZW...n..2..E6....x..;....mT.g._.....@...&`........h...4B5..b.|.ecUK.2...n......Sn.^+.]..WZ......n...-?...;`,N.oI":0...P/..\...S..Ai8.o"<8.....l....._.$.....GZe..o4X....U...)HFF.y....LL../...Lo..AKU1...3......_..(..Z.i....k.'.B......."v.,.../...-..8C.Tu1Vd).....=...R.]dED.-..m.7..s^.?.$.........V5....X....}.oo~@..:3..4...@.L~..M.....r.....(?d.....J'...L......l....n.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_aghbiahbpaeidepookljebhfak.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37287
                                                        Entropy (8bit):7.9951066389289585
                                                        Encrypted:true
                                                        SSDEEP:768:zk3ieNZURrw18QaHHDmayet4SAYYxLv2AplWbb4gMrGqF:zkSeNZkrw1QHiaLt4PplOKr5F
                                                        MD5:39A7EB7CCF2CF7A3D497675C77D554D0
                                                        SHA1:E93FC7B2E1B2CCEDFF6209C41305D9307683945D
                                                        SHA-256:DBBD2EC425CB1CBE8D80EAC1D9D701C4090DFEEF6457C5B9290D4D73E930ED7C
                                                        SHA-512:428C75D2A5B76A2B7A5A9D79DA2EADB6B33A1D3579A79EF3E3427A6D6688246FAD1C56B654E2EC34C4F21AC20EC9E6E15700A0CCC31E13F46BA04BF0AABA3979
                                                        Malicious:true
                                                        Preview:X..MnkPj5.?.I..P.fu.........i-...r..3..N....{.,K.....x...q.F.X.R.p.......T.<K0...._B=:O#.....4.B...4....'-..x..F.}cRH..U].\H..{..H....$.,jR.x.<y........C .9.zw}.....x.aC...\;........... .P....Y..P.`.l....D......-g.-...lp8.!w...{.n$.[.L.WP|.........r..jK|.21..|..Q.Noj.>...j.%g.[.W. 5.4I.V....r.M.- F>.>c.=..q...d.....XW...x.?7.cL.e.(....y6....Dk.q...U.>.....n.._7.kM...R5...QJ.;..e..U.'.....$.C...!..;.7......>.kj...T.S.ag,T...<..2.-.>.yi...$.hg.I./.F}..o.O ....m&A...k.$.O.......$cfs$....'b.E..V.R.]'.sI...V....k."q.....U..ld......M...+..'c..a...=CY...+....`xY.T...s..:>*......[..P..WE.k.7!&..!.7y#s...f...,'./.qntjKL.t..rj....2....2.@..C=....SAXFi.c.+6/.w.j@.,)H...Py.W..5.{7H...8;3+KO.N.|.].Gn}l..$e..+.g.....f\...u..Ayv.?R|hy...~.6.p@.......;iV..#..H....=...w.V...,.N}.h.l...9.W<..=O.......N..*_....CK\%4C.i{..........Y..]..S..\...}.[...?..>..... .a.".%..P1......N...0..;ua-.U.eJ.*..)+.V....%.G.U. .........h9DI....T.n.7:...Y.BH..i...teo.|=.vO

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_agimnkijcamfeangaknmldooml.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37287
                                                        Entropy (8bit):7.994290830228309
                                                        Encrypted:true
                                                        SSDEEP:768:eXPBpE/ih2uWmtxFYeVPDjSTp57XmkPUUQUWRajEJ9iEeZ51yvoWcF:eXPjSihXP7Fv6ppfMUQUWRZTOZ51yvoV
                                                        MD5:461E9EA4D24F4C2714B17844EAC476F1
                                                        SHA1:82626E50E36419889AD884044D34D03337895431
                                                        SHA-256:10BAE27EFA28E68DAE4BF1FC72CB0248FB440ABCC1730963D0C8ABF40649E512
                                                        SHA-512:BAFA72643650F66D812677EA11D8363521FCC7CF4368E188B7D127668DCC42B3DA95B077BB77C4F4783976998ADCF14465865B0A0FAA5BC61596343C29904847
                                                        Malicious:true
                                                        Preview:*Ys.nR.r..8.}r.Rw.HE...f...F0..F..|..K...+K.W..:....t.Q.DD.qa.=./...........t....y.Z...h...E.p'.xfc...w.p|..L.\#<.....0......,:9\..Ex.E.8.Xh..U.....R....1..r.L....7j"Z..0.../t.}f..J1.....A.)>c.b.O..$N.'x..%.F....X..f..._...i.P.Gt.~C...9.......v..]...u.. ..z%btxy..L.0{]...............A.0..b...Ld.u..r..BwWy(RG!.R..F....P..,A...,S.0...7h..p6;[W7.`.6....;+.[.!...(.%...M.............M%........&.%.Ci.....6.....\h....(}.Dq.....Bv..Vf-.Ys</N.!.coS...?...d3.B.....@.(^..G....cf.L.I..w.]..?.=..'w..(...T............EQ......h"..>b.....[.*8...8..... L:..{.s.........=.o2.O.T......'......3...<....:.`...y...<.v.l1.@..'[S.k=:..!..>..."9z.l...%_.0j..LV.M..Y.}i.Q.8.v.F..E.XV......n..SFtq.....,O.a#..^....39N.$..L.s.....fP..~.+J.6...1..x...tg.zd.sBY...X.....g...2..;..R.Z[.D_GW.Y/...k.qf....c.(...r...w[`..l.P.....V..;...%.6..V.,X.P}_HJ..3..Ue...IH&(...c.<..Dqh..v....V.?..C.hbE4.......1....R....!yt.o..o..{....$.z..q.....9mq..3..5...7...e......k<V.4.Q)..XlK|u1.@

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_fhihpiojkboajapmgkhlnakfjf.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37287
                                                        Entropy (8bit):7.994709500974487
                                                        Encrypted:true
                                                        SSDEEP:768:N9ky6a6UdIVOXJdEapsWk8aSMaXQApVEvFKWvpVXjrd0KwuF:nJ6axZ9uWN+ApVEvFT7PzXF
                                                        MD5:BE75CCE160FE0A115D5AD03427CC32EE
                                                        SHA1:C84AA2D34FA20C65FCADBE0D3A4772243E768037
                                                        SHA-256:FC12F9F393A2F7C2DB87D3A1F533413F7B71BF37BB87C30027C52F5EA7A433E6
                                                        SHA-512:212997267B6299816F477147944218D203FFBB0DE055C3E3AAC37955B816D9227071477BFE6026D6EDB4276A8B0E2B642F818CDA6BFC1D0348CE3DE44764092B
                                                        Malicious:true
                                                        Preview:.R.|....m.L.Z......]...,.?......(B:S.3.o....{........-.i.s...@|G..+W.S..T..i..M@K.v...sQ.c...9.U.d.u.)_.....\V.Bk.d........)../X......R....v..8.3"..PM....m?;Y..9{5.G-..R....R.b..,.lP...D....3....==C&.j....x.........M.k...q.2..8l..x..p.....i.n..F.*l.....]+6..A....:Bv...(h".-....k.2Q@..t6..j..........D>hC..A3..Vg."#.."x.~..hg(..[..b.5i.n>C.)...z<~0.L...09.y.m.XqOfM.......N.;....q.5..V&..$.c;..O%.;%..i....p..V.ko^..T...7....f..?"....{.u.R.?.z.3..E.u..f.i.=H..B.hd.|b.....2_J.*.J..4...{..>Hi*\.F..#.@.....pYK.R...mA....V.......wn...3cE.%...@...YA.g.(.Wy.B .*.1.}.m..nMru4....R.5c<..!.........PWnkWB..jGl..KFE...#.... [.S.w,a. J...3... .*g..........R..M,.b.)..*P9&#.....|Q|a.............C..%.....-.U...t.v~...8.].....p..p9..;.......}.L...T.dzlZk.|V..........KB......-0%4...3...w.C..@..hr./....n.m.y3.....E...i....PM/..0..u..2..z.?.......n....k.;...O....O#sC.D.%..e..~..P..r.......oY....R.i%....y@.>...?..<..X.dc.A.I.d../...\.,t.W.,.5......?F..D.].*..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_fmgjjmmmlfcabfkddbjimcfncm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37285
                                                        Entropy (8bit):7.995356370453823
                                                        Encrypted:true
                                                        SSDEEP:768:94MYfNLFpjv1dckuPwUVhI7DyuBgTziJ6P3Pu+KcVKd3s/uWo/wF:98VZp7X9tUw7Dy1sulVKxs/C/wF
                                                        MD5:A8871EDB9E6C707F87E3C74B9593DD63
                                                        SHA1:98DD277E94798D081075796C5D8D13B2D40D08C3
                                                        SHA-256:FC593FCDF9B62683B29DF7029219D366ECC6B889FA70FA04EA67C3F7781F37CD
                                                        SHA-512:48A0E433489610B417F6ECF280460BB796AA5282D35FC596FFE421AFC95B100B81AEE071FF10E5FD33522A4A25EEF167A4194870B58EEB5C8B330DC0BC4F0153
                                                        Malicious:true
                                                        Preview:.,..j.1.<N.&.x..z..p..q.v.......>C.....mV.........4...o..... ....siT2.%=.J..b........%..p.Jo).0Iu.>....\.G...Nb.5.,..8Q8(y........N......T...!>. ]....xN..X..:.....G0`..gB.Bi..T...y.....H.7...>.... !.x],..3q5.....2s...5#....}l.8.. N..Y....uT.).X..T.....`.....9..<8.8c$..V..e~....d...o...QZU...dj...,%......!......?.......Z..W...P...F.=..P.{../.o%..........MC....`.......Q.8&.hh.....6~.".Ks..fO.1....I...@..D_(.[..p0e74..E..x........!.^.4....8.8.:\.0B..Vv=..P.RT.B.J;.y..8h....2......j.~....d..ID=._X.Ka..M...Z..H..N.Bw.D..zqw..)9.........:.8A.'RY'....]..{....O5....{..V.h2..Wh.Bd%.....@.h..S..O....L.7.?.4WQ..0Rg..'6...>..v..F4..c.U.S.;.=0....pl!...S.6;].8..S..$e.]n..7..6g.su43#~......hU..|.Z..p..]..FU...a,J/.'....i.Z...)nV.@.E...l.(.h.. ..".D...V .........".yGu..".K=A........|T..S.m.-.;......2,..t.P....B_7..;!.u...>.6.-`~.C......t....mT....U...M.ovJ..m..i......`.iD.@.y.eC.....\Cu.7gM5.q......R8...f.-./.L.........S.M....'.....n...Fp..#.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_kefjledonknomlcbpllchaibag.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37287
                                                        Entropy (8bit):7.995574098400252
                                                        Encrypted:true
                                                        SSDEEP:768:7+DFJMZhsRw/Ef8mijc7EHXIreQkRo0g0F:7+2BsfEwsqbSoZ0F
                                                        MD5:60CE607FA30296032610B8F853FEA01B
                                                        SHA1:6E0331573C32F8AE4302826CE81C13F83CF359AC
                                                        SHA-256:294199B88414BEC7E18FF003574AF9ADC103045D34570FBF952D557D8B1F9012
                                                        SHA-512:331EBCC6128874F8E4C4AF1B2D8A0E68E2F809ED44117A533AF6FCB4AFCCADB23F16E5DFB5B471DC2253585C65B6CAAD384418D9DB137AD768229EB81C1C4E72
                                                        Malicious:true
                                                        Preview::\O;......5.....n.g..".a.X.....fO..P.=......m<..#..E...8.(..lE.!...r.A.."cUK......K......V...;...(..7K.. ..i,...E.>...W7+..&s.h..[.E}.;....J.(....vn...'...eJ..c.*T./G..<!.. ..%....~P.FR.I...l..]......,4.Q....l.p..w..}r.U.^.Y+8..!.........6..M.'...-%.E..&..0.7A.....\n....c..<..,T.....5...PE..S?.D...........q.JN.T.....v/....w{p11*..h...9M%...........8..67..+.>......>.O...i.Z.`.G..9.Q..|.?..C...b6.b..\O.;(...fV|l.++...V.....L.b....vJq....}s.~.. f...._......j..uJI@...be.+o!;.Om...=....0w.M].3......}SP....{P./..P.~.D..Qz....e...Q....%A51.pG~....(..P#!z.h/X2.e2.7.dQ*3Gt*.3..-j.+h......<..x..,,.O.qhU..4J.>...z.PM......l ..R;...A........3T...D.`.B+k.e...E....$....G,.2.\..]X.....^~....An.....Y.$.1Y...Z...]..u.hsR.8.....7...=w...Su..6...d.......b..v8....<....,z,.&...&...j...7..q.s.bqa.Ve.h...N..Yq......X..p..v.....6Zx..i......3w(0..}>..n0...'.[g..:....U.A!.......GU..p..Z.a....!..l.~...n...M`..^...q..!;.>H..Dl. .b.J..Y.._}..X..a~......@......

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome__crx_mpnpojknpmnjdcgaaiekajbnjb.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37286
                                                        Entropy (8bit):7.9954486755219705
                                                        Encrypted:true
                                                        SSDEEP:768:28sjmk7C275DhBxxcnintoDhCtrnSg58LjH/JhlMMscQ9EF:zw1V7dh2itOCo+8LjBhlMMQSF
                                                        MD5:E256D206684A32A093DAB9336337C90F
                                                        SHA1:18378DEEC96FC0C2ECF99CC073A50D1482EA596F
                                                        SHA-256:A789218311420C975B0C3FAF1A671444A2DEB0781629A3F11EE65B867BAA9376
                                                        SHA-512:5AE09DB1C259FB1850C21FDFEA99204524439F6DB70C69120620B938779023F2E0465783E9D5206B795AC49002FCC64D0A0BED426468DD7105B945BF644B42A3
                                                        Malicious:true
                                                        Preview:d[..1l..+$U.y.Z...[.m..fB: ..YhfDj..>.18.i.......?.....]..)..DXfR.D:u.I...<p%A....R4T..F.)...P8v..0...c3N]..1}....b.}`...#H?BS5.....v.0....~..g./...k...6|yn....0.....J9sR..D.}P....z..O.....z..XH\.TRe.......h.0....A.........R....9.&&.>......:...r$1."...i.DM..>0g...xp...b...r.ne.G......pt.c.....j...W...)......H....<..;......J2CWi..i.DI..X.XI.*...3B.....U..N.a.r.....:...jaW.3....>:Z..n...#...s.{.(...[(.y)...p..$(.rQ.j..c.s..xd#...F..'..+....9.....k.g...."@:[.c{.EaY..>..[a.......+..Z.e.2G.Q.@.h.h..'I.VB).....f...K...e...........g.-. ...Po.:Z......oC....F...&..d.G(r.."9."...^.b.._..|..bQ../.7..R'L<.....p#u.......'.8#.C...[C35.../n..2.x.............}...=..........6.]..X>.{..e.-.R.....0fJ.H/#+........m..O.5..U.8..I..cM.b..J.6&.*OPUY.-S...liq..K%....ui:.*l.....=..T..ed.].l/K..FX.t..y....C...E......_.v.. &.f....u.v..-.,.]?Z......F.o....W..an.....`...vx%. ...FB..W.CcS.JL.O....N.S..dg..m%..........Y....U.]H........F...5...Z...>.`.._`F/.0..r>.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MSEdge.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37245
                                                        Entropy (8bit):7.994803570266128
                                                        Encrypted:true
                                                        SSDEEP:768:xeAk1BANGtSGNjvLPxNab7LFlR0QT78nbwYGZRiPf8DRUD0CpF:xeAkJnvLJNanS5nbQRAfMSF
                                                        MD5:5F124AB951FE333732D867C6EBD7F9FB
                                                        SHA1:0DBFD860BD6DA2BAE9C55A3D8948585914994B83
                                                        SHA-256:CF9F203103642A9C0E2517B93D03FC7E9A92B7D0770D30025203D0AB6678DE3B
                                                        SHA-512:D61CD4ACA87278614D93F991316EE34D6A23A32C40F0377E0C98145CDAD0B50A5A4FCA59ACA4EEE9BC85BFC4C5C9895FDBC0873701C3BC725864011F70CD9F85
                                                        Malicious:true
                                                        Preview:(.g.i...xDL@.x-(....w)...rm..4..^....&..<.......K<.,....[....,YbB...5..........F.z.!...-.....21..gn.h......*P....._.??.)....mD.\..f....O.!.>...w;G....S.uUe...!.L..@.s..3...B.....5*....,..O..(.^y5...*).6.P.."z.V...s........C....JN.ny.X....;..6..m.p..,.w.5R....'."[...(R..W.....N.9.v.v-.......o.$.,F.e..t.O...e.....>..*^...*TT-....f-..u.@.k.%...>........^.?;-.p...h.`.K;.7E..4.f\jL.?/P.d.........W;%..9Oi...."......i..g......e..6..J....>i J.i.u.......T..')......r$,.......V...........l..,...e.Tp..<@.M.R..M..{..iH.P.7.-fa.....,.Q..U..*.l..z.;fiR!|,..c...}..6.Tr....JN<....=B~"#..&.l..}w.>Z...(g....t....l....".8.t.v.I<..........{..:.:.0A....nu...k~+.p...>..d.=.P.=..|N.K<T....<.E...'.t.7..(........F.'..P.........-q1.b7).gj....b-I9..t...U>"n.x.....m..A..W.`sQ.Z...w..`g.......D,t...+..UC\..Y.'...t.v...%.ZT......=j.c..~y..%(9..A.^.j3.%...e6.0.T..R...a.pt../l.)Y.8d^(@...........yKa...7...H..."._..hdC../.DJ.......D......~<..@z..3....UM. ."A..O.O.>.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_549981C3F5F10_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8178
                                                        Entropy (8bit):7.974333324908046
                                                        Encrypted:false
                                                        SSDEEP:192:UhZhuSuOgvSCgyH2d9mliTr/gofqWXvH8l3kkBXgl9SyF:UuOMEyA0liQaqWfcxk+u9hF
                                                        MD5:2C2FD4CA16A6DC341D700E51ACCEEC14
                                                        SHA1:5C5EA53C77BA2D6FA9A8D662E44F0AD297D8F27E
                                                        SHA-256:5DF4C8925E71177270A8F5286A75C8C5F74ECF8D4BA1CC1F3800E66541F0E01F
                                                        SHA-512:F2FD685D12DFE9DBA7DD736375AEF3602A88B7CD97195CC405264CB4AB0D7D5B386B1EDFA4B33DB4E1E6E9A284E72FB23058B8352D25F49DF685F6A893CBF02D
                                                        Malicious:false
                                                        Preview:.......9..s.#.c...[.&....+*.W8A.:.....3~v#K.J/.+..tFt6.....u)...r.Q..Lj.:......|.m.`.J.[5..itev._K.h...5.T...c..w.B.......|.~&.P..z*.......J._.............[c.-....hy...o....1..k.....pG...z...X...~..Q.z.>0.....b...>..Rl)..A..!.7+m.i,.`K..@xY....'9U..$(..9^U.>\..#u.6.2..#.+.2l'..t....1....B.~....&...X.H...M0.{.u...),\.0.M|H...g<.2}3j..!.........QW...;L...$....v....s...c..|;$X.g.mL..}.......Xp~.VE..^2..$...U.....^p.D..\.t?.j..]P..n.c.7;C:E...!E<.....~=.D..`..oas......8.7..>..w.........o.+to...._.I..."...c.C....AD#..=._..=.:f..NfJ.$/..G....X...?.2......\..g..l1..{.....Ty$.u..Oe.<(..".:NFS..X9*.(+.'...m.9t..@!..\K..9.?...e.D.Lv..]3b.......n....6gob..^0...."]A_.>O.....Vc.Q.wB.."n...:....W..H...........!.Y.{l....d.f..z0.z{..t.8......U..2_.......r.r.....P:4...G\...v.l.Kso.%>G.O...-.b$+.*Z...Bo.)vK....".Z....J..4.FwmO..P...u..z..^.z.w.\n.~..1..R....zOh]&t....._gL....j.4.'...HZ.w.r...y..PD..].e1".7...+%...If Smc..T8....LVIU3bc.Qdme..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{116229A7-9A3B-2078-DB5F-B5A20811242C}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37321
                                                        Entropy (8bit):7.996242425683053
                                                        Encrypted:true
                                                        SSDEEP:768:Pz1KrsXJbsGu14FUf+Awi9Ng6soAGel9RnXF:LMuJbsG+hwqg6NAVlPF
                                                        MD5:274C0DCDF767FF85F445E4E5CA2022DD
                                                        SHA1:B7F87472FAF4C61F361A9C9F7D256CE74EE56861
                                                        SHA-256:85B8BD028553FC5B49AA1B693D10A8CD38579242FDC8F560317450ADA6807171
                                                        SHA-512:AA10BF76E7FA858CBAA38FF3290EC661FF2052F9FE0CEE331B327F3BEA6208476FB22CB968994C4E545854B38D3523A21A7B913DBA4D7BD199A4FCB0F0ED2DE7
                                                        Malicious:true
                                                        Preview:<.....k......J./5.Y.j.(A.....l...J<i.fg..g.y..OM..S.. Eg...1._..p.!&...f....I..sa.Sk+.a.t..........._.N.uPG+..............`..#........V.#.W|......[....`,.,..SU....F..G+'@,o....PYZ.^..j..i.K.y...Ge.].)...G&4.........]J......;..}^kB..d9K........6u.$....M.e.m.Y..$.X.kLt&w....w"..E..S@|:...............f.=......&dO..+.....|..f..1g....#:....5f..k*.(..P`veA.m5h...4...y..#.......4.B....Y....,1..$8S...o.kF....t.1Uz..> ..rZ......v..|.....fN]..P......N."6.......U...Ie..A..y.r.l.7f...&.x7N.s...$0*......).rPU....\...&.........T...........h.x..p.>.Q.......I...l........9...E.;..._.q...u...q...n. ......^.....f.....kh.-3.e)=w..v..+.]m.s..}...>.,B.9...>..v`.........0..v.......y...'.=(1>.U.`...._...."...Z.Cf...KD.hx....]..?..S(..........{.....s....2.....r......7..n..n<....S.K.J3..V[...L^V...0..Bv.C.).A.K..'....0m..B.zm.q6....4*.\.....xr.#.w........RrV.S..:..Fj..P.M..;....Q.Q.c=..Po.W...F[..K.r[...k..`S..O....Ly.?..N...yq..p9g.,z.>...?....}GK...E...N.J.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{16988324-21C9-05B2-CA60-9B4EC72739D8}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37325
                                                        Entropy (8bit):7.995613211284458
                                                        Encrypted:true
                                                        SSDEEP:768:ko8xyBUOEEhdRJKntMiPqKA2iBP8Bi+kvQQahaapPr0F:kf8BUIhdRJKnuiXw8BiDca6AF
                                                        MD5:676548A070DA7D69DB501C1BB28C6EB2
                                                        SHA1:A5CDEEF8CD29DE204B19BB51B270C5F9D2A4B7B6
                                                        SHA-256:151B10F987F1849161413ACF9F922D45EB581616C1F2904DE1AD34627B313EDB
                                                        SHA-512:629CF8A24DEE0FA138BAB2240FD38898DBE74BC002FE05CD57DA250182CFA03C32A64090BA0622E13C88C62C6AAF0666F9BC0CF285769402A66612B9C0E62966
                                                        Malicious:true
                                                        Preview:...m.Q9.?g.t....~..O.c!).'....../8C.....)/G.Y..{IG.....D..AZ.4..Jf.u+.GqCVB."=.I..Y.v...Ed...............)(h...hRx.H.\...2.97....*..y..V.n~......&..p6.!...p........6i....W..e2.l"A...F.xB.q..... l)(.4..........2v...n!XS..Z.....2..}@....e..$.|...r..:Z.....}.7.E.8.o.....Vu]..w....S...~.u|....Q.=KQ4t.0.&....lH.y...d.Z.s.Xvn...=.B.w.....ze'.....\..aPL.+SRM..R.QY.....@..y.6..7}e_0.501.w...t."..dR......0.$.k.l7_q...p....!..M.\.6...YOl.j.~..-...N*6...5.-...{Xr.>m........Q.af....1k.b.>..5.!.....n.....G..>..f....g.&..` e.z3..]...\`,.h3.rP....R..e.(>.A..%..g.y.s:..#......z?.......;.Xs..n..c..#faYf..H.,..=...Ns..X....4....g....y9c....'.^.!./a.&.....8X).Z~E!....O...U\.d.......!@.l....Mu.`B.......@;9EG...,<.t<. ...UR...G.vc4.....Dxq{..7.....B.D+.....Dj..q}|....O....G.?....#.jX{.+.._. ...n.}..m%E1m.O......N...e._......e...J27 .Zn~.N..Q.X.E.I.eupk\P...=.....ho.C.".L~f#..X...R..0K..L6..>9.|....W=x.T.D..]....).=3......p$<..0..xaA>.....".E.D..........

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37325
                                                        Entropy (8bit):7.9949005115681935
                                                        Encrypted:true
                                                        SSDEEP:768:NuRTaH/0KF8oLCOeZkPGyYlfkdCL8KMQb5AugCz5AT9WVF:0Rs8oheOeyo8Krau5N7F
                                                        MD5:08949F3235442DD7F3F236F7D94D1C6D
                                                        SHA1:6BB51C4781CEED812F242DA2B1CC1F407876D186
                                                        SHA-256:F7C4D527EC52A746C312251F51D3B54C88A641A5B5C11600A8B768C3E49558C1
                                                        SHA-512:F6322634A52E0107C47F9B1C4B2497E51AA49531C9ADE7AC3F05DFB8DA122700B7C0CB6834497B382300159D2C4C1912E8B40AE21E92DD6EFB2804D6733BF576
                                                        Malicious:true
                                                        Preview:.p.~1@V.Ese.c.=eK../0'.:a.>."..d...x[./...P&Jx....{.d..3..1}........x.U<k..3g.........8..7Ie3..Di.u...><`^...m.|..d....._.......T..dT...J......4.+.{..K..............8........Ap.....oX...@@.%..Oz.".F..;z.A......q..p..x9...z.k8.w..A......>.$..J..).j.....Q..I0q[....O..b._...8 .T...^.L.].9....b.$....:..~..f.].u%.m...8...gF."]t|...>..$:T.".@.=...C...S.q.>\...I.....Fq....CY.qz..h....A\e.h...w.8@....[fr>.g..e./.7.A....v.P..).p_..B....Jz..'h3$qe8...DP.._.q..eg=.].I.....Q.q.`...t.....U../5_....;.0C$...\K .Q.DB..F../.+..6.H.WU.'..NF...n{TQ..|....&T....3...bs]...^-..8..$.t..Dz..+k......E.........]......`.}w..?..2{J6\...2.........6.Z...l.5.v K..%w4......E...{@!/...+.w...L..Ca..4......>...u....{.l...l...(.......\G.K....p...._.p........1.!..<K5......{...a.0(...f....X..Q..y....C*?.)...O..Dj.-..T.A.R5.u@....S......%#.@..D..8.h.7.O..Q0B.)n.j+9M.*v .^*.E..%.b...u...I..Xq=....c.$A$.>...>(..0..W.9!d..C.y...z..>......z.#.q....Q.x$9...6M.....*}...].Z.dm...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37324
                                                        Entropy (8bit):7.994874370310839
                                                        Encrypted:true
                                                        SSDEEP:768:zo32WZ4MWDYpCaVXh09p6qKed7V3I8o+g4FplVEk/18OBQXMDivoPVRFjF:zo+MWDYh1FedB3oGfuOBvnjF
                                                        MD5:B82A770DE82B0EA61506BB1AA597EA77
                                                        SHA1:B3E3445C0597BD5EA02C9036E48EF51448D3615F
                                                        SHA-256:5178E0B442D666BA289F01AF6AEA0B978CE0A87201642AB61090CBF65FB05831
                                                        SHA-512:36110866268D874BD3541C76CF4FC8C6D2F7C68819F05E34ED7092238CA63A552634A9C5D2E6162FEB966E6130F973A666A48BBD55A6CD20122649559598186A
                                                        Malicious:true
                                                        Preview:...(u]h.....@..x.c..`F...I........c..Q..X./...T(.a....X...sN.8.J.x...JE.J.:z..].?.r......{.(...h.AA.4...K..x..?#2.jE.`n.._.5..8_.(.!.H+...J...e3../.K..Tu.E`u...<N....Q.I.=..8..d.n.r..vy.....m....VV........;Zp...{.M......^.9..V;.4). .....SWE..su....W.Cq.9..7.&.-bP.m.Al.^. ..b.9c.<.V^yz...uI.0.gAA6.r~K........C?.\.....K}...+....F."~.\g....i.......@...1.....;...f{........>..9..4D-.uv`...E.....M.32.B@._:.|.|.Y%."{W_...$...[..V..c!E..5.. ..n..:).758...^X%...(....!%....gz..R.C&|1....am4.v...h..Z..............}#.D...l;.......[.Q[.g.R<.<.[..t....IQ..V." ..Tj..u.K..*../..c38.Dg...C*...4)..&..q.35..|...lM..p.......1f...tli.is....'W.....`...T....>.O.2...t^.u.e.+.p+1k......y....~..K...v........%1.!!.yMI.^.|3.p..leg.|..UD...t+^..^c.R.eh..n?,... ..&..j.Z...\...a+.....'W5......n.lf/.... W+gL.t(R*..j.R.hmm.$)..........h.Z..@x.X.J.....\3+..?......!4.....(I.22.'..v...B]yJ.....sr}.XW.0f..l.m..Vd9R...E....?.R.8.`.>-y6etIc...}).X.B......fp;..CX..\..CA......f..+.M

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{923DD477-5846-686B-A659-0FCCD73851A8}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37326
                                                        Entropy (8bit):7.995588471627158
                                                        Encrypted:true
                                                        SSDEEP:768:GLph2GMk+MEGyDExeGEJlUwjH50IJtscKxlAjxvFXkIQmUMvkRkY+fF:GLn2GMkPE5EwGEJjscKxKNvFUP5wF
                                                        MD5:257E0376D4FDC60D9F25C6599DEE7761
                                                        SHA1:A026B0A73DDB266A28B5C7CF58B14A7A963A4948
                                                        SHA-256:14C1D7966E111383B1BD9D78B1969C2356C9A244C0649D90401299DEB2CBE262
                                                        SHA-512:70B17766CCB9BBE84B45F5BD78996DFBE1EC9D05EC215D5481C98F007969B0B0361EE1DF43BC91899FB3D28557770E40B1086CFBFDB052787CF6B26918CF4273
                                                        Malicious:true
                                                        Preview:09....r.....&..9O.F..5...`..a:.l.sf.....[).Yl..../G.O.[.eW..Hf..@r..1...O..h>.'..CR..?H6.m...s.<..|._[......R.8u.......'..b..s84L.&...$.....7>.a.yYZ..h|he....^......5~....1=.......V...[h..<..veW....[}.Qm..;\.MH".'+..W%....M.6^...Y.../!..9....mr.'.......g....B.+..S..8....cs8<}.+.N`1-.A.\'.u.to1........"....n~..YI~.$l)......\.>.......u.K*.../..:l.m...r..y...vk....`.......?.W...U...(......+...........:....-2n.t.......#F~AE&x*..[......+!kN....N..~.qi.r~.B...!.8.O....e4W....>.....Ky.:|g..7C......".a.:.....:3-&^.g.....t..=...7#P@.;.?6.g[...ro..r>.g....gF..Q..+yRq%..y...kjJm;.....1.....u!I......\7.=..w.1......y......z.I.QA.......e....t....y...M.sY_ad....l#..".!.C..#g;...6<>....(..OF.R.o...J .v.VV)..A.l..D....f........I....Yg...J.m.c....e#~..B.sd...ra..i........#....Z.1......Y...W*ghk`(.KO....5kJJH.$......_.....p....[B...9.G....h.l...U..i.'u.y.a0.y.E..........$.`{.:A.=..v...T..nx......a.6.. WV........V.h..Q=w.$.F..+O.3g...{....h.9........../

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BB044BFD-25B7-2FAA-22A8-6371A93E0456}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37320
                                                        Entropy (8bit):7.99505083741033
                                                        Encrypted:true
                                                        SSDEEP:768:HyU0OUjTt8N7KFeS/BRtWjE5I9IEwEZWEUWCUqON3zISDmitdF:HKOUjYKF1BHWjEyudEZ52UqONjISKiXF
                                                        MD5:77AF47AE08BD773F10C3F798F3837C5B
                                                        SHA1:A6DAC2B3F9FB7306704348621A441486AB14D064
                                                        SHA-256:BA08AA92D026DBB36DCD4FB1581A6F95D9E394BC369A1AF8DC72F6AE5C756905
                                                        SHA-512:949E25A4EE35310E629D6B44738943C28ACD72547DBF4F6579072D187AA2093C1AD67D7E2A5674FC30E0F24A080DE989BCDD0C41FF2D689FDB53729961DE1801
                                                        Malicious:true
                                                        Preview:..l.N..&.%S...r).R-........t...|3...........P.....N..h3.G(..q.E.7..$6..MC5gK.}Mz.9...4.....[.a........i8......qF...[.....d.q.Q.R...03.BA\.C...WV%4.5.zX....L.`.|6*"..ey..v....o.7<.!.[.a..G..uh._qV.l.8..L..5-.MJ.p.F,..0..my<........-...f.'.rkPi.......Gv.Q.....|dw.b.......M.t.....=.ty....^z.}.u...(...H....#hp..*...=.7.Lv....?..'....a..8....../...B.\.*.H.^.p.^C..D.M.Q.O4.3.3..X..V+..p..g...F.=....J..r..6.....;.1.n.iJ.k.....x.U.z.!.Q...W..7s_..w.k..X;.]..../..."3y.T4.P\..3...C...a.NR........W...j..+..o'g.&....Vk[}.8aq(.[B...x..m.,..G$.hr..ZKN.1./.r[rc9.*...........x[.S..E..;%..""......zM.#..P.......q.....H.0..Y39..a..}.Nt&.`......B]...&`...f9....`...%...P.....F..,..... ..]9..\g..O......\.f4.....D..L .$.c..R~....I.D....6.lP...S..&^}41.~.7..o..qi.s....R...@..n.4..F(.'K..N.[%..Wb...BGn......R..4'.!.......'=.T...\.|Y...f....Rm.A..o`....T.#.....X..........1.f...7.^Z...T...<.kZ....PL..vq^.?+X#...R.fH....~..E`v....{A.....5.D.s...:..x..z......

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BD3F924E-55FB-A1BA-9DE6-B50F9F2460AC}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37326
                                                        Entropy (8bit):7.994751760715662
                                                        Encrypted:true
                                                        SSDEEP:768:GCXpguEPu3OTlya2subWOvTtaROlJWeN+gWsfw+FQsEMNELIB0UF:PauE9Tlya8iOLDJWeYiE+RBZF
                                                        MD5:8773C2F3F08ACDC06F0D5793B7C8ABDB
                                                        SHA1:579EAE241C5313DCC5DB662E5CEC2EAB313629EB
                                                        SHA-256:13E884F76CAEE8ED46EBE5F237758430B7C3FAABC6D9AC8D4597B615182364ED
                                                        SHA-512:5D3CD7FA9FA79C676F73BD35C0EA12DDFDCC2B4CA66834B0C5CC8444962D4F751AC6907233DBC1453E204DA56BBFC5186692F1DF42E7680F2526C4412B21BEB1
                                                        Malicious:true
                                                        Preview:...OX.]+`t....`U.w..Z2.XJR.....7.....X.$.*9...}S.FQ:...C1'.^7..i...8.,......G.P..'e..!.._.,.78.0?..{.......K.Z.|.{...E...[.^.........6..@.}........2?."...%qe+R&....rg%.{./..'.mN.g....V.....N.._.5.......E..[...i.n;.%AA..y..]&.G./..@5js...-6Z...y.Q.L.....Z...W.p...rD..5...9..{..4L#...^+..>.Ss..:..........@.Z.....5....O..@jH...5j.,.vV..s....]N.v.nP.n.....4...*.Ibzj....G}I..?._.0Z........ . .....O.].].:....z~...._... ,n.W..D..%lm.1....W...V.b./.....e..h..q%..5......|D.X.?.6;(5.08...9...)......}~kT..xV..7.~F.9<(C.....j.Y..td...,a.h..# .p:}]...Od.....g.6`.0.7...H.r. ._I...D!...by;vB....6e..v...X..R..!...a0y.CH...g+n. .@...U.-.2..\!.t..AP...f*..9.....l<c..,1.0.pG.@..'.<..z..p.%..w.>......Z.d........QF".'..AmH..mi... ..?"d#....V.?l.....A...S.J^<.......w..2....fuB.p.4J..1D...#.F..9..f..RN|Z....H........iq.Hw..w.......q.t.6/a..P.>......'...2b(..x.*oU....e.=.E.P.R#..$w....D.w..1.`..o...\"J.-......f..p.%........j...._....h....EFi.....$x&.`.....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C1C6F8AC-40A3-0F5C-146F-65A9DC70BBB4}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37320
                                                        Entropy (8bit):7.99552480026181
                                                        Encrypted:true
                                                        SSDEEP:768:HtEN6aeldORz+/+2f/hAe+MCeNsMYN63LK/q8gUT137PZ62eF:NO6JoaNfHCQsMY03LKC8lHeF
                                                        MD5:0965DDED0B9822C423EB110B72E1A872
                                                        SHA1:3B931B78F4B00CB50E89A55A72FABAEE72F0B38C
                                                        SHA-256:BEC879F3B742B255C97050D5E938DD0EE78F076FE705562BB98FC90768ABC1CF
                                                        SHA-512:D537FE22E31EAC28FCD040435B0484B6122703351959718DB4AB5EB1D6E8EAF41233EB2925C384CB388FC4D8725B635E19C5842B0AF24057C9E527D25FCB5AD7
                                                        Malicious:true
                                                        Preview:..4......H...../..~.b.E...y....qf9..J=...!..........%%2]0^F.w..[e>....O....)x...YS^"%.1Y.v....+..7.(...b..*.....h...ex.w....D.}......E8g..B.....@t.....A.i..}.{.......k.dN.si..j&..`.:7...Q..IQ.p;..!..U..........=.p ..Bz.2..U.Q0.T..z...Q..i..gZ.{2."..........p.16AG_.k...$.O07......."g.3.a.T..(Tq......]]q\...Ag....Zj.'...N.pL.{@tpo>2%P;...........*9\a..qZM.H....Bm./..t.8\...h.P"..e@...MG|...aL...1.3........Ox..g.K....{p]5D...,...e..W.h..).l..Ssdg....C..@2.D};x.......D..... .S..@.Bz.F$..m......\..<P.^..(.......(n...6..6(..aN...........m}=.BL..j.=...h\....PL2.R...j=.y..~,.\......g......?.......n.3..p.TP....k...9,.aTn.n..].e&..Lo*.....wX_...%..#..j..v-..g..#n.:..v..C.B\.j..I\..M...Ve..R1.M.tw..=..h..../.......-.Jq...=...r0ve.P....i.....k.M.D...]*;E3..&.(7...C8AXS.........Pdf..q.....v}p....E9".5f.._H.e.u...S.......tMB...[~......:.d._.O|D.k...Q.I.G{D..>../.......<.T.....*Pu...0.9..uy... .......P'+....-.......F.=E........C......0x)....d..a.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C804BBA7-FA5F-CBF7-8B55-2096E5F972CB}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37322
                                                        Entropy (8bit):7.994590114492751
                                                        Encrypted:true
                                                        SSDEEP:768:nTlL6VMOkYozN4KKL7Jgc4S6xKmsBwe1T+VuNMGH8gqhRPLF:hL6VMD/JHKLVIraw2/HcgkLF
                                                        MD5:3454280FC09D5243F35D3AC9832FC0C5
                                                        SHA1:69AA6E59F9F11D1F115DFC04ECD974A21FC43596
                                                        SHA-256:B587239CA3CBF93E054BBCB76D4BC10C481F149359B97C6F63E69B6AF48FCEC3
                                                        SHA-512:F42D32FF0E3F8CCE07DE9A960D6886ABBEA539E6ABD50645D360C9BB9EA05D9B9E8186B561FDD7FF52689CE7D64233AF22778113FBFBFB455BDE12DD2216E28F
                                                        Malicious:true
                                                        Preview:..d*K.\..\}5x[[b..S....\.n...Uc..l?!Xe.@'..W.u3G..h&.8.../..d..wBJ..m..@.......h.Wxv.K>..z.)..U.q.(.....]..u.+=.hC.9m2C..O..P.. ....4Y.......eG}X........V....y.L.L..K.A>Yk..e@L.a...v!H....=...5........$..#8P.!Y7w.gW...E.(.RF....Q.?..BB.yY..[ :..B........R.G......3.._..f.............0j.ql.cF9.au...!.5.l.....w....0k...2#..".4..U.."l~..N.........I.3......)..$...'.K.Ph....k;.].}..d.....|...?.....2|......,.J....?x..c._v....#.0....3.L.R..........p.1;....v5.9J..fL.......[@.9.S.....&....z....>.}..&.x..~..P.I I....b.'.o.+r...,.G.k.D..C.J....|...}0M..6q.5..C..$[J,.os.'....C,l|K.{.....U.D0.K.x.P.."03.4..-S.W...2.C.b.f.....Z.;&`..9.|PP.3.;.S......./....[%.]F..ws..v.k..T...&w..EN...H?.}.d.....0....s.M..K.}.]T...@.n0.X....l......k..e.,?M<.@R..^...$.]LI.Z~..9.T.6....`Z,;@..c.-Z..R.8.q.....u*..V;.E.R...yO..R.....1. ...PC.........g*..^....-....7....G../.....X.....k{....-#mfep.{.i...r.'pL..U!p..2v.`.`j.Q.....4...:....-V[h...../_...H4\..tQ_.}6.#h.Sv

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{DAA168DE-4306-C8BC-8C11-B596240BDDED}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37325
                                                        Entropy (8bit):7.996055957727151
                                                        Encrypted:true
                                                        SSDEEP:768:0DbmNsRjul4GfRcPULOBH3KuGSCzIRD43j64U496AbHYlLsF:KmNKULOF6upCzIRkQ4YkHYlQF
                                                        MD5:63DCFB1BA0C5E8A2E02DE3E08858A540
                                                        SHA1:5495CD433686800C985A932025D0FBDC27102853
                                                        SHA-256:023EAB6FF78F0BF387364283C74E57D6D799E2FD1FE30474F972DD3BBD484812
                                                        SHA-512:F09C19CD6565673FF433F3CAC8E479FE0896DD480A93F7F6B1DA5E56B5C1665C9EA8F2FF6EC76A541507E3AE137B85206538D564EDAD46DAE7C4FAA053A855CB
                                                        Malicious:true
                                                        Preview:Y.4g7].|.E..N~.u......N..5A...u...@E..u.*ft...|.I...3P...6.........T...=e.d...].V..o.h.u$.....l.5(....+v..L.^L).g0._.}.....m.Q........I.= .^......>o.Z.c...>]..1.....{r.'.h........L.d.%....&.m...9."..F..EV-.g9.Wf.# ..B..{.....Tl..2......V}.'.sp.2.tF......;L..".q.p'R....EMz.^......#...M....w.J..7.c.AR......r.e...~@......O!........*..vs.J.^..@..7......T^....`}L.n..._U.{...6..5.6>.k..\L._4.S>Q.O..+.[.aj...eL...?U.pj,..'..C/.F3.D.....n...DJ././..m....uX....!...l..d.V.|.............Z.~..vI.j)..ye.w];0...T..c7..=.)@...VH......`=.2.=Nf.....$.%....*.X./......X(......s..a..q8.>5.K.....>..~.S.........dU.Q...s|L../.@.#.&\..yH....B.W.x.P!.....:..e..h.W..tg.b...y..C...KL.e........S....4'.......s:..vC.Z^!.|..>.9!w#H.J.......B7......%.'..9...UG&V...p..1..H.f[.J...t(J.D.?.h7...}..!.8.=...*......UT.....?...,.(..M.Vx.U.....nBnG..yl..a.U...l..H9....s*.........v.. M..{.K..ho...m)Xk...i..].*......[S..bZ..|y.oC.P.S"..'.N&......v.-...g.m...tx...I.4..N.i.mn./

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{E7A33582-E908-3379-5368-5999454DCD83}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37322
                                                        Entropy (8bit):7.994880801932895
                                                        Encrypted:true
                                                        SSDEEP:768:qRe74st3tWMTtdsJzapDr6F9M+T+v5APnVzkzrheGPpbl8MlkF:54i3IMQenoT7PnVWrheGPfllkF
                                                        MD5:3C8F7FEAB3C984AF258105274281068C
                                                        SHA1:C555D3B345C47B8BB28232F2830C74780DABD03E
                                                        SHA-256:15B969F3B17BB0DFFAB376EA61917813E797127F9249B7477B2DDB4BB45FE70E
                                                        SHA-512:18E80BA7E12D2D8C539CC9A06AA5B1F7B66FBFBA859ED64B3C400CFAE5056363E2A16F0DB48084BF495ADCEA5047128BC34BDD6E3EABD80C439A585B73BDD652
                                                        Malicious:true
                                                        Preview:.%.I....]]....4....o..nU.....Tn.O.D.!.n....V..b...n>..C6._u.(idw0.C....Mi...R(A..=.ma......6@.zaS.v..*Gl.Z.. ~<....W.4...Gl....Os.u...^....7.1P.Qf.Ib.>aV#......?.~s.I..Kn.2..d.AP.5.f..n..Z.J....:..M..............}q.R6......@..{.p..Js......../..\y.{]p... A.....i..z.."92.f..|..92|F,.X.~..X....SA.M.X4...1....(..s.....L..{V.m..<:}...C8]......<....{\..Uc4.^.!......0....SU..~t.Cr..x...~V~.:hO.f.i...OR\.j".."..1_Z....M.Fm.........G.Vh..?m7.Z...S...!.)\.S..i9;......st.c..&=.....-.Y....*...........y.'."5*..bQ.'.so..a..J......9.z.t...AZe..<y.C........r..E...G^..,r.#....t@.j)....q....m..WvV........Fr.. e..0is.w.'..Z..A...c..n.m....S.I...'/AFzW.wy|.)f.Rr...K#..\...8..=Hc.D.-|v..Z.d......3...9.qewt+.M1..-...}.....hj~..:...........Lc....]...-.@'..&.9..^..'\..g..[.+.....\...)...A._....wZr.[..XM..C.&.g....Epr...sh\....wB....|.q)e..4.*g.g<....CBh....Vz..*.ez..^.=.......]....S.2wo`....a...Pa...]CO.Z..'xE..ZN.fQ...2...r...3.Iu.n!..%........%...jPf..C#...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{E8B84CFB-B069-BC13-F88F-170904F645E5}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37324
                                                        Entropy (8bit):7.9951129506440255
                                                        Encrypted:true
                                                        SSDEEP:768:FJXqW68Tn2cYqKQ+1r9Tlg5F+pHXiue7A1kQ3GR/o5eJickF:F5k8a0+1r9TzhDEoWkF
                                                        MD5:131018B1F20E87C4198E30727C0EC10D
                                                        SHA1:E7B6D42A33A1868642A4E8B96F16E326E80D83CB
                                                        SHA-256:3E7EE5C5E5BA1D614CD73207E29396AF9E3D086E6D74E5C19D9235DA26069F58
                                                        SHA-512:3CF5C594F842B18CDABFA0742F1C8064B6BBE353FDB48DB3F2B166906B1657F0B1DD750133529F6A79A7094A9E4D69ED2AAADFD508FCB8F76AF606C63D72F02D
                                                        Malicious:true
                                                        Preview:A.....B..%^2.'..M...3{#x...#"rP.......uT*......<uql[..>L..^....I........&.Nu.l...K._a6.)....py.....4..u..v.H.}e.p....*.p..|..w.b...xb*hx....5.z?.{.q.0...5.LEQd....++.......z.....Mi..w.....g.Hz..S.G..[w...s&..!`..Td.5.r!.Ou......yUp|...~..\T..T..Ag.[}.Y..i`..!..e...$1...I.x.E..&..yaBmZ....,..8..f..y.*...*.r!.)m....z.-..:/.UuZ...<F!.7.{.u>.....xR..4..O..xf.`.t.w.V.gl1>c.bFU.jW.S.moq........._.`...b,r;..2..C.P?.rF}..d....u.d.b....@...t..8]z...X..}hs.d0>..v..Y.O...,g...e.q.2cLw...<.&.}.5..R.:.Y...$'.:.P....\\y..7a...P.'.f..c.I.....4a..SKiY..Rdh:tk4...{Y..I......=.\.h.d..x*,4....P...g..4`.7.............r.1}n...........u..........f[....z-p...........uL....r.2.d/'P-uC..c...[hc!X.?.R....!e3...,..#7?J....5.K.*!...i.H...y.x....KbP^!.2...$...AY./.S?oN...Pe..<^.R.~~z.0;.D..].2..L.....d...+n..y.>....S.N.H.$7.3.I..g.HnJn.+':.v.)....+..'4n.uq..h=D.X..z".)T...~X......DXE..[..9.)...?..T...A..J...3X"..v.."@%..i.0..8...[`....J#h..Y..=..............9.rx.c.Q].....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{F1118828-A0CC-5FEB-85C9-DBFFDF98434A}.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37322
                                                        Entropy (8bit):7.995370223632051
                                                        Encrypted:true
                                                        SSDEEP:768:dbL4pT8K1op2kTxShcm5n0zTsDkWrzWN2fZqrwgLJQw/rNUdEsIF:J4pTmp2kTxjm5n0zgDkUI2fX4yCrNwIF
                                                        MD5:8CD400DE04D0EECCB427A34C443DB4A6
                                                        SHA1:170FE5687BF48BA493403EC0E9BC7C484CF5D2D2
                                                        SHA-256:E39C7196ECC5189F37336AD559DC13CDE5F6D7A0E7BEE43BA1CB4B8335FE1BA4
                                                        SHA-512:77BC238CA8227D81093BFA65012343E22B434077957C3931C07D623D9946C341A0045A8F425610924C7F0127DBFD78C8C4003EB9E805CBF221C2FDF1D6C4D05B
                                                        Malicious:true
                                                        Preview:..4?.%[..A..}..3%......Q..../..n.Q.l..[VTnS(bx?l....jE......Bhz.6Y...4@e.4......)3.l.\..G]..].i..$.-..8. 2.k.],T8!..b..epkb.O'.o..^.....}Da..k.h..........!.....L@..B.q........m.vnb..l.j}.(........%...0....J|...g.b...=p,.7...FRt...}.z...lz...8^.@.O~..1..[...9.l.-:;.iY.......4.E...U).L. ...A.............^1}...3.@...;w72..".>...R.*....W.+......7..'m..s...`...ZT...O.DD..w....u.}.$..Nc...I.sV.<..a...A.2.....Euj./~)...$.N..D.O.......Y1$...\....A.).6W...>.H...j.Am...b..u.F..4..'..e.Bz..vI\.!......[._.5.......0.*....&...PW^..Pd..1j......Q.j.p7.Q\.[.IR..R.)..;...DS.....k..D..|..Dd.HsG<.5......(.....A..s...t.....W..qV...........=W..:.Z...]r.3.[P..<..U..0s.e&...t.......C]...-PT9SzVU8.a.o.=.....qw.N.f....5`..............`.VW[.J.=...c(<.P...R.w8M........W....(....G..+.c0..&...e...o..U..^e$M6..Wj.H.....b_".....[......=.z.7..Yc.7.p..s^.:.o..a32...@Q....I....c..{.,.b...t..t..9.3I./....FXi(E.&.8./..yj.@..A.zU(.B.V.:f.Q...=.%.m7v......S.......

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_BingWeather_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8175
                                                        Entropy (8bit):7.9754908341664805
                                                        Encrypted:false
                                                        SSDEEP:192:qToQCOqOJwdlhJtqfpk1b8xx7zQAnHsWD2emm+fMgc98u1obKwF:qTo9SwXhJIxkZ8xx7MyshDREg/u1objF
                                                        MD5:35556C8631795BAAF0745EE6B1852B0E
                                                        SHA1:AB77805F5BA60B323AEFB90739EADDD84711034B
                                                        SHA-256:093F424C9B3D71DFBEAE0360D4C57D3E7D72CB8E81935F5D33D52B3794441F94
                                                        SHA-512:34E5D63093024F9E7B9E8DF711024CB2640DEF6512C726491D9213A1B69E949EB1E6D02A1094BFFD05C00926DA97615B9BFC573C4FD6F6C1DE4EA54A6C542531
                                                        Malicious:false
                                                        Preview:.bj..VB.c.s2.y..0..._Si.G.X......Ax>>...b.!l.#..m."....C.:G.+i5...c.b..E}.g.......s....%..W.R.J.Y+.z.c...... .'9...u.j..j~...m..(..jZ2.*Rx...kgy..T..Bs..a.n.-..i.+X....!.......6.W(2I..T2.cS-:wS..:&.W..K.*...g,.y....M..qIY..3.H..g@....Hn.ZBOt.G1l}Tm.,H.h@...|.....E$......[.ShxiSU.w..(.]@.v..0p.:.;.8n.op.e.G.....Y....4.|.....Lp.D@...2......V.F7j.;)>..L..a.R.f..........+V?......sW*Z.T.?.G%.0..5..o....C"E7e..K.a....5..J.. f...I.. `....:...PU..H..\.........}.dU.^D..r...g..;*W...yk..u.u.0.]...~.jX~..?...9.wti.2A.U...1s%.l...............x...P.E......'.?...@k.{....5=.j'H....[..~M}....V..L.!T.C..=lN.fE._..Nta.O.r.U0....d....D.6X.\.|vVu.N..[..M..$e...!5C..r.....3.y.......@^...}....%.....V.g........kr...;#..X".b*.j:z..nh..uQ..s.z..k?.X...[..l.0,.q..P.?...xq\....M4n\.....?...p;.%.#~..$b...g..M...{...`#.J....y.."....b.pX..&.,.c..Ym....Xi\A..!V..E.....^..K.,.S{...=...6.9F..9#..U..m..\..W..?.A._y..G...+8y-$.dh^*.V[.m-.O.y...nEb..H|Z&.x..B...P..!..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_GetHelp_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8168
                                                        Entropy (8bit):7.9800698034970425
                                                        Encrypted:false
                                                        SSDEEP:192:C2Lvh8TVEvYeC+87qxgZZKqhKdCS1AwxKpWtMIFQxEF0qBD2qnZtF:CkvqTVEvYeptxgaqAHKpQMqQxBqBdZtF
                                                        MD5:DD49B7882BCB0534EFC97DC78B5D738F
                                                        SHA1:F834F407901839643460F97C752E847F6B803EBA
                                                        SHA-256:CC719AEE72CB1F05A53E4CECB8274FD02D9A17CFEA05F8241DBFAB2350322F55
                                                        SHA-512:D2D7A8429F0F8F600644C8DEDB28DE054E889498397DB8DD59884D53AAD30C20459C9211F7F840D7EAC9A7DC5BE5FE8BC7A30AA2F7CBAA9FB7A952C8B9A0BF38
                                                        Malicious:false
                                                        Preview:.-Z..f....*T:....5.@.I..c.."Q.m.N......f.f.K...'}u.4.PD/.Ir...T........|..a.:....L.yO^.[.f...p..9I.......... ..w2..A..B....=.B.Y@.}..Du.....7..p|..`...P}.e..g<.ic..../u...?..K...m4..,.sXK7e..O....=.....N........@.1s.N`.Y..........x8.oP.&dlr...>...zS..V..kd~N.)......{..U.rI]l2.@..&.._..~!a...X.......00....P*....2.........S......~~.6....{c..sO.5.:.+..LS.4.lb.0.O!+..Np...5,......Y...5...).GT:....).......5,...0.......1=..........~f..K.T....).H..V......a.Ga..J.).=.o....6!.b..Nf.&...Vz*...is..<..y\.*..'..Y}*/ZG........rwE`.1o.fV....v.y.q6.Gui{!..t...,]....N..p$..w..H9G.5o"o.....+75.Ec.J...e;h;Vd....C.......u.W..../..J8..9w.n.....H......%9.@\....g.... ........X39.d]@..:.r.[.m._....~h......Q$..>!.|.d....M..|....I..eO..Q.3b. ..|..+.8."].#..e4..s.....Nw.0..?.`4.'7=q";G/...>....6.SEF@..6.?IyT......J.y-...0...Y..R.`?@.#...._.....(_{;......*dd..9.B.!....X.'sO..W.....q...{O/...{=)...>....&Dp0~N...y..|..1k.G.C0..a<.#x:D..jZl~..V#.9.;....m.Z\.n..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Getstarted_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8170
                                                        Entropy (8bit):7.98178907311943
                                                        Encrypted:false
                                                        SSDEEP:192:Kc5vNloKtOiXWzqBP0kyw/q5MZ6s/Bn96pkyaRm8dDD/ezkjF:Ku7AikU0kO4R/36pz6GzIF
                                                        MD5:0541848F11C7C0ED29C24F75FC401DBF
                                                        SHA1:3A39635777CD76902C0A50F7C4A6EC955D08446A
                                                        SHA-256:3735B6A2F7CF0DC851ED4478C44920B381DCD53371FA1DA6C1981954A9D2B0F3
                                                        SHA-512:6C7CC2C26CCDBFF09A48008098A95928B5D84BBE6E43BE55ECA6B91DEAFA0742B4E8DC694518F83E57ABD9392758B7642AD007BA4035F46C3CC7A18B59476395
                                                        Malicious:false
                                                        Preview:B.8...4.....8......"..b..w.t.p.....W.Q..99D.....8eJM...XGu.....<.)M.....W'..:...>....k..I.C)=..c6.&.....%.d.....-?..D}.....oQ\i.|..z..!.....0.g.?.(.H..7fq..[..^*...%.b.,..nw..7.7..!..${$.F.lK...+=....5...XU$c...f.n..6S.,Y..rF.....P2.u..;<5.".....e]..y4.-.{c>.o...s.)Va.....'ub\...%.Q.2L%=.hU.;&...81..C..-1.o....lGV.Qu6..5~[....j..g./..[.......a.<>........u.T[.l6...XDU.......~r...P.$...{...a.*..m..W../...B....v.;D..O...c..L..l.E.. F._........vZk.Diu......9w..s~f VY....<..R..;F...F...B.U.i..,....7x07......aO!...$...xO..a...w.{EC..a.l....)TY.d1l/.+<yIV%.Q..'.[...1:.f,.F....F3>UE...s.5.....|..+...D...>/.......f..a8Fo0...B..s.wu...1.H.5.}7I.M.!V..D.)...P..s.......-.,(.5..I%&/.-...}o]....~.8.0.'|..e/.f...U....8...Jz(...[.`.a......ufH....OJH.._~R...z.~...../k}.'L.=O1.."..B+e..q....b5m>p.....k4...T7......i..}...6Q.......j1l:.f...4nNYge..i.Xe........]...v<.r.5...V..$.. .._%.[....!.....z...Q.Ue...w~.B...@......r!G..$.H.......y..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_InternetExplorer_Default.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37285
                                                        Entropy (8bit):7.995413573206959
                                                        Encrypted:true
                                                        SSDEEP:768:nNyvbFZslNrieS4zk+UXjkFtOLoNMXUtDEtxsQP4VLiTtYL8eF:nIDOriea+g3UtDEtx74VihWdF
                                                        MD5:834AF22AB419AE58CF2FCE589E38A687
                                                        SHA1:39E9AEF78309D3520B3D7D4A303EF43A7020AA10
                                                        SHA-256:4C38B6938C7783C3D3C2291A0665933A9C6F873F1B8C847E938984B786F97500
                                                        SHA-512:AB5F86B26B2C1B1D11DB8ADCEB3DA8AFF7621F0A3239DEA7281AD8947C70D6717FB3DF0A8E11ED8436365B59AFE2013ACAC989D639C1BC2512B85998EA9B006F
                                                        Malicious:true
                                                        Preview:...0.0.."8..k...2y..d...7 gH......9..P..-j...e....*.rO.r...|5|=.o;. .$.kU!Rd......b..{\..<.G..J.J~U..@q.A....I....m].}R..8U@...ng4.Y.Q...$.\..2..7....y...~s...2.T......./.(.L........i:9N2.'G....Y...r]i..PY.).4.k.Y.B.x.J...".....Z. .m...m. GB....v$.J...sk...j#.m/..}R.?..t....T.#gOn.,.d..D...l._x..Z..V.|%.X.@{u./..n_.....4...t...u.? z.i.$X1.p.p.....'.....X..............D..F...[.......Q....{.'{..9rN8..iw..>q..f3...7.".d.U%....~...if.p..7......X..t{.,......I3.e....?...9.^.....a.r..p'!.k?..%!.....-.6..LL....X.a..&G......0X.p...c.K>0.....{.J}..,........t..F?P#nEj.W|T0.~=...+.0........a..J...o.?.T.Y......33BF...=.cE.6...[...e\.R..p....(.&M.....(..b..-.k.6..~/r........sp...............,@.[...+.$...s,..V...@...0...(\A...:C%.b.<.R.8..dpB....=..x.J..*1x.Hf..s_.V..Xx..,.%l.4...%Jw..../.[........U.-.cj.T.m/x..$.0s...."..O....R....!..>.....[Py.O|/......c.(... ....K.$..pS>..B'...1.V...'V.[.....O~...#X..f .....D...}..1..}..1.S....3..*;...r.I...<f.`....[..'1

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MSPaint_8wekyb3d8bbwe!Microsoft_MSPaint.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8167
                                                        Entropy (8bit):7.97776336819013
                                                        Encrypted:false
                                                        SSDEEP:192:Nn7+Acg31XOQR+jWkZYUddJgsNuQd6Gv+TvU6NNSx2n1ohx2F:Z7XcO8QR+PiUz0dVL1CX2F
                                                        MD5:EC26665EE3C4FBD811F114003F754C89
                                                        SHA1:11598C1A18255536E261469F76B88C36D4ABF2D7
                                                        SHA-256:1A16E1B87CC082F221339B1D519E5041F455399721A3E9422153868F11D0ED79
                                                        SHA-512:8D2EB0722A0B8131705A11C363A0A720D98BBD63599FD221E12B9E52D9D3AA78B7EDF0E6E97CE91DB2EA98C6FEFEC6DD22C711776449BAD56EB907029F7BF9D7
                                                        Malicious:false
                                                        Preview:......`.b...I|...eD.=.(.......z....{^.r...0.GK._o..M./........:.....9.F.....+.Z.e..0Z..PL...;..5....u!...(.2.......i..kbh.,.....(q...T..{..."..?>.#2W.Za.R8....oS* .C.r.h.8l.....~o..-.$.....2]..l.. .\&(4,V...9..F .R..pr.U.N .Km("..P.y....6....QgK..sI.{..a....DJ..$...de..cJ..H%...TK....R..[......9{.f./."OV.kW......("...<...:......=.0..x .......}.{.%S[...C.....`F.."f..\qJt..ii.d..[)[,5...p..^.p..."...c1n.?../K....`....E.b.......5..$....PT..R...J..9v+}/M..:...F..t.PX...F...`..<.J.........6...N.H....:..L.Q.u1.^&0..2.<.99..c].;.i....\..cB'...@...jOXs..%..;[oD..7.\f..K*k.v..\.+....).A.G..j:.....g......[.....F.!....X........>..?..`NrQ*...o.)....f.>+.]..?(V.w`.UWj .......Y@...{....x..J..R.\...T0z....T.^!...i].<...c{0?..5.2.[o.tJ.P..6...L*......^b....9.!....{..;1.WoD.....2...<J.V.&....i.1....y..?..T@7...^SKB....N..(ou0E.....H$.X...A('..._Hg..1_[.h}|.}).I.>4X!a.r.......S...\F.._v.$.d3.w...+.?..O..{.[yc....k..1.}K}dM..5v#..w4..U...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Microsoft3DViewer_8wekyb3d8bbwe!Microsoft_Microsoft3DViewer.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8168
                                                        Entropy (8bit):7.979486239423299
                                                        Encrypted:false
                                                        SSDEEP:192:O6l7TlZfogY7uIp4Lt9V0U779cpDZ8ndLFvOeF:OyPTwgSu4w0UHmjETF
                                                        MD5:5DCF3F80A6C98F808AA7966F2565D162
                                                        SHA1:41409D4A53F077D1CD2FD929325FF811F4ADE977
                                                        SHA-256:BDA6BBF282506F838999BFE23709FD7ADB242534C29F67D2D89622F61433B7F6
                                                        SHA-512:49D48951168708B5B6B1928013FE6680AF4B0A20CCA6011A6BFBD7064C4802BE41A9359E38A20FA365579DF536CCC8AE62D00098E7C8940D853308449591C91C
                                                        Malicious:false
                                                        Preview:n..B.qS.6...H.u(.....i.2.4.....s..Z.S.D_,......px.....d....?.....Z....B.xE.,....@v..%;.H3f.($.u..".Wv......g...]..1...>8..2q5L*...Z....*+r<...H{i],..G..R..>.f...^.AU....^!.2...G...".......".h...YD-..#}.*..~\...z...%..J!..rV..}..+V.._ ...).nA*..db.]./.y...bH....>.p.....=.ux.#..].p..;.y.......xs..N.J9b.oR.H..91P......5Bl...m....z.8..1.@B....>...I...~P.e..T..$.i6.;|s...Io......1#....rK`kK$C6.;..j3....../.hu.QN.k1c1.8./"...83.Ey`l.]....U..uu...=_...8.PS....SE......B.".i...`}(b.s.P%......`...2..%...{h.#<o...7..1..{.xg..\@......bf.Nw-....}.(....D..6.....K....U.=.(E{]4......W.x......s...(.]o..U.6S....V.e~v! D.[v...l../1..{.......5..A.6yF.8g...,....`.JF....}...G.vKH........ ......CQ.s&).D._..].$.b4O..g.6.^....p..'..1.....R.3.C3.p..B.Q./.\...E0;.,...&J..5[W...w.t.....[L.......$..m.`YD.....".....<I.{..].zk.>Td...%o.w.D.RB9<..\G.g.a.+.n)q*.x"I....6..]..}U.22.'.%.u...N.N...$..t.TJ..P..n..|.....q.*<...U....O.(..rYF......F....R.h...f4BP

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft_MicrosoftOfficeHub.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8169
                                                        Entropy (8bit):7.980181888169461
                                                        Encrypted:false
                                                        SSDEEP:192:34PHnPN1npe5L0DbtrTtclDhDag6bQd1DGwyQashObaF:MHPGAtPal1Z6qDLmySaF
                                                        MD5:ADFF58672821804D4994776AC9773A54
                                                        SHA1:6110738A5090D2D404B3182B6CE856D3DEFB7C01
                                                        SHA-256:D7DE978DC250123425D355DD2788B6A889B272EEC18E1342A1176B421F1C2C37
                                                        SHA-512:D2A3F37A8AA4D93D9E69A5FE5098E2B904C4B6EA73072F2264C91F809CC0E502CDF255F8B3A7A2169C8ECD7985DE007DED3F507D1B5CA0AB748ABB1731320F2E
                                                        Malicious:false
                                                        Preview:Y.q..0.Wdb.e..."0...f...,YG)....L..1...;..J.)..PD...i.@..$.B...].E......#..:l.#}......6.i...B.p.\. .9G...L;..&3I..Se.q..R...d...SxX..V.u@%@.P.G.X..Cv..e.z.oy.0|x1{...e.`.Rg....h..&.6t>..QQ.<...\.},....[......I..WW..G...d.....6...+~5.R..,.F.H.#^-y..4...}.A.T.~.}.on]...{....sR.<....O.M1.......W.^.._.k...|*..`.OTK...{..B.Q.H..[..w...To+|....w.[....G%.C...r..N.-...[j.......g-#.....>..I......L....8:.............5..*8......kamtm;..Y..L......Y7G.....J..d...:#.......M.V.kw.@(.eX@EIC...=.j.~.....V...5.1.s..?. .T.....M!N.P=..Q.?..p.5.o._..AuN?..e.0..K..F..M..M...)...GR{...sE..jx...{..v./.$G....Y.3...`..hr..o......[.3.>9(...No.3...-."A^cv.M7....{T ..b.!ZP.R....'4,.].M.)i_.L.*@......K#mY..XA.Xl.p\5miNi.9O.[b...h....i.6.`.i.n.vI.H..2o..Q~..... ....H.*2..70(.9z...H~D$k.s8.........P..[..=..%..VT.S..?/'E.-b..!.V.V.. 6.Q.N.Hr5e....y..M..99.,|N..;.,:._Ch..<...w:......5.>.K....._./..v.... .M3A....O..|....Y.......|.r..~..{q((....+.....0.....G..4.......U..'

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftSolitaireCollection_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8184
                                                        Entropy (8bit):7.978773402537784
                                                        Encrypted:false
                                                        SSDEEP:192:EFEJUAAdkwfR9LF+FH3dUckOBoNQoz0HKZ6Q6e5aF:E6J/AddLF+ldU5OBaXiA5aF
                                                        MD5:F0A607FD346746DB4B5083B4985F536A
                                                        SHA1:C25D85AE84200648758FEE807D0AFBB3C56DE52B
                                                        SHA-256:DFFE7DD13E7EDF1EDC257686B0913B52BC67619EEB7FB461ECFE5B7B745FCABB
                                                        SHA-512:66BBD5BDDD2352A71BC3E6AAAB988D1E30854B7C389839CDF77EC528D38E9963764286DB4EA522F43477E4BCA618EEEA3B663F10A6555CA18B1C56B9E48384BE
                                                        Malicious:false
                                                        Preview:....BBl.V..#VL|..l.....m1...V........!.I!!..0..~.......J..8.P.0X`R.`...J..%s..H...}.......v^.}.~....vSIM...;.j .p.(..vVs..:.v.,SgV..p.L.'.K....D.h...=.....0.u.D.........s.(.u..?......S.e.....-.Y4.........kY;R..m!c..yn.-......'....Mz[.P.....FR..e].z.~fO.+x......Kc]y...U..51..4.s..M...zeg.(n..;/8..).....1..p...*.?(P.|.M..s.......}..N.G.|.O....(y.9......H0....=..g.L.Pl.#.."1,.K.f...U....QjE.y....nI..c....R..m.*8.g..y}"{<l7UB8....z..3..f.=Go..s..K9.W....l;.2..0.......O.......y.(Z...1bnC....]J..!hC.M...9...]I.%.j..pi..................B....*.j!e0........-U..m.\..I.;..0.......bQg~..7r..........T}.f2.Zg....\y.^l..h}X.:r....{.i....Q.m#>..0B...U.P..~|....b..sKA.\../..&J/J....,.....A2..c.M........,.Y..q..D.Q...7e...q...NX..Z9....s*..pBO...pp..U.m...;X..vdKc!..~.].p...y.M...q......wx"..,.5.....?...p...R2.#.p.f.b..L.....Z.K.a......c\|.."...b+....V..a.cb...[....Th."*F.,.<.GE.z..b.?.O.._A.g..}.fm.&!...Z.!0Q......{E..)z`N.f..j....X.)2...$.../FF8..zF...%..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftStickyNotes_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8172
                                                        Entropy (8bit):7.974531561443379
                                                        Encrypted:false
                                                        SSDEEP:192:aJs7aLroBHROS3ADHQ8wB+ZM0JWvldxpBiG0F:DuHMHDww8wVzNyF
                                                        MD5:C3EA5715C89C6A48925E07EB5B002145
                                                        SHA1:008A9E2DA14E33FE035259D3411A60A8DABA672B
                                                        SHA-256:7A3694716F83AE85B961A45A9D3C792094930FA2CBB176110765D44EAF574B60
                                                        SHA-512:0190115166DE3E9CFC8A963F28532960FB698552AC99AEF8F65EAB9F45B03EF4BAB4F971D799F0C077C51BB8001F47935C5398D1BDFFAD4054F76586D284C203
                                                        Malicious:false
                                                        Preview:.1.H.........)..AJ@T.J..49.;.K~..........Y..&.X3..d....h..wpDxtG0....a....z ...c.I.Z`}..N.c.....W........f......w...'|..Z.._w.6..pC....J......=.....lm...w.'........7.+5.6.:.....e/.P..ZqP....W.N..gP-.A...&m..'o.,.A..*.*C.p#.....<.v.....f..L..v.,....1.`-..^/.].C.t..6..r.f..w....5...v...e.G....$.(....%..Q\..:xK.1..i.o..q..z.9M...7jW..&h../..S..e.GZ.3Hag....t\0..;t....$+O.'.]q....p .G..(vbN..f...H6.....8p'Mav.......v..%U=..{.$;..&(..=.....Z2N..de...[.f.}..A.$.)O..w..B6.e.g...E...o.y2.y..D..5.{.....1.).........EjCky........3...Jx.'@..9V*........VCj_././Qe..o..E.....+.^.Wt.....3d9k#.TF..T.>..w!d1.....7.....O..V.....]$..k.b../.c."G).....Z.H..',EjxC.j.....q.m....B.o..8..i..P.E.m.P..U.j...tx.A..|'.^n;..3z..c...J=...]..{...1.?.D...7P......7..F.W..2.....Q..T+...[..<...y:.z.>...X5.7....B..N.\M....H....l.."..9...-INq=h.e2....1.e...u[.2.i.2....m.............T.....0.~.b.{..ug.z'..~v..@EI.Y. I.R.(&...|k..i&l...Q[...zR..v...r.1.z..h?.B..`.J.DN}..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MixedReality_Portal_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8181
                                                        Entropy (8bit):7.977159874434258
                                                        Encrypted:false
                                                        SSDEEP:192:81jmXfKAn4IrHq2KxYriZDuoGxpR4uoOhY3GDXF:AjKyy4IYxY+ExpRUUY3GTF
                                                        MD5:BAAA2518F0E5D5A9F88E71DBAFCB8466
                                                        SHA1:D31041A864CF005677B83C7E75B355DDA3A497B4
                                                        SHA-256:33B68F792C5B4DFFD9265D981DF9625E91E1E135E9F736D93EBE0BFBDC95949A
                                                        SHA-512:00C71EB10875637AFBC2997E3E3329D6F67A4C27B529828CFB8BEE3A901729DB47C3C0F76F131AFE1CA62DF6E1869D2B80DB133976B40A7677E8BA9D6720A1F1
                                                        Malicious:false
                                                        Preview:7],..>...U..(.......vd1.X*....x4...H...]E.R......Il[h`....zL........i.gNp.@N.r....f........b....C.>BB....H.,!en...v.q...[h.zk.K.&N...P.jHyr.Q.oL...U..'.........t~..Pr.*.......U..d...$2.\C....+.....v2....X..eeP..E..Ar....wJ.*..yi.............sY.Wr...(.u.g1......_.......K.w.,..s......yj=..\.).0.\Wm..1.wEdPb. .v.B.w6..[...9;D-..f.Ft.....kr.....d..;..$5.G.Z..G].....]E..)..`.u...v%..9.U2d.P^..x..+......l..X..<..[).~..K../....R.cZj.I;.\..o..,".4....O.%.......fa..]..1..u.....]..&v.u....FU.2x.0.9...R[Ak..t..M_..F.?.Ji{....H.o&w.<..-..{...YWZ..\.._..g.|5...v....CI-.E.<.Y....;.....&.....H......Up.a..LI.B..7 |#~.a.m7L........5h.9..>.P.m........]N...%tO..T.........W(.s].aLg.}.......lz.l$..~.Q.<...b...-(. ..A......{..I\.6..2....Yc(..j.lkf..,*.S......... ..q..=n.8......D.G..D..lm..4N$v..^r...E!kR.s.p..1M.......H....Y. ...k.^......1I...+.E.e..f=}h...ot.'....*.A,1...G...I.....^.f..jS. Og?1...a... .r. ...A.h..1....W.$.j...Fo...`iOq.Y4.3.l

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_DATABASECOMPARE_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37289
                                                        Entropy (8bit):7.995318110385218
                                                        Encrypted:true
                                                        SSDEEP:768:l2jub/X10LDh0KcP7276DtgcfcCk/7QqL6OfukCF:ojQ105nwb2Rf7t6wuHF
                                                        MD5:C5864337376D906F08D85BDC880EDC2D
                                                        SHA1:78B32AAB12497C4F5AF13DF1466A93BD88EA0B1D
                                                        SHA-256:ED72A6714E119677889604BA77A3DE4AA351B5DA226AC32A8C7E2249A5E9D4AF
                                                        SHA-512:50524434C5A4D90A1B6BD6041F53B5B34639756B3A0536ED5E1D9776BC9640F4B4511BAAE516846036724CDD9CB9D414A24FA464CF5DE358C7EED4F089B53244
                                                        Malicious:true
                                                        Preview:..1.1iw...4...+k.L.....f[.R`..-....M....[..^.A..(.Z..`E..o..*t>W#).M../.L...91.ZT$4@.'.h=D*+l.........`0\.h....Y.M........x..f2.r.g..H.1.r.../q.;........O...H.....92...2...ojAAy..Y.7<....g;s.....A..{..Pxl.?..8!........#.].G..A..5vs\.x.K..QU.&....E.LK/..Us...B#.... B......9.eq...{.i........^b.]1..0m.................]i.....&.....e.;:.$`....._o+..&e.. .l.Ky..'........nQj~".....'....g.....m.5E=..o=.w^....#.7..B-...V^,..R.P7.B...<W2..8..4..rF..".i....:F'F........O:...3xb...z...T...i..%~o..I[O{...t.....q(b.O.A...S.....p..>qa..E..e.qt./.......VSQt.xR..y.<w;..>...Z../.....|...P))..........@...?.|Uu~....".C...T.iA...^r,4S..c%...l.c0f..oX?r..#r.....p.3..2J....5L.<.jn{=..q.....S...t.x......ibc......9p.....\!.Ga..l....:.....wN.4}.......!.............]...x.D...>....gqF......C;.....+l.Z.}M.q.%..Bj...w.]..;o.H..[<..m..\#s....\.5.Z.V..B5.9...,....d..P..0Bu9J...5X..V...65/.....-..h.N.x(....0G/......;...>9Ot.6..].... ..6q.bB...`.......5d+%p.-......<X...........

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_EXCEL_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37275
                                                        Entropy (8bit):7.99483326981698
                                                        Encrypted:true
                                                        SSDEEP:768:H4iho8wIZDtdi8Gvv3xltKI6Rm8oU3HcWWFWCqfwn39Ri6nGF:57RtdiBxzOm8oU38LqC3XiFF
                                                        MD5:BF41EE2A342AAE897A0A12E04CE46B44
                                                        SHA1:973A34C4F88FA2C79035E110CFF885A92F7EC060
                                                        SHA-256:2ACE21AC275492BA9657E3B27531EC6A4CF7C99B948C058EFF6D9C6100DFC2E6
                                                        SHA-512:F36151BCA6D6FA04D557D2796D8D8D505CB375371F5668F4B5EB5E05960BEADDFE2B2CE30F500D282EBD6A823C948B9FC4A2A650CC9C71BC108D71402217B39C
                                                        Malicious:true
                                                        Preview:=...../YR..`.].-s..!0...N..@t.....E..x._O...$7.........|....'....p.r..#4`....m...`..}....Fe...5...Xg@8.l.....IA...w...^,.../.qW:.`......<.....\.rP'.P..............c.. p.fH..6.R4&....%.vE.z...^.,..f...5"E>x.e.R..w..1q.c?......\..'.S..}....'..:5U.[.,c.hW.^P.... |...>q.....0..$vP.:..........W..V.<..W.I.{u.....7j+.Z|g(..e.09..,k.+.....va..T....&...4m.<.....;&DA..7"3.:"t...q....{..jO..`...P.WDI~I'#.../R/P[......VE}%....N5b.....c.."'f.)..K..o.#..~..+WJ...C...Vc..P.0.u...,m.Y...V.aB...o..9T.....^~$.*%....I.*Mh^.+..W(.;.3...=.Hf}'7.S*.0i.....!..&.dH.M%"...&&.7.4)..F.V!.m.....X.e.\K8....C..o.'uT%...g'...x.<....H....p....I...K..:pR..-...?H.q.".U..~..R..3^....R.,z..`^l......@f...HtN...d..7...X.K..\g.'..K#......\.3.....|}7{Jz5.:I..H...<YE.."6.D...5..a>..%..:....<...;!.K.....Y..*4.i..%F.W..i.R..N....cG.....?.L#..A...*..s...<..........Q.".....&&....~tV.u......0....M..]D.OW..7........l..+.\........I....w.?.U..eh.k..#....".u..2../Vh..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSACCESS_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37281
                                                        Entropy (8bit):7.9942539781318755
                                                        Encrypted:true
                                                        SSDEEP:768:M9aEFGbtxbeLaRHGlizzttcOnnN3kpFDdjogBsWzpDRbNv1cq85keCrFpmdF:uaEUzbGawizz5NUp/NBDRFGqXUF
                                                        MD5:38188ACFDB22EC3565570388104C66D9
                                                        SHA1:56C573321BD20381852026D011C4D2C3966C6042
                                                        SHA-256:8FE67781298720E95745F901B1A9A6EA752D1F64E9259F0C5D7CFF62E80DAF82
                                                        SHA-512:AD7C0EF01F8AF0F8988FACE22DBBDF0912A2C0D920D5A783D75BCBD0A5B644B8CEDB03604AB4AD035AB020B1F3FA5F699C93AE1D31A03E88EB40A604959C04E5
                                                        Malicious:true
                                                        Preview:O...........&[d.Q"._../..|!.m...e..]Xhoh.pO.....YGr.d9%Y..^q.>..%&.'....cG..Qe.K...C...P1XE.....HqO....O.i.{....[.Z].CtB7.(.'.[.y.&B....H.ls.*E..........5...+#.x.~.}...;..g&......^.........q.h.K.O..XzXC.m"v..R......o...R.v"C.....V.~... ....#.".....^...N.jv........_G.j.3..m..a..k.......\.5.v3....g... ..tN.n....Y6.f.K...G(..K.W...4.$c.....X.B+...x1s...c.....k..Y.Y.W..|....4.c.H.N...k.[.....B*G....l....Z9...R.L.0.\.Ut...n...0.#....@fu.:?....h.E....[...`..i...7....w`..A....D.N#'..v......q...<Dc..H.%..3........9.w....r....L..L...P.o...t/.H..k.w.a..YC.....8..G.&#.u}..e>...p..xG..$..<.~..XS...>.s.c;I...o.W.y.M.#....N.F..~..f{..a..p.q.b...E.5.5....ntX...N3...".5...p.HvV...A..3e..( ....y....1..|.........d!......8X..B.|z.....E...z9E}..2/........f.%]......+q.......aE...%..+x..4D..^...V*..!f$....iV.X=..Wl..h.p`.5X..\....T..\xK.p............G.\[.x..Q.o..l.r7.&Jz.q*.6.w.z.Q..Q..J.-3......%).9.E...&~....}.i....U..[.:<.69..,..3."......'Kv...B.8.)..2...>..q..!K

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSOUC_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37277
                                                        Entropy (8bit):7.9945297247079745
                                                        Encrypted:true
                                                        SSDEEP:768:Eh7QCA6sI98RUZCKOC8bGqz7OtnwoM2rtnfoiSPoZODvOxxjPF:ENCA8GZCPzGqmVwoNgUPF
                                                        MD5:92942E61F0F2E107B02E88C0A41E0711
                                                        SHA1:5BE1095D8929FBA4DDFCC8AD2E06D2FA826F3901
                                                        SHA-256:9DA1FEE1BC59BD2BB000835C4ED40BAE36B4A069F86CE11AF1D9AC63F3B0586A
                                                        SHA-512:E2898D439AF9F8FC753CAE1FB9175C635FFE485FC31BD40203DB220D708D2AC56646765D116D5385CA19433502CF08DCE0758F62F6CBDEF4F2ECC89646423317
                                                        Malicious:true
                                                        Preview:rK]...}D....U<..rg..m5y.Dg.|".%`.t....2.:R2....j.s[...>!...VL......{...6.6.....C.)F.A.b^....8x.s..^~Mk....l.9....O.....\...W`...8.c.TA.h.X...|..$q.4..).4CW.....r5...Z...](_.c.?..#..C.BV..m..:.h8V_.G..(..Q.`.7.2..q....Y..&...{...v-r...w-yl.P.N..H.....*g..n...a..[..I.H.......A.?..L.9AG.7.mY.. R..8...U1q1..ps6k.#....U.r.'y./..9.q.n?.........9Pd..2r..'g.....g..Re...s.S,4Sw.'...MDI......}qNh.G.V.....V.7m..+B.T...<..r....a..kb.?.E.......D.UWd....7..O>s..+..F..B..........=.H.C..Efe..r..uv.n.).Qn...A&\..'b~.6.^.T...Rw=......3..Y.......*..$....<.W..._..8..7...0...>a...V.G_Aec9_..7\..Y...#..}.V.1I4....,,i.v.iCD>{.w.y'@q.w..:...y.(./.w.C5....C:.#...$...8.c.P..-........B..(..'..U.E...'...I.J./^^.y.z..i..?.HJr.'..\.....^7J#........_..^*7...f..{......#...:.C...g.0.4_........F.RPm.o..l.&..}X.>..../yd.`..-i}.......P....O.&...z..f...+..\B|.q..`<....\...vBt....3.~....GQ..&..;>.r..:iP7.y:...P....~.!..D.Cb.d.V..S2..&_"..]...}..jd.... y).l...tn)$......3.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSPUB_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37279
                                                        Entropy (8bit):7.9950971585476465
                                                        Encrypted:true
                                                        SSDEEP:768:bzO6C2m8FCOAmzENK1N2HfrYn9uKQCqftAVQUgk2e+gm6Bv1i0LHM6ylhF:HO6zHtZn9uJCqKi36Bv1i0Ls6yvF
                                                        MD5:0EFF24B37F36EB85CE925FB0BFC4BC75
                                                        SHA1:A30147E9E276D0BCAF56FBE8465336936D34CA03
                                                        SHA-256:C6E257568D447D5ADDBFA2352D2241E003A90E6FD8173243866589B7D9ECA411
                                                        SHA-512:2A0995042B2C3AE015E6A6AFD64A8BBF60B8B766C1D91EAD48D25F1EBB9943E98E3538DEFF14DAB9C21AAD010F02FFB26E54D86CCD4440A8E347235DC9EEE13D
                                                        Malicious:true
                                                        Preview:M...Wr.e;...19C.wG'.Y.^IjY...B...<.....0...|.....j...M...;........w.d.t7.f..'l.g..Gi....)...P.=.3#$......F.Y.....W....eV..+.2XI..p/..xW..A...0q......_{..5n.>...B...R.D....T...8.0....f....Go..).^.`...........5.......=....U.]=..F...y.qU.d...Hr&......:....).........FE.,!`.d.n.C.!c...;1..nX%h/...@.1..:.q..\.0.%GVr.(....3..K...[..f.u..T....W.gY\...w.?s...k...H.H..V..z...4.M.'....#..I....XP%=#....T......_..,=..|D....t..._..z....b.H..,..7&..F2,.4.[..2+.,F.(.%....9ES.=3.eT....#x-.\........3.o....=".}~....B..}{,^..!%].)..G....s<}.O..U%..$P.Z...5.LY.....B\.@.q...(....J..U.y.f5.g..=\zv...+.LQ....w......0x.&.?..R..G6j..F.1%.b.R.....F*o..)i..".+..g8...9. Hn..~...[i.8.m...id ..tb...e.-........*..Y.m9...8..m..'r...3....N.>.g.zr...y....uX._...S..........-.=.@y].O[a...B...Y..S|6~...aKj......(~.;N.O..=s.V&.6`W2..`.;.n...........j\.:..%.r.....A.....4..6..%_R..0}-...N@Ds..E..k.Z`.NS.]DTT.n)L......eu.xQe.<I:.....!.?.LS..J(m3....^..X*.'.S...........sJ....[.y..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_ONENOTE_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37277
                                                        Entropy (8bit):7.995404400073226
                                                        Encrypted:true
                                                        SSDEEP:768:GMskGuAAJzBLjT56TtUQQIeXXOaiI/9WfxIM+2ZvWR15dhpevm8F:OkGulBvYBeXeaiIsZIM/1Y15nwF
                                                        MD5:0C09AFD7350A89CC675AC818FB77B7E2
                                                        SHA1:8696BE3EC5FEA9272092FBE2FDFF7FE3F04BCDD3
                                                        SHA-256:E47BB753313B5A631262FFD633BDBCEF4D7E59A1F8A54DEAFC00287E478BDDD4
                                                        SHA-512:F88F4DB1A85FCE9B027922B40AA73A9779668CF4A2872AE2725069F9F0CAB2343CBDC8C355963DDC29A39B562865AAB0745357DF86E4868437FBD0E0DEA1FFA3
                                                        Malicious:true
                                                        Preview:........O.'..^.J....+.(.9...r.L.....W..v7.t......O8.000.x......[)k..q......+..6.CZ. ...y....f.H..r....9.7m..V..S...37"..l.F..G.. ...F..i.*U.?l._\,nD.q...\..j.kq~._'~....+.....u..(..`M...P..])-D-.P.t.Z...G..'sP....M..4_........0..]!T..h%.....~2....t.\...C8i.x........h..s..B)....D..~.....Iu6[..l.....J..*.8.\.p>......\...i..D.O.........b.....D.~f2.8...W.L.B....oo..a.......(o.9.+..0O..z.c^...O....W.k../..W@.7.EK.....&e.ya....P.t..T\R..-\..........S.x.].2.8t..}..x.=.'..;4fb{.........P....E..\.MBR..|..4....5?B...v..f.8E`..YC..-..u.....a......1.[...#..3=..Yb...."+.....S..6UW.....1)1'.{[..$....Y2......:^Y...+.....[5...Y.GV.d..F<B...Rw...X#..dp.y`....+.,.....=..@..|1t..c).....D..~..X2...!$.H....[..8fI....Oy."..6.....}qU....x.RKA%.......C.V...p:.PO.......7......X.-jF.6...o5........N.b....]D....T...W#S....5wV............X....v.....T...5...h.(.n."RE?c2.....r.Q.l.o.....l..c./.y1..<....\....;...).;I9...O..Uh....[x..u...k<+Nj7...........Ge...e.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_OUTLOOK_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):37280
                                                        Entropy (8bit):7.9952213038459465
                                                        Encrypted:true
                                                        SSDEEP:768:eOoO5akmmT7vvpzYssUW9uLL8kqgCSECAu+AaRL3IT7HhI+s4F:zoO5armT7np8ssUYG89gCSF+PhIJIuF
                                                        MD5:E29C723CED01E53E8D790D9D88CB2C61
                                                        SHA1:F8781D849727C660A8771C17C119F567D0F7BCAF
                                                        SHA-256:627FFB866C8F857A5897A1CDD0D9CFAF8864AE4A1BF3646FB22315E798C5F7DB
                                                        SHA-512:D53379E7B2F47C6AE09667007AF28AEC6439826734C0D1AA682D2E99B34B933EED5CE6BA2F80387B100E6BEA6D5A0EEC4DB41478472D99D6D3E59239EA243368
                                                        Malicious:true
                                                        Preview:...w...a6S...y;b...V4.`u..,..B..8...4..!98...5.K....o.$~...8...q.Q.AU../..Ev).. .X.(.[..d.d..%.m.-..k#.s.Z1.....VA..Ut.Fc..5......d.....J~.m....~.1..R0.ury.d?.e...]T.J...v...2....T..e.T..Lu\....a:..^._n.`.y.#..v.%g..^z..*B../../^..v..b...;f.........&.Y......HjWX.q.D..~..O..p.E........Dfr|.4K......p....-..M..:or..N."ps.C.......R.;.E..K..v....Y..D.....*.m.....9-V.@.z.....D....=6..oM....)..G.rha......F1Z.Zc}.u.0A.5w'.i.Xp.B.r.+f.e...h!...c6.0aL.l.o..:....""#...-...y.|.W]:....."..Vja...af.-.s..Q..M]Y..2.-`.p,^.^8.......{ 9..H....[.<I?..^5.y...v...V%7..\..):...K.2.j.Ou.i.&NF..6...!..w.........UH.....'.9DM....e.."....+...-|Z.Z.;`.....Zb.h..!1x.....O.&.l.*.G.g..;.....3v.)...w.e.6rN...d..By..L.H..0...J...%.]...H...XHX..SY..1...j0.:..qH....+I@./..W*......k........e..`..s.e.. ..@BU.dB.%.^...8.....o...fv!.t.$........Y......>....}...~......G.B.\.Y....8..d..].L.GZy.F.Km.......)..l......e..u....c.......f.r.$..!..!}#.i7..{.8.=.7..p[.........:;....R.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_OcPubMgr_exe_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37280
                                                        Entropy (8bit):7.995200044017159
                                                        Encrypted:true
                                                        SSDEEP:768:8jZ5nAdV7Qwg70C4TuCCshMWQoer1jv/v6o0fCmtuEoz7O0MZvYIHu0F:0Z5nAdmwg7aRC1Noeco0Lta76VHu0F
                                                        MD5:98369A12FEACF0DF0FE723BBE0770F37
                                                        SHA1:88174FF40E32D6108B1373BAA6106BBF370F67E9
                                                        SHA-256:863A09E2110F271EAF810DE3E1A2E0D3B0F58404852A17C73F4EA040CEF6EE4D
                                                        SHA-512:BB8FA7AFA246F44B320F4B20F4EAC629A448847BF33062083F70CD76B46EE18E8EB072C89B1935EF76DC31B234A71C904B1B5401D60635BE83102AC8597DB026
                                                        Malicious:true
                                                        Preview:\n..jfJ....|u.U]...@...e.{.-.....xE.O.&2......K..v........gp....pK..f'..n.1w..w2Xw.HZg.'...S!..b.;....F?.R.....z..m..b.>zp.jG.b....F.T...W.H4+....^....O.g(d0V.]W..-Nk...d.U..g...DOQA."..c.>..*4`..A...z.2??A.".8....-....Ca...;.0.4...]}u"..F.'....\.Z.o.<....-.`.P3m.......3K...*.V.=....^.P.......h..k.q:w.WU4MfQ..u.y...{.)xy.:2.%.:.W.....Vz.Q./.[C..j......j....;.hG......t...5....s......<Cf.p...).g...7.)6(...s.Z.-..C.w.t.i...4..j.e..........w....Us...............XRR._.......g!.cJ.T.....s..3-.<%AO{."....dj...f!b........S..A[.....x$VO.D.......d^..(..J....WY....^@.....5\.. .N#...^!o.. .X.>8k.3?.....'..8...!!....PO.]..AQ..!a..r..W.7.\5.UQ^!D.......>gs..6s....$..k,l..{..q.O..!.B.S..w.(Q..%X..L..u.~I!.r..nOS.$.P..................`.B`.j.......B.Dq8_..f@.....p.#..}Q..5...2.vS.I...==A.ID..cki...Dc..[.h&l...zn..q.h.._L.$..f..I.5.~...\..3..2..%Tm.f...'L......#...uL...6..jq....h..........;N.-\..)........../|^...xr....#g..:;...p..Y...C...m?..O:

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_OneNote_8wekyb3d8bbwe!microsoft_onenoteim.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8178
                                                        Entropy (8bit):7.977287153866027
                                                        Encrypted:false
                                                        SSDEEP:96:Bdk3rkVXCk9GmECgZcR3cjmFOG5pW/dS0c+uZsZ7inv0G6pygx8g/o+dh493vTZE:Bdm0smIcdGeb05KyFAL5MiBuB4dRwIaF
                                                        MD5:65C2CA8D2DB86334E74E516BD4982CC5
                                                        SHA1:F19A4ED90F56942A08B4C91E6C4865ED937D7AF3
                                                        SHA-256:6A9454F8A56CE591625631793420E7D6F63F0695807BE1FCDDCBB3E65A3E408B
                                                        SHA-512:28C1D459572A899935B043B6E7B01E03BFF900993D21CAECD3CF32F260B449C7D624AF5BE5D216528D7CBA80752F7359A9088B20E0264DF46990CCF3570497FA
                                                        Malicious:false
                                                        Preview:'.75.qN..._.....?.c.bH!.y.W...P......IF....W..s.c..CQk......3@..9$F{.uJ.(&.k.v b}.......G...C.q..4.... F..v0Y.+`.\_3..q...x.=.k.G]..p..t&...~.+..5^{.E.l.....f...Q..f.7.O.}.OyZp..;.P..>... ..f...b...../T=.......o./...M.u...W..9...D.@.m.M|.;....S..z.N%Wb..b.>....xE.5uh....sl..j.P.....p.Z.t6o.....vjv`Y....##...}.M......_..f....d.. .Wgh..E(;$Z..!....b......@q...d.|k...KD@.OS....}b.?t...or. ..p..m._.v.K..l{>..ibs.Q..K'u.v.,......k1x./...f.........j.....E......Q.H..^#j.Do.y..?..c.....+.ub....8M...&C..(/Z~O..qn/.[.Q.q.H...#C...<|..a..m..j.5.".v....O.b{;\)....%ti.0h......[(..Y.U...P..|...5..M7..XCU..f.y...+.^.p...<...u............F.z.8.....0.O...6.8..T*p..*.MS.s...@.U?H..Y2wq.a?.x...PrqZ.H../{#c..@.v``.\M/..0.#.(h...c.>Y.!.w.p?+.....oG7...0........-Jg.{.2v. ..A.I.q.%iB....7..:.......'..1%.[w;.C...T...M.s\j...5n/.oL.....5..#.qYC..............P..C..c;...}6...<.f.q..Tx..'.S.M..AH..D.\.K(.D..C|..P.h....tg..g..a..Z:J..Dv.Z.Y.I..E~mR.U...TA.O..$..~)..@

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_POWERPNT_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37282
                                                        Entropy (8bit):7.995140323176048
                                                        Encrypted:true
                                                        SSDEEP:768:Jt3IFkDkTs94mPTNbM3YRvwYIwPRA2u5nXwLsumumtVR86h4xQNI9F:X9976IRvwkO2RjmfG6h4CQF
                                                        MD5:2017C24C35CEA9EE68E26349ED48E6D0
                                                        SHA1:BAF8FB0A681C79A80FD049C608EF9B1C0DDCED2A
                                                        SHA-256:6FB974FACCD06A0AE5E88B224317BB4C1690784C9047A2105870952003C81BB4
                                                        SHA-512:6825347BEEC2F3C35B26B6206FBD77157B1402B278CDEE30AF952DE001FE1CE1EA41EAEDDD187A3A3CB8CBCD794CE65CD4509A10ADDFD68FE11CD21DDE6FF834
                                                        Malicious:true
                                                        Preview:...n,..P..t8.....+.Wh..B.C.......A.7Jt.-..5...?.....'..|RB:.Q..e.....g....e.:(....I.A..p.Tn.Z....<."z..m..M.H..an....'.y..~..C...].U..?.q.E..C........Oq..s....U{h.t......j...W....-e..@...<...k.R..+.F.2.[. R.Yk..!.........;..kZ.}.g/._.%......,.V...y..yb..{.~S..lEEC.. #VX.6...G....|.9./j.....I....)..(...3#..t[.. ...uU}..4.ab.b1..S.X....e'.Y.?n*...>..YpE3...Eb....k..9..0Y-]...J.....x.px...u..>4.)'..|.....6.r*.|+.x...E.......'.g=j.....&a.........26...4q.m.q^...R...'...Dx...=..*.k...H..Z.`... :..8..R0......}3..\...cn....7xu".........Z.ZU.o..>..Nr....'.sN.>Q.1...O...d....!...TL.YL..F.R6|.9O.p..~..8..p.z.l_ ...\....6...+.F7.....>.n.Q..........w...2b..v..`E....Dq.a. e.0..7..k3...ya.c....sbDW..,...5.#..A.8u0.....Z...i^..J3<.......y.)_.y.ESZ.P..~.j..z<%....w....a....x.4..TO.......;...}.x.. g).MK./@....'...H.....B.!....W....O.][?.|k... .7....9fr...h=......,.'...R...{%..u'8.F.....^*...."q.>].H.C.....'.)..2..=\.x.W.Im.....8"y.K.z............li._...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37283
                                                        Entropy (8bit):7.994786160141175
                                                        Encrypted:true
                                                        SSDEEP:768:aPXzEJnpps+S14Y8zLWX+K0gHhSJv/rn1w1GhW8vMZxEoWtzMSF:a/zinDSX8WBIJvzn1w1G18g4SF
                                                        MD5:C0E213EDBEA7C3DAC70E61AA425A7B0F
                                                        SHA1:4BCDEFFCF379D457BBF1BF891EF68357751073CA
                                                        SHA-256:76B4850118926929F6E00F0DC591623D3A606B955A7D8378BC028430C7A1184C
                                                        SHA-512:7FE117AC46AA5337EBF5A042E6DC358676A89EB1D0C7D00C3B5ACD5E9409F705AEEBCDDDF8DF4D5DADD5DACFDA50D2D15DADF0C26BC77B595206909EF66BF96B
                                                        Malicious:true
                                                        Preview:.......|\"...E..T...!u..R.:..]..<..G.j..J.j:s.."e.Z.ap.'A..D6p.X{.x...L.n..2.I.."....[\#..\......:.g..}..8..,b.......=.7.$..=..}..^.r.A.K.4........)+6....Y.N..(.g....n.6...h.?.P.d.1.":Xwu.K.......b.v.G.f.#.40..#........b.[7a/A.;R..P.)....w....6.u.G.K...6C..T...!.N.5.wS.-@M.8r.V.K......L..k...[\Y..&...c...`...M.2.].?. z4.4...C.##K.yZ0."..X'J.n}...n..&..lc0.1....W.k...=..@K.......,[9.Lz..ME...G.WF..9.su)Q>.U.B/..`....m.[.%r..].Y..w.....tV..J].r...A..=5..(....:.1...>......^....~.....V.dM.n..n.E.~..n^$..|RsXV4!...4.E.f...AK..o$......(.rS.Ih.._....~....h.....Xn.E.S..d@.b..a.{..\.._.2..:P.....Dud.7...8....i....u6.*......../...r4T..A,..cY.|o8.nw.-I.c....T.z<..T......f. ......../i..-.o...+&..e..X.......2.A..&.L._..c.W>Z...q,..),Z-.D5...@.......0kc...N4.....a..=..\....T.p.|../..%.:.=.F.....+..#.%2}.....3.,....46*t/.z.z.=..)..7...c.V2;B.a..I .....7Ov....T.....}g..r..q.@...>..lu.C.:B.....fia..............]..7U..{.=Y.......t.u...#a.=.i/[>Up61/.R.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37295
                                                        Entropy (8bit):7.995344990392668
                                                        Encrypted:true
                                                        SSDEEP:768:VhuaZxy0EhKDzL9fQKckjQJdHVaT2jjiv5xXvdCp2GcgCS7XPAUTHU4F:V8MY0EhSv9sxbHxo/vd67p7PTTHHF
                                                        MD5:BFC30968ABD9B46FCEEE45810DCA28F4
                                                        SHA1:0C1FD6903F739956C33243CB48D7752E67D9196B
                                                        SHA-256:1D3D06A13FB3279CD2187A80ABE9ACE41208A17E0A11E9FB8B03941CA02079A8
                                                        SHA-512:64604AEEFC601416B79AF831B1217A6C153C171982CD66609ABA0B7DC973BAA849F9606EC61CF7B3D8D5C23595254EE91201A4FE8FCFCE2360922BA6176FD567
                                                        Malicious:true
                                                        Preview:.)$yp.enQ.saV.....*Tp.j..........x...".Mp.l...p...~..*.i..d..P...[b%.6V.....e...A.Z....U...'.s'....ak...}.z.N....-....0...G.z\ZZ.?...)_.*Uf.[Y.....N.0u!+.K....$...<..N..:..I-..j....w.q.v...C$...S...>M.x..G..W{jq..^..(. ..u=bq.Z....._..]......&H.Q.X...bX...D..E^:.p'T~..1.lOH..OM..T..h}8.P..wr.....*O..c.."..y)..[.....a.eb.H.=J..Z8....!,Q......FL;.!o.q../w..s..t...,..Wi.J.........u.(..............V.<.^.hd..DJ.aC*......~.x.bi...@@."....e0v....x^R(..mD..6....L5Q+}d/..=..I...!.....t.0..n...w..b../....Wiq!..~....R.@{..Y..M....az..[[9..m%..*..{.)......J9...e..Vz[y$...>.."..=.>M|...Z@....k$..].m..y..\..K.Xk.G..-.WU.....xh.|a.l....;d..R...Z..'.Y}mL...m.3..;.i.$.{>..i..Y.....p.E...EA....NR.9..3..,...Xy..p`...K@..>..ei...8T...qh....J.....Z.(.D.h..n.@..o0......t..l7'.<#..C...~Y.tGq...2..I.?.L]3........I."B{a.....N.....,r.h).._@....B....'...+.fW7FQ....!.w.-...,......T7N/..$!..>..w..Y....o?.i...,d..l*.6.k.....G^+.qw.yv....}.....pZ.hL9Z.0R....Jt...J.....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_WINWORD_EXE_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37281
                                                        Entropy (8bit):7.994850477621076
                                                        Encrypted:true
                                                        SSDEEP:768:NsgsbRRBy8Atc6fpa885feGg045UD2YLCr5bwr0BqS0gXAnJNu95HfF:6rG8kjcB5GGgzUD2Xhu0BSgXEJuVF
                                                        MD5:2ADE1BB02DEBD788DD041E3AB7D57277
                                                        SHA1:9D7451150F912DE4707B75911F55FD6E3FAFAECF
                                                        SHA-256:0E7AC6DDC707DD4392CA59809AF986D23A29384E5AB86170EA3863D3C09248A9
                                                        SHA-512:A0A3B8ED0B9C1146AF2CAEA9C8DDCE855001E174793B5434432DF7D740CA7DB7192127C34C68B9B85993EE883219BA6978B72918A37341EB744B7F21B56C41C1
                                                        Malicious:true
                                                        Preview:P....r.?|......H.<).B.._$/t..I...).........mD.k....S..)U].V\.u....4...S6K....Zq$.......\2..C....K..L.....(.A/......1u.r.VK= ..).z...B..,.M..7....#..].o...._fq]-.^...r;?.x$8r..s.....3.q..jK..Y.......-.x..cg%.6.....O.R......3#.'a....m.-...q..?(...!Uk...h.;z.,..n ........w..t9....D.w..Pd..i...g(..=.<..0r...`.....|P..p...>...a...y.k@[...M.$.c.l...O.b.y.d./#%.#.E..7...gp.+1S.@..0)?....P./...G..U./X.=.\.{.Z....@w.,.....+.m..0tI.~.!C..O.9.%/..-.]O... O.k...'..........nz.n......W..3s.Woz..OR.pW........}0+&..+...z.r.._.."....b..{...#&.".$.J....%.QQ ....T......h.x&.......v[........H:X-.[.x..c.DU..Z....u...a.d.T...\...>u......#.e.%~L...4..\..i.'v._W...`b..*...B...i.._.w...2L.u=...v.E.@.#..........1-...@3J3+.r...+..(sM..L|.)dK.s..'..."..e\....d...:..:ZdG>O..$&.......z ]..a.l/k.s....%...Y<._.Z.j...A.....e.k*Z..=vc>.-...7P...c..i.Sx..].F...MC..bSR6...|-5...T...._....r.....'~Z.1T.e.b.f_o5..af....Q...&4.=^Jh.D.z.t....)..\q.[..&D.r....2...j.*5.A.nF......Z

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_lync_exe_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37275
                                                        Entropy (8bit):7.9957650559791125
                                                        Encrypted:true
                                                        SSDEEP:768:bLdKC5q5H5IiRMY80NggpXQoI5plWUn/D7q0bm9Q9RV2BHjHsg6AlfPeLF:NckB0NjpOpsOXql9Q9R4sgDRPeLF
                                                        MD5:30E39C4C9B4EA5487FC3B4029B420632
                                                        SHA1:DECAC97BC109AD539F10CDAE26F281EE9CD5082A
                                                        SHA-256:65CFBD05F2376FE38AF98D9D3CA853ECD45319D7C201E357A710EC8E7768010C
                                                        SHA-512:D975F4D7FDA7FE2DFE6E98F091A79C5C3E806919A40B51D50E47BDA5399208FD5B0E929104A5C526B3B28C800A26D1E2EE3C4D3C47AAC09E0E516819EEE25B43
                                                        Malicious:true
                                                        Preview:.N..:P`.uT...!H.U(...(3.j.!Lz....p0..Tpjf.I..W{..{.Zk.....9d.......Lb.F....Wng^..[-......{jW...J..1...J...?...1)..B.(=..;`C...T....;...>I&)k4..........P........i.!~"a'R..Ir..."o."....mg...(...T]...@...S....|..f\i9.[.aU....H:J.H./W!....Ps...o.M...5..LY.(y.i.9....|p.....8@.-...R..,. ..pd...*.Z9k.sS...x.DL=....[&4.)..(.v...OP..I.(....F.?3lS..$Y.5K.[...#I.......n"..l..X..,d...,d...aM.2V>...o..X..p.Q..%(5..,-...&...{.qJ..c.)...lDk+...u...bT.....;.j.=_D.&....9..8.}..k.>.I...O..2..<>..!.,.ZD.*..`(Ov-w..L%3...AOfJ...P..c..k.....i..x...c...!.Y.....xR.....p'...Z.o^...........Sp.........-.s..WC;..nP....+.........<=.fdZ.^.d.+....u...o..[.i. 1...-........~.....z.$...&vz....X..j@F..&_..........p}i..t..W.nX-..z.......eB...."....jg.F...8.K.0N.zv3..<........C.M&..#.:N.mA..PiQ2.O".....I....Z@....{E...~.CS.n.!F'..`...1.%..{.A@o"I.Z...G...f@f.A.[."?}{r7Z.......H...g..#.4.E...T\...zZ..v...G-E...U.*9.P..h..:.......gG4..SK.F!`...H."..$...k..Y[^.&o.zM..}.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msoev_exe_15.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37274
                                                        Entropy (8bit):7.994880165858236
                                                        Encrypted:true
                                                        SSDEEP:768:H4XDVuiJbYwuzoEOEBDeQeBDKr0nmb4yG7QNIuu3Fcxe9ab2Lgy30LF:YXDoiJRXEADTmbFOR3Fp9rkykF
                                                        MD5:DBFCE8DA013226204AC44DA26B71C46F
                                                        SHA1:E0BABF83C935120D1CFA83F26AEE638C9AF5A9E4
                                                        SHA-256:C6D86370F1DD764DB528119EA14D86E031371C44732BA795D4045DAB4072397B
                                                        SHA-512:33247E7E33ED33A9E81476A25AD68140DE28DBB0F32E5FE4A735BC7D15C475D40F656C667CC222ADFC5110B52773B5292F0114605525044B65DF5E4A49535F78
                                                        Malicious:true
                                                        Preview:...3.J.....Z?^.y...h{.8...t.....*A..-...H....w.n_(1.../.R.ck.~.7..ke)..L......a.7..-....8...C.C.Z..U...K..!...x...U.....'...6.W.P......@....,......o..O.....G..e?.#..vA.i....iAc.H.8.f..*.1...\.,'..KE.....O......nF+.....l.c(.-G..t%q(..cJ.............T?k.]t9TE...].~.S...Td.3U...{1.'.`.]....v, ...7..9S....E.W.....=s.....@..=.fS=..FAay:............hy..)9%.}Dk...}...U...?.*N.Q(K#...b...<..3..U.G[.f_....@...5......O..'....6...qn._..$h..(..h..9..J.R...Y..&...V.F2....V.>..e..'rl.k......b.|7.x.y1..#G+....`..]....Sa"......G..}...-...).h%$...}.fkr.w.....HT.~.YC.B3G..9...{..L.V.D...?b.,_`.vY...<4...DKN.<*..v..]..Y..-.cBu.[....-....w.jr ....._..&Y.\2....3|6..*V....2+.{.y...N....j8seK..M."....<..=.V..8....66....K.I.:.[5.....G....6h...W...V.<..~.'....+..-...}."..Y.c0...w9.r.|.T...=iZ.......u.).8-0....s..\.@E..].6....{.....<E..W...{..?.p.gw.,.F...y..R.W:...mz.q..W. .|.\.s.6..E+......eC..9.}..........<...jH.mQ.5..1.. |\..Y......X......6....s..{.@..Z.f-....|...4...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8210
                                                        Entropy (8bit):7.980309734826868
                                                        Encrypted:false
                                                        SSDEEP:192:z+YoZcFWvsepYMpx39/l7QAUMpGrLzGSiMGUcvFHllKesF:z+Yyx1uMpxttRzGnkjKHF
                                                        MD5:7020FA0D70045BA374CFB7F7A48329A3
                                                        SHA1:C4AA2F016388204835870E0A86FD47D09567E084
                                                        SHA-256:D11B0F209A903B3FAB2EEA67008CCEECF68ABE616D1796B8248849D6E2B54F44
                                                        SHA-512:DDB7DFEC686CB1107B5A3F25A1611579F70C051D3FEA8EE9A013A75D2C46FD025957B726F3072D456B6A516C4879B105860B47A1D9CB9CC02C4D298405D28E4B
                                                        Malicious:false
                                                        Preview:9.5.J@...a_...H...k.T.!.....I#..t...L..H.7....i..!3U..U..2....eS.......$..>{.r....b1....c?.........f..^.hJKf[.. 4/!^..s..n....c.cnU..JT.wa.;.....&F*.Lu.z..:..^.4.....A9...3.ek.............].8. .Q.z...O..\f....e._9Y.4.7>u......7mB.`.....p........I9..M........<.CI.qmX.$..,.6.~..,SsO..R....iQ../t..-...gz..Ix@i.HL.|.&.".=.yd......n.,H[.X.d.2.K.m..b.$<.._=*....D.w6.....8r/8.....H.:K.._Sud..|]...e.S...|mH..z50.@SF...\J^.^.tFMo..5...YW..C..2.W'Q..n..B.._..I)".4.x.+."v9BK(..E....)P.)V.-..1......-n.....%%0\.0.[@.$...X.......m...:S.$...! c..fGe.\6..M.c.D._m...'{.!..24...M@....?.U.8....W.\U.nB..pJ"l...`@.%....@...f4.....;......:n.#..S.I....y...V?.A..!p..,u.m.]`..`..P.*s...u.jf:.=....%...q.!...I.)....a1$..-G4...............K..^;..../..;.%.Q..e.......p.vs..L../.I.........(..<*,.sM.W.h...w.'u,.2#Wq......U.R#qf...\0..=....P}pC;..!.v.c..0...$....P2w.....fO.h....F...,....l.`-....j]Y'......av.).n9....0...l,..|..?k.NA....l.... ..7Kn.b....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_ScreenSketch_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8172
                                                        Entropy (8bit):7.977525007355042
                                                        Encrypted:false
                                                        SSDEEP:192:sQ42dyL/l/wT5AhB6p5OkgrryStQGnmEXshwXwbF:skdyL/l4mokk63rmE8wwbF
                                                        MD5:B01714BBEEB39C4209B3055872C6B1A4
                                                        SHA1:D674D6F729C051C98247ECD6BCF1337017F9B49A
                                                        SHA-256:3365FAE8473EC05044C9E6F9DCA13F160D0547D269229B2F54DB9E45678DE245
                                                        SHA-512:F6CE09A4DA033217DAF52835FD7A7DF04C70C5ED1186A4F39426BBB9592D4F1E516E0ED17B0C2107C3A46CD3B6242A0D2546C769D3B3EC4B6C9B540F6F331522
                                                        Malicious:false
                                                        Preview:I.?..[.....H.+.Sks7p!......L..T...aX..#.2n.L....i.R."k...f...+V.O}x...?..6F..[f..mw.E...w.J)....R>....s..q.....&........B.bv3..Tz.H. ..x.@..."...."......rej(...u.|..HX..$......N8].....}..j%}...H..G.z..'..+..o.v.....#M....upy..........|..U....}.p..i...q..p.A7.Y.5...d....I8...>..TP...<.wD..<a..`@.z.-.2...CK;..oba....x.F..Z.D.}Y'......|E..SDl.*74.J.Wt5.......=../.U....Qv;p.'.B.oP.Z.Qn.....pm..f.N..9...C6.8GK.>..+8.FB.b?.8.C:..z.K.+....X..........I...l.m........oaA_X.Mv0..k.....y.....{-S...*..''QY\J.*e.........v.u.@.L.A.ME.7.8.>.A?.=..E.[....2.U..........x..*.%X.!.."nJ7}......%NK.Gk.D.^..K...3lU.>..i.?.:..8v@.+..F5>BI..5..M.Y.m..."...........wa....t.Y............+.....DUr6@....>:U......E..k.6E(..m...fJ....,..6.M%]..`.+".%.vl......A7.Rd..........t.>>v7.Q.&8n.|.W/.$...."R"...f...(..z..B&fk..v =9.$.MR.W..3.b+.r/p...^i.(2v.#.B.4......].2=.........e.....!1..U.......P."S..~|l.../_.l.1...M..*......,:.E..<...X.....<..O.0V{J....F..;Ew.C...JW..A.UN...7Qli..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_SkyDrive_Desktop.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37275
                                                        Entropy (8bit):7.994483354605923
                                                        Encrypted:true
                                                        SSDEEP:768:OVG4dc+oBXSkGJQcDK4oU9usP/ffGeGZNpMKtqsZJecZ2Oe74E54F:OJcRiRHDjocFTGZjqs3kluF
                                                        MD5:253EEA737CFBC63F925952A5B894C52C
                                                        SHA1:BB69398BE6E017C0D01232425BCD59D0129AA351
                                                        SHA-256:062A2157932D79DD76F0E9E07A9633778DBC57FE30074132DC48C624021B2414
                                                        SHA-512:774A2E69A7A4347EC8153C6A5BD541F610B1C2A9AABBDDBA5BFAC7660A80DC8114A87C224E7306718A8D2280FD86EE5234FEFEE9D95AD7C912D549AA24A7A2B1
                                                        Malicious:true
                                                        Preview:X. ).........9....z,c(*m...6.v.....~r..J...w..o.T..X,l5..3v4S.>?@.=./....)9.....w38"p.[!.1e[.+1.B.7.{t........<[.r.T:..%MB..foy.!.T..7.......r...:.5.*M/q+.z..j].n.....w.............\..f...7..*].....b.1.|TY......$..H&w.....b......J.G.98@.rxLts....7..t...P..T..M.{v..V.... ..A...,.h%m,.... ...k.....o.aI....(.8.:$.9....M.......O..S...gt}.ly7.*...r..R.-........i..;M.........s.6.wB.....I#...1..!/......Wo-U....=..z..A.|zr.m........+.c..$c.lN^8I.}.h7[....-.k....DpX>(....{..T_Ca+..VA.~N@..S"..n$..a.^.U...H.s......{.:z4>.....,...S.........H.|&....l.].........s.Q..........n3^o..,.?d.d..I...^..,y.`.4w....y.r.........p.......iem..F'.H.0..o7.x.s.6.9.~...+..Q...w.8..il...@..Y.y..~@...m..H...b.P.....\....!.J k..x.q.b.s|{..uz-..)BBq.m..aH...,|......\.....|...5m....+.y...I..,.Q...q...Pc..=l.i]X..`.,...1....f...y..-..)!V...:.\..?.g,3C[^....`/..~...v..u.MZ."E|.....g.(.h..0.e...Ab...4..6...}......(.........)0......f..+.n.*...H.#DAgC...z..7....~~B.aY......\.K|

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_SkypeApp_kzf8qxf38zg5c!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8168
                                                        Entropy (8bit):7.980658697763429
                                                        Encrypted:false
                                                        SSDEEP:192:BWkVdyKoMv2MhOUhENhUwnePa6BEr/J/p/2zF:BWkW4uQhnJIr/h4F
                                                        MD5:14BC352A2D65A86CB12C625DCDDC3CEB
                                                        SHA1:EF2F167B796684F3AC30BAA2547E5948233118CE
                                                        SHA-256:45AA28061985A1F4D11AD790E17EB1EB0624EBCFAAFFE486E860A15F654C4C9E
                                                        SHA-512:29F57060CAE5142DFFA50794AF452BB1CF3D894BE6061AE4FB331C5DF58FD873E878766092A1E7D48529E7B88A5C7C633224F93FF19373BE98202A1AE1E0BD09
                                                        Malicious:false
                                                        Preview:....tq?.3klP....51.t.....)z..J.p.Vn.....@..^..M...?.....o....Sf.J^..#/.[7.^.5..HL4.......J.g$e...}........^TK.J.F.W-.v......m..%.*.7O.R[|.U1ZwX...2m.([?.Yc.]SK.$0..4.~..U........=...&..R~.y8..O..w......}L]v]...kd.._.wG..K...._...V..u..5..,....a......n..%B.JQ._....@=..%X..`....O...d......`x.9Z.+.a.s.X:5........7J!*..[....O.CF.h.[.V&..zX.Z5.i!.*8....}|f....3.....@..D.....6.Ou..@e.":..y...yp4...+3;.....|K.a..<A...5..f.v/N.d)....P....p..D.g.q....p.`.O..K...!y..3.k~d3i.C`.3......./.P.J.5.n..t......5....#.;7..}...N..?O....W...c.5..3.....|......VHkY.u...e....>..N......(.Z...~s.y..4..Z..*..2..V..:.t.;%..'....ll....-.b&.n..c$..cG.u.....!....RY#..a.2.....DjAz.X@.m.M@....P.<.Y...x..9..._..~..Zx.......[.zQ....V......6GZ"...-.....|-..n.x.\9..t..u......P$.z.........R[#...]....qZb^.<C......=$./U{.P.".../G.n5......{.f|Po.<J.R....t.......'.l.:o....,...-%z.\U...y!y..-8.....{.U.......b6(.|... :....A#....p.....m....O.El(...?.mF2.O...6..PW..k..m*A}.3....k.M)z~>.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsAlarms_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37293
                                                        Entropy (8bit):7.995127071433609
                                                        Encrypted:true
                                                        SSDEEP:768:QYGfpvmrBeCh1F4KfbAyq/VaX6HFl4g7Ke+3tJF:QYGVm0SAKTdNXF
                                                        MD5:BDE276A5905441C6DAFD95919C7451D2
                                                        SHA1:A42E7FAE845A0EC30DAE664B85764828C14146D5
                                                        SHA-256:D8E40AE9EDF4BE67F50927FDF562D19C76D2A587CFC98F5FCAB2EC9FF6906CF4
                                                        SHA-512:E709EB8EA36AB9D71A2492F06651F04DEFEEF90626D392D666D9D5E9EDC29C15C344C0666E4912F25A046EF282D930DE0D0E47418F5B032DE434C2FC48120F5E
                                                        Malicious:true
                                                        Preview:i..O..$&s..'..r....0......`......p...."2.}......).-..... :H".H;5..!...}*....qr...%.o...)..Wu.:O.3..3......E. ..T.H>.Z=....CmP....@..y0..'._.+N.C........93..E.'I0r...y._.k....o...w...K.L..A.*........w.$....`A.V-5.T..>?.-k.h.\j..g.....]?...~..tN...W...r.+MXH....j../d.-.9..O...........v..8z..K..oV...L@a..=...q....:_._...?...w:.2.,@....'..gg....<........b..IC..$.Y..~6..X.oJ..Q.k...x..6..vb.........#.......W.............k].).`..s_VW/.v..-..m...q1........9.|....S(....p.5:c.7..=}......+^..!.........}..@..*Q..U.d......"...%J..(.fkI........Z6y..*oWf.|...r..x.P{w........g~;.`....]N.(.U.KcuO.x..;...sD....-#.5.n.g9..X.......975a.V...4@.0..h1v+NF.l~.$R..OEN..........[.a...^$g.u...>Z.T.R..w.(...;o.R..'.m9.E..'.........a...............PPLk...."..6..M`E......Q........5...3....\...F?..a.B...{.....dD.8i... r...[... f...l...f=Ts..j.GJ.....i.........@.........E..nM.....(.Z".]...U.......;(5JFc...[...jgA...L.......~.)=.........!.##<.5....5.0t....U...A....."

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37300
                                                        Entropy (8bit):7.995200925238697
                                                        Encrypted:true
                                                        SSDEEP:768:ErIlfG+sc1DclgcLVrzs0/kDUK1+L3l6cQ++DrBz4k6F:RluTTsPsL16cMr14k6F
                                                        MD5:14711B8CE8C896B010C435D3E2A52673
                                                        SHA1:8FFF26B4C39E0F28D7C664CD6CE7ED80C7707411
                                                        SHA-256:18F7C98ECF8E52BD71468F7156D8CBEA8A5C2CC42C3F2A811F30E105C98F0CB8
                                                        SHA-512:E5F50896320DD9B0039B09A7FB5A886E59C6F3114EE4D0B05A4D74FA5CAABAE014F30D3DCFE7BDBC3C66934E802C60CB78BF65847FED31C1E1BE81D768D91407
                                                        Malicious:true
                                                        Preview:..b....x%..{.........c....kDR.qU{'0..<Q.h1..a..i(..b...m.h.z.i`....ZtOM.8.".N|q.z...$....O.QZa..F9...J....3i..".F*...7O7u..YvE.. ....I6Z.'.##.n.C.0...su.+...1J........}=.Su.H...i..K..u.....%"..q.....e9..z.<.....n.A..].]}...[;n...<.l....X=%DM....Xlo..G.Blu....Ny.+...H..5.Sy.n..D..P.pJ2.<....*.~c..=.C...Q..[R.Mt..(B.,.<.^..a.c..|6u.~.N.B..W.|l ..:.$.tC.e....?{..g..=}..V.b|C...LT..fhP...JH....M[.S..2.oi..-UN....e.Ae.W..?5.a....@GY.w).......@{Q@....7W"..<5e..p.-W.u..=.....b.4.c......+...z\W....8d@.s.2.......V..&..;..Y.OC.u,..c~..q.*|...e.['.K..g:G.9 ..I.W....O..H9w.......bG.3..t..s@...[..5.....>z..*...`.P.;.J..82.F..B.S.....EF.2..zx..m-.....<A..s.8:s{~h!5..Q.g..)..k..............Y.....ROF..$.|(i...9.m..LTMy...-@3.(yv..=.W.....U....xHx...0]..Rn?....A..,.aY<-xVT..[.VFx4..,z/...UpC.b..1.a7.A......l.h.m8.....h.>4bq.N.d...x."...@`P2U4Z...n...A.07mP..7...l-.m.?..4.A5..".l..S.4......K..B..m.&....H.......Z3I.......S.. &y....u..,..o.b.>L..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCamera_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key Version 4
                                                        Category:dropped
                                                        Size (bytes):8175
                                                        Entropy (8bit):7.977499846418597
                                                        Encrypted:false
                                                        SSDEEP:192:6yiF7WOoZLR0ootkH+zA+drMvxGroF5vsjF:6yiB8ZLroWH7+Nn25vyF
                                                        MD5:ACB57E8616E86D29F2E7E717EC2973A7
                                                        SHA1:B297AEB2730D901A83B4393050FB03510ECDF0F7
                                                        SHA-256:80CDF2D49AF88A4DB50CF50081AC237E7C58ADC0B27FDD301AB2CBB6B85F2222
                                                        SHA-512:CAE8BB05F34CB841DD087B8C09E68AE55C832F02B6854993C6B4D86D85754B5A6E2DA25359E86751A44954A76EC3B5BD5F3B6A92C9CEADDF328C8F4631926147
                                                        Malicious:false
                                                        Preview:....X~.WI.5`..N..}.*...lw$.`.RtK..W=.mj....^..gaq9....#..O)H.:)r....F`#..).uwM.TNf.....E.c..$.q.Y....xh...l:i.....y..f5....^|s.P~]....".....L...-..!.'...zz..1...I.N.3}~..1q....X{.]..!.P.)$u.4[3#yF.].Fc...R..6....H.....I.....7...3..4..]....W.qK...~.?N.3A..*!.mc.?t...j4....%W..d........"j4...._7....6.(..[.kn.'0..li.EK.]o.....|%w..#.8P0.5...M.......t..w|iX.eC.J%..B..8.....J7.7Qw....>.h..$.>,..}....fZ..\..q...1?........h..D4=X...)^...2.+...7.B..k..._.I..<~./..$...6M....<...lu..W.7...*%s..x..O.."5.F=..,.?..6i.t....M@T..-...2y..#...7gBLof}....c.&Y...3!_...I....q............`.Wb0...O.A..r...L......7):.Y.(V...L......8..c...<.v./.K.....L......P.gs...\..#.*.XH.D+/}d.....T..b..xYl.....Gx....0.M.}+.N..<....l..s.F.0/.......v....53$.....h.?.....LK..(."/._....o.UH...i.[<W....&.oA....n.........B.^....}r.c..@.....@.y.RMi...{.Z.@{K......Z.9..!K.3<.........H.yC..M.....I.:.v|;`..fV.....{.B..v..!..l....B.|%...6T-.7...&.....P./..(i...l....o.Q.m..I..\n......

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsFeedbackHub_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8180
                                                        Entropy (8bit):7.980487265786409
                                                        Encrypted:false
                                                        SSDEEP:192:9CNCdf5KaBqpxJ43b3X100InwIhgzmihiMly/PoyYMrTXSssgbVOnF:ENC5Dsorn100GyHiHosbVbGF
                                                        MD5:DB68D7D8D44EDED0322A37C7F3BA9E91
                                                        SHA1:6DCE39BB02840DB8EF771182DAFFB25AA53EFA67
                                                        SHA-256:226EB70FAC1D936E882E0BC15F54B110D61E6C78FD48C0B61B0543AB90846E15
                                                        SHA-512:5EC4863B4CC34CF69F0EF489BFCD4B54A1B4664CAA0913DD4F67EBE241AEA5A59632A7EF77F05F726683A794310555D4938868D9FD76108F6C63FAA98559849B
                                                        Malicious:false
                                                        Preview:[=.79.].Q.n.|.E.2.pZ@.6.K.(...`...[...u..."..B/.}7.5i....4.....~rw.o,*\|.5..(.y...f3<MF...4XTYe..@.....Q.......I.Z./.......Z..su..2..i....2G.s^..Qo. }.%@..>7.m.6..C2Pm~.tl. ..`....gTy....zc....).Iw.m.e....=....Wa.i..@.S..{O..j....w..0......5D.Z=e...2..?.C..V.J..!..`.)...C.C..+...i..=}.F.D....x?. 5.....M...j.t.] ...^..?0O......0...W ........D.....1HO.....u#.i.n....:....:$.3.."el.5M....[...LF..8..)...d...9xk.q...~..+O|.g.J.;...n....!...@..y..\wg........QYh.....w...96.E...h%.....q.....t...!I...<.W..*_Hz........}....G.|..*".U.a.9.@C%}.."?.U.E...N.....[.{5.e.l:.._.*w.t% Tv.<.i.Xj..#f....g...zS..c."..DV.13..T9.. $<_.}..x..f.....>.....Q.IW..C_..q......$`...?...0....J(5a4%.....g....3.6...qV.f.;...TU.S...~...*.VY .;.,'.`&&.....i;X.v...D..).P..:..k.$.,.....C}...(.......D.f#...B_4.T.....j)o.7....R.>...[Tq ........T&..].UU...)..vj..).U.#.'.v,.j..Nw. .yt....M... ...R..8...R.-`.7\...BUY._..._.....!.o.U3.r\.j.LG....`7F..qh./...........MN......

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsMaps_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8172
                                                        Entropy (8bit):7.97699308718995
                                                        Encrypted:false
                                                        SSDEEP:192:NB5wEQe2Jb/pys5jl/rdi9AJBFCW72ivF:l2Jzp5BWivF
                                                        MD5:F73DA07A10562D591FB2837F05EFADB4
                                                        SHA1:AA6129AD9C29FC1B6213094B4BC36C6490E5E34F
                                                        SHA-256:47BC8AA4FD7A2862033EAEAAC680C783D01A40A6E08CFEF2DC1AC1AFF02B553A
                                                        SHA-512:6CC4C39ABDDCF585FFC4B9AFCE7DE55E2342780FF6A3498F68F11DB88CB99FC3DD7591E81705271EF7E91F8C9392EECEC70B78ACD5451061C1C4C1456B79F581
                                                        Malicious:false
                                                        Preview:.8....S...c.A}.kG...4.!.;.L0ej.?)6.6....{..e..\0sp..Y@1)...=..2.p..........x.M.............V..f8..W...y......r..I..t_.(..g....+Kg.<....g2.....3.0FK.yA..eSF.......U)........xzA.k...._CN.|T'......Z..n.a.(.s5.1ub..Qz.....F.X.^/Q.....R.YHAe..C....d.....j....o..0.(..[B.K..\..]..b.N..]~$.-..\,hg...z@..J..j..]^!...DT3k.X.@J......7XY.k/#Z;.y....?{v.,..rX.X.oG.S~Ey..@J.&. e.$...5E....9..&O]. .&.)P...`9... 1:.e.h1.?..V.N....f.e.P...X~&'d...P....D.0l[.......[*-@j.d...G*...A.s.|.....59.T.l.|.....{.G....e....7....D`u..W...0g.ks.A.fu.5...8u(.....E.M...Ki6J.2..6.9....}..`..vTo.|..n#..........h...d...c.1DX.3...,."...;...{..V.$.U..lU.~F,`......4.......n...'.`.)`..|D....]..(#.o..r.FKY{(.vd.M..C........6...x.S....^.7.\#.<ha....,..o.."foXu...G.9....AL,..U.%_w.C....r.........S.{.P.A ;W..4.)..A........S..o.......U.P..X..*.s.j..hX...pI..V.......y^ ........&~..[.~......N..J[b.-.P... .....>......!"..p..%.N....t.[O0..Rf..9.h.5......}........d...J.R...h=..T.I.u....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsSoundRecorder_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37301
                                                        Entropy (8bit):7.994970835533351
                                                        Encrypted:true
                                                        SSDEEP:768:mP4hvQ5fNY3g2JLM1NMZ7K92kTS0skQFAUExX3/G7ZMMXidsF4lQFXF:6dY3g0WNM4vTSJkQKnn/G7GMXidjSFXF
                                                        MD5:4A04DCDD3E99EAFAEB0BEA47961FF9A1
                                                        SHA1:86459AB8DB42FF077FD66B1C9C8E762E7AC2BC52
                                                        SHA-256:D3BB90EC56B97123EC0D71F2C493883897DF4FBB95845C78EEB0942066E8A1F1
                                                        SHA-512:6D1C1EFC1ECF2A43F45D13AFEDB52817A67ED4C919E9A71C9545D45FD03C2D9C53E8781D6AA9F4C2FBEE57D97DCEF96A15504A02369B0FBB0EBC22529149986E
                                                        Malicious:true
                                                        Preview:..d$.=.U..T./.N1@.&.U...k..E......L>`4..u."....Ng5.O....B....l=.r7.P...)rI{....._^...&..[....;.m`....._R..WC=..l3.r6]g$@t.....=...........7|H.qq).H....%.6s%"..B..`....C...o.,..`<....".....> ..5,...x....Rn..3..3>.".....6..==?[_.d........<.v....G.~..;.+.;.m...P....,.SP....../$.Y....z.b/....h.B'p.....0....{.sk......s..)F3.^...t.*.+l.3M3%^.SR.q{...,.h4......(..$,....>....+..../6s0+...c<.l....?.".j.|....24V....t[.`..^.Cv.....w.to3...k.r.....>.Kpm.....c&.MY..mr.~.L_.......5c....e..].V,...U.G.C..Tg.j..@...6..TR.3u1Dm..J8a.$i..]....4.I].p8.....U.~.%.sf.J.B...Gtt..tc<c_...(B..M.5.=Y.E..y[..O.W..Om..m?.e..........|.o.......B..........<[...{..|p.VI..B^.F.%.SJ.|RX.. ..T.b.v../.......uT...D.....q.......i. &et.>#.r..6......2Uj..H@.v.......6....C.&..|........,.\.*...dVMm.m:........A....z.......Y..6n..........;q.Q.....j.=.;...t......:.Z`p...[.Ye.=~.....k.3..U..z.E...M.@c4..Vd..ki..t.....S=$..l...R.!...Rb.*..,..}........@...[.._z6..Xx.SfW...U..V...i.G.....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsStore_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):31404
                                                        Entropy (8bit):7.994522627806769
                                                        Encrypted:true
                                                        SSDEEP:768:GdXPKKvW79OoDtSz0zfDBwbt3PNgeq49HXcytr+VF:4XPKKvEQYO0jybt3PNgsayN0F
                                                        MD5:DBEF4E28F1014ABCA3FAFDAEA50A3EF6
                                                        SHA1:04D6A6218966694FDBB5AB539043743A49E930B0
                                                        SHA-256:88288AD8EF25367A0B72928E2E3B3F118F69402F5521092A7E8690A1E14CA48E
                                                        SHA-512:7A6971924C1409F5E65C2E2EF076B53C1F107A2206A26F653E8C09F4E0642548659B08F9EEF1FE08FC2D1A4305E8EB653945E2D7B67B039423A4B36521E9F566
                                                        Malicious:true
                                                        Preview:#.-...s6...)...O.L.........!..3_EVl...~B...[g.....v...5...Ew..@.5c...v. .~.,...QKE.z.Hn.i.f]9......P...n..az.+E...xdgB;.,....:.Y.,.UHt.....F>..$..o.;C?...7..z.E...j...>Q.[6..`.*{...<>..fV.P.9.D../.. IGA4..E..\.2..7...~n..X.C....h.%&'3Y..P..w......!W...........-d...|b`f.c.....CJ...._.nq}@(..k...._8.....`7..0.i.^..v.....a.<S.a.M@....R..K...$.....>..\.A1^De.;.b.v.3..M.|..q.}.6.`..F....7Yq.A...=Ul.g'b5p9....s........"rk;.u..[...[....<.h..X-W^.\.BVL......n.p.I..8.<..>.T.G........{`.}.L0UN.=t.`.<.:......_..u^.8.8...jr.i.2*..D......#...k..F8,.J...f..H.....P.....Z.6.S.C{....X?..S..2...h......91wQ..-f.tSO.UX.u.Ll/OO.I..o8a^.!aV.f.v`..6..~....#XF.1...@.......L.b..l..2*S.{...B.a.....m...x.@...NM..E..@Rw.S..].5...".....<...._......tx..&.-...5...,...w;..o..wj^..C.E....vk9.....A%cU.....=..............k.W...\0..c2.8z....b.%..W..........,.A.........N.{E.{_......({8.2.<...q.>IF.M.`.....:.0..@..h.Cf..6.......j_.ks..f..sY.01....m...>.s..E*4.......%.O....-.6

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_AdministrativeTools.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37286
                                                        Entropy (8bit):7.995020672845947
                                                        Encrypted:true
                                                        SSDEEP:768:FqTUCbB4+L0VcW/ECU1lrr6e4Rq/ch2ytTEfLYGGffsvwuWSFeuZDlWBSWF:FqTUCbByVcTCmr6e48MttIQfJSFea5WF
                                                        MD5:2604A3902DD8170383376A9DEDB7DBC1
                                                        SHA1:18940240CFBF14F934C5AB5C2E37406B8DEDBC15
                                                        SHA-256:DF0EB505FF5993ED4C59D84EEDBD4E601240CAB7AC813EC87BD757532A4455DF
                                                        SHA-512:1460177FA94D43469F0A9BFDB425915B7E019DF51A029A4D4EBCE01A41F2A217BB841E50C46F9B4D509397BE08FFC404DE54BB89420458F8416A023CA3BEB6FE
                                                        Malicious:true
                                                        Preview:...9.]..G.....,...4.U..~.........`/..=....h.!...E..}..r...r.......#6...Ym...2.%q..0hHz....p.....8......&..$.QW[.AA..1...iN4.....%...t~..@..}..aO...2.....|}.[.5.......Z..x..._...5<.N2ay..m.Xr.?K.b.{..+)....L..CC...R..X......S_n..#...n;.8......]](...}..A..C...#!...}\....SHY/.....l.ji}..1....@Y].e..].....s...+..<.(.F.u....M:..v...B..k3..<2..N.....M..@...O.Q.v]....7.$..84:.hb.3\.&"..E...0...P ...S^..@.1.R+.U>..........l.S]3.4.....6...!.(n~.C..$..p/0...!.u...Y.....@.......h.7q*..m...K...AX.2p.OJ.3.-...2Y8J.9&.).Y&........Fh.ZY.|.9.".j.../U.(?3.{...........5:.....#..\....w.M.@........l2...Bm.h....i.0k..;b._e1.Y.>..)...o.............p.......B...]..1>..s...Z`cMda.n..uoS...M.c.%F..N......!.......k...WNh...;]...:g.}.^5...{.5%.(..c....x.1U)..Cz..i7...........+.l.5.q..E.jL ~.....b..r..-g..d..M?. .].i%.a.8......y%...I:.N.....9L..o...5B..B.y..o,.........l.......8..j.'E..s.Sz.<.s...:.j...c....k.}A..N7..I.d....NM..O.8G..[P....p....3.G.....(.1..s

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Computer.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37273
                                                        Entropy (8bit):7.995526797302333
                                                        Encrypted:true
                                                        SSDEEP:768:mwnDvVoRaaELC9d7Yt5eWcnOdu7cXvn0FWdT0YoqApF:fnDvVoAaF9d0t5WOduQXfoWxTgF
                                                        MD5:2FBD57A81EF6A175E58159DFE90780AF
                                                        SHA1:42B2EF121C2211E6BE50A19F48BBFBC7E8214D30
                                                        SHA-256:31E8818D8BAAC363A2386168A9FF862BF3C6E71FC11CA16B5DD9C56EA2FC2707
                                                        SHA-512:AFE96BF5E7D03C715A0F651F8A0A27064216B287BAE1A7E69108FF30E4F04FA2AE205AE7A4D83AE29EEAB82F84A8EDCEC371BBE1B45EC9B45AC94B99293C37CB
                                                        Malicious:true
                                                        Preview:.6..Hq02.|.y.w.|.e....2nb.ww..A..C..j.......nz.....p/.+..6.4.E.1.Tj.Y..[...X2.[g~...\z....21d.........GY.<....:...".C8....,(2f..>]...I.....Liz..[.....O...6x..U.L.......G..J.>..t.s;..,T.....z.@...r.....8e.V...b-..~.Q.. ..m.U....'.........w8...cd...9....p.u.*B.>..}Z-1v!..-..&a~.m...5. .=W.E+D....s.961...g..@..s...Yy(aD.z..0.gF...g....c.r.q..<R.,..{.|#.5.D..)...}..FE.].$.e...t&..L.....s=..q........$......kw.Oa%..v&..F........b...qz...W.:...\)L.%..ZD.....N./@...=..t.x..3.oqWn.j.....{.^G&.i...........].eI....D...C)..a.....9=..V..2..C..J...)^.p...o[.1_....0....r}.|6.._....{....@..o..&ta}.qG...v......O.|H.bz.x.r@......y.......i.0Y..Q...$....Z1D..`....B.\....g...r...FH..E...m...|'.eE....F.j...:r4...........I;..8.n.r.''.o.7.Q....vem..S._#.#....(@....\..6..[..;.@.a'.^7.2.4.>.Q.V.E,....J.$............D~..../........%y[.O.\..V....h...|. ......u..'`.......sIG......CN.ZZ.u......R.G..3..;Q..$'.8..*..Rq.....0.u.Uh.N...ZD.i.f0..ra.C...Z4?......u.'oc.gC

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37277
                                                        Entropy (8bit):7.994641228789141
                                                        Encrypted:true
                                                        SSDEEP:768:9crPiDdINgJU5lR6bkjvgO2724CGVYabMuGJFuRGSQJumVF:9BIN/lRL7gO2XfTkSQdF
                                                        MD5:0C3FCA84E23AC05B011599D76F3217EA
                                                        SHA1:31018BD9DC8B89617963D7A8B39FC854C13E238E
                                                        SHA-256:14DA0E190CEF82DD70F8E90607240CC43390CCF822CD0CD1C1B22E7765DAB76C
                                                        SHA-512:DE345690D0850C7C64DB955AF7930FEFCB0D86A2EE757A6A7B023D91E32D2E4E7C21900060C71BABE3DFBA6A564B9425683DB7D4CA35E7CF4CB915524BC1BB54
                                                        Malicious:true
                                                        Preview:G. .G4)..|y?....u.:.zR...Wf...tH-..4|k....*....-.\...7t ..(......%.i3....N..&.P..q.dyG..t.,.{..7..... k.@x.2..V.."...3b.K..|.J...;..t....3O(W..x,.o....m.d.7.Q./.$.........O.......R..V..N...".3S....o.C..jq~....r.7....cLld..4..@\....b*..u..B..tP....E..U.........U...HB.6....+..c.2.F'.....|."_>E4.f........}"....5h....x.0...?.3v.S....V.....RK.......D.....s.......Lj;\..k.5~GP.P....c.0Vk...Z..qxp...h..}...'.......E......}.(........(.*.g..&u...9.......W<z..K.X4!E/`-L%a....h.L.7...(R...P....U8..O....z.p.>.c..d..N+!......E..-..G..p7=.....a.Sx..z.J{........Ufn.w.....V.$;i.v1..r.l....a..`..,E..X&]J.-.Ne.......N....I'./.Oq$..]..ar..8..p..ZJp...b..W....6.......+Gn(..|.:.dZ.n.wF.Z.J..?`.....D.......u...C....Gz.`9c.....'U....d...5K..V..j...p2..F.J. u.wK...X.<=...%<.u.>.y..Y.....9..I..=&.7[...+N.~v!OC$.Gs,LT.\..L?...DJic!..[2R..`x....J7.z~.Tu.S...C.p..iR.T.....F{..#.<..'..M...e].(y}m.....G#.i...f..*..q...6?XY.F#i.Y...sX6..K.v...YD<.,.t...*g.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:DOS executable (COM, 0x8C-variant)
                                                        Category:dropped
                                                        Size (bytes):37274
                                                        Entropy (8bit):7.994838692674791
                                                        Encrypted:true
                                                        SSDEEP:768:w3qoDiT6UKXF/ZfCJULE8SnLVUDNwpyCfBIuszDkfzqF:w3PLl/1Cic5U5wo8B6Hk2F
                                                        MD5:6C1C0F82293BEE511C504FC069C56044
                                                        SHA1:2EE5471D314F1B8722E092A4CFCCC75E67C3D841
                                                        SHA-256:968A3450514DC2E11A5D81FF8809E1DDA605159F616B652030A786EF074B64DB
                                                        SHA-512:61CE2103728E37A33B700E63B5AD14DDA69A073A08A0E6BFC20C69E51198F43C12F4D7173460D5C76A609DA705E65D2459B25908CCEFC4E95BAD692C0824232F
                                                        Malicious:true
                                                        Preview:..uP^.D..6. 8O....[m%Q.o......hz..K..K...K.B}....>...+.....O.[.r8@.........3&.*.Lf..$....c.)....HP.*..JpeLz.Lhu.y.r..e.._..L.C.B...2.z..br.S.....[..y,.<.d0..Uh~....j...{R.....H..L.<.......ih..;. Y.3...O..E....8...h=.........5.3,..5.dyD....G+..TJr0...#.$G...'Z,.L..4.......<.~<..............^=\!Hg........0_Tu.X..S.u.8r;.Z64~q.r...+..A.(BG.....6...rfp...t#M..U..c# .....a..vX...Adu...G.......gr.H....7._...x#l.#H......[NC.. ".`y'>.e......Bt.P.'Y.3......Y......h.y."..(..l...o....'.........6......!0..X...&K_~."@.O%.s8T..\...3....xo.,..<(P.....#..v.....:.!9....x.fJ...femw*..7.@......1c.Z...5JL.I(.y..6%.k^..../...r.c..~.!./F+.....b..q.C.h....[,.}.D....T..|.........r..3.':.}.. *P.O..j.(B...".F.....Ku..........%'.aI<...$..*..gn.c.?.0...U..T.n'Y#v...l...&...m...ZMEhz<....P....Px...-.2..F..U(..<r-w......3Y.. Q.l....0..+h.j.Q.Q..B.D.^ax....B.^W)....0...L...P._.K^Y.....M...<x.....R..dT.g.....Z....[3L)...C"..4..J,Ri."q:&.{.......;!..8O...ni*t..h7.L....... ..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37281
                                                        Entropy (8bit):7.995137790718057
                                                        Encrypted:true
                                                        SSDEEP:768:dREPnnXeCfaPRpc8b2hPQdpkgLm3JR/GPSrUvMEjMLCb0XOF:EPXe1bFrvI6vMEjYCb0+F
                                                        MD5:DDA936858ACB40400FBCE8AA338366F3
                                                        SHA1:823F24BA5EF9CCBC12DC7D9C2901218D538FA22F
                                                        SHA-256:110F315FE4F0A7273F359E2CE303B8D224BCA9627B50BD84D670CEC9E4D4961B
                                                        SHA-512:DB2F91B34E399A50228A1E103FE4772391AF69DBC476CABA0AAF3A846959DDEE2FF802CFBEDE13176D93CF70D994CBC8E67F66E2F65E59BAF1DD6A5E3FF9A39D
                                                        Malicious:true
                                                        Preview:.-.....z...e......knOW(......q..{....'B0I..O..w......Vi...z...\.wV..j...X\b.........p.....FH.....2N0........u(7...)..X.......R...E.6.J|.E .|.lg.......no.?..0....{.7.b[....A~..D..!.=..)ue'N._..q..$&.......F..Z....IS.~.M.......>....m...o<..@z]..Iiu.....{....0m..D....T....j..T.......i..4m.;...M.jevY..A~...N.[7.;..6....v.i.h..h..r.._.n...Ia .........'e.#...<9......X.<.....Z.K..f..#m.L....mh.....}.<m}.A..,>88;*.....(.^..i.}.|]..*.*...l.Z@...<...k"]..#.?..F.[.%5...n....$.Zi...M....x.+..}..&..U.0..?-......A.r..e.uSw52...>.Mx..B./...R.XoX$.|.....y[M.:.%m...M`.PZJ...$........'......X.....1..e&.........w.L.n...:..,.1...g.P.2.)...v.eE.{.BE.L.*.].......b....q.....M;...Q....>....L.@-,a..2J...7*2/......Q..Y.2D.,-...i.GSci{.Z.. .........D...v...?Z.d..j..R......phM..]....).Y..2..M....?_.....dc.6.K.`..f..w....\.s...B.4.-?.\.NJj....._.....,-0F.9....f...-.6}.R.....'{..~Nys..xAo.......%..G..D......5.25.v.5...i*..A....W.....(8p...."...1... ..R....OR.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Photos_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):31407
                                                        Entropy (8bit):7.994527370829229
                                                        Encrypted:true
                                                        SSDEEP:768:gDcKHRn0J5zMe78rm3ZuSIBMZPm9WzYDIoYu4zNvGF:gDbRnQpMeYmZNIB4MTwzz4F
                                                        MD5:99995979DC47D57DAF2C827CD20F0655
                                                        SHA1:93638668FA729BC36A52132760EE16102B0DB032
                                                        SHA-256:76AFAD8A2D5B68CB340934471717A117168609CFE5AA07F1275EB238FB5526F7
                                                        SHA-512:034344BC095FAE470DAD4F179BD0675DE9916E8A528F18694EAABD50F2123D13AF1031E30BE7E0CA8048B758C21663F2D8061DA02E40FC2D4F77CDDEB683FF5A
                                                        Malicious:true
                                                        Preview:.f.6.x.|L:-C*..TYg.y...1.FY..-..)........,.Z."PZ.t...R..0.....j...k7..I...~....Y.}.q\\u.;i..)u...E.}&.g.....6..n......B.)....-cDU56. ...|....9na}d...O@...Os..,.=....NOf.A.(..#h......,.z$D..oV..............L...p..90...j.Pl.....<....SDe.->..}?....>.{5!iL,Q../5.h/..Ep4.W[..A.!..1k.V6Fx4N.<..S9.g(H.l.....?.7....v..S..1R.c......\....~..v.F...1. m... ..<....`&9..x..........T...R/r..Y...t.n..)....8.7.....S..e{`.. .w...OP.7gO.N.J$...9*.'x.>.+.G..2k........Z.B...j......)...;8...n....$#.X.r.). ..Sj......O.["}.........?bQ....a..11&....@...6........f.p3.-l..rA..[L|..Y."..*.A.~..p.q.6S.D ..H0.y.X....w...c..^#..."..Ff.W.L@Y..3N.`.%..-vfM..47.....n.....S=n. .8k.q......Y...j.....]..cw....%.?*.;KD.a.6...}2<.........|..0&..|..!C...-w........>...>[..i...s&S\......1 ..Yn*p....-..!..t.(.P...j..w....c...}.D...`.G..SA.^.q..Q......T.....e..5..Wz.....-....!..a...9....|..I.....L...r..B2.?>.h."..(.n.f...l.WY.Ry...V... .n..Zi.:.........e..P..M..,.{

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37281
                                                        Entropy (8bit):7.995365720936275
                                                        Encrypted:true
                                                        SSDEEP:768:TMlRcgPmp+jOlwdehSlCk2MX7OrJ7b7OmsCPPFxLtFrm2wLqW4iESsuKHF:4HPu++wYcjX87bqSHFgLqvlSsuIF
                                                        MD5:D09CDCECE7E6B4C14B11FC1BC6695B92
                                                        SHA1:ED02EC82D716E2353DEB0B25C2FE153043C030EA
                                                        SHA-256:057E1E3653D421D239B93F36BBB816BB86E30863B4F2E9088339D314E2D863FE
                                                        SHA-512:70667F82D4F6CD8A3B1FDE80C4813B8EB7644EF2B9C4F773FB36D048583A7B269294CDD89A4B94EB20693314C10130794C33416F035C7A5957D875E0246BE7D9
                                                        Malicious:true
                                                        Preview:~kpAE..%B...~9S...v.&(sd$+y.,..s.....:...N...Gnc'......6..2..Y..j_.......2&7]...[.C...^..*(:.v....&..L..#....M]2.*..}.....Rh.........q.@.T.m...........KC1cj/K-.(kT...d...5(..z.ci..N..........d.U...&}...z...{..f.{..t..i"......'.J./.iF..t...RD5n.......z6Y ..rd.|"..v.k.8.G6...w+....t.&.ry.`...}.k.......X.Z...|..C.wVn.....@.....-.M2.c..f...cv.N...E...Y...).ue.+L..k.M./'.%)#....C.....,.b..../..4cx....|G...D..!..T..J.~Rpfo..&..j.....MJ.y.OB....6..+Z.C.6km.......7.=.fO=..b./..b......?U..A.7.-...t...Jo9G.....k...^g8.c\O...-g.r.0..XV..X...X..@^..1.F.$Q.k....M.ZO...../H./.1.M..Hj.`.Ju.I.....~...Z;.H..W.....+."......99Qb!.MGC?Q..Q..:.t.%...#./.'.......RT.2..".-..s".!...w......t.P.C..r.A....H.`.B....b.R....Z....<.a_.v.9...a. ....y.......}...=....h,.SF.r.l.....bv....B.$...h..jX4..8....i...Q-..kd...s.u.38...-0..FB3m....O.(..y^.1.h...C.?....%.pL..{{..H.|..C.pe....L.....6z..-\..".!...A........U...Aj.q.E...b.(r..AiSj.>.....l..b.....~.".r.R.{.R#..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_SecHealthUI_cw5n1h2txyewy!SecHealthUI.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8180
                                                        Entropy (8bit):7.978971851926865
                                                        Encrypted:false
                                                        SSDEEP:192:FEusA++3d67YTvzJYyO20Vom0//e9IzAmP/9NF:Ffm+pXJdJm0XDAwNF
                                                        MD5:95AFC26A39D530A1B22F5091E3180E71
                                                        SHA1:291F63108F75A37F89042908A60B812D681E39A8
                                                        SHA-256:49AAEEDE0BA06F16B8A8262E12AEEBFC9AFE43F13718C26521BABD14C37E7EA9
                                                        SHA-512:552A5023377E8093B6EB9BF11C0619FF68055F3C4F70BAC91FB2BE60FFBE88D212CCE61F92451A70DCEA949F0C9D7AB175969EA5461535463224589A7D903D2A
                                                        Malicious:false
                                                        Preview:..n....[B.(4\...,...K...s..A.?..P7Z.c...2o).;.,..b<c.}.../.m/q.]U.P....@W.%.Ps<.9GD..M.W.i].....I"w...O..0..8..}...(u.._..H...-......J.wW......F.F.,.8r.W.....9.3pH.-.Z...J.Q..'i)]./2.6.3..._,.h.....d.Md.|%.....s<e~..7.R..k..>&.<.....L4/..$e.Q..l........C.e.It.I/......:.e.e@.p..6..*!..OB.h....=.^.Ly..&52..%.....<.v*.5..h3!`=1..."=..........Z.->..h..y2.1...F.......~._...i.....j[.z.....1....._......R.....A...h...\]....E.I7^.` Ba]...HY~..H.sq.b.r}...d.x'nWa.Y.<....`|...!.,m....H@...w..0...C..ml.Q#....._}.-.,.6../4G.h..j....M.jk.}P..wH..xS....O.........w...$g....i.{#.j....1.c.l#L-...gVN.xG.H....q.....f.....9A2.2..%I.}.....5.<...[.|X7:E.)a.....v/._.w.\.0.C{%.ZQm'.Hs...Z. ..t~...."..o.....S..[...........$su;...;.K...@P.'9Gj. .....>/...`c*..b.<.../.%>N...6.\..?... E..8.,~4.'.qm......../.....p@..a.....<.m]..;F.?....Y.<..]u..N..G.Y......`.1..T.`v.r..6...:\......a...)AH..I....,z.X....U..G....+..]i.>..{f..K.Nj..M.x0..s~.H.)d.:.r.4{[~.t../.\.V{..A..d...S....h.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Shell_RunDialog.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37285
                                                        Entropy (8bit):7.99503981378176
                                                        Encrypted:true
                                                        SSDEEP:768:zVYruhQQUpYJM+eehsyinfvtyaArwfPejqPZCBRMyiitJTEoRyjSWLF:JYShQQ/peehsyifvty3wf2cZCBRxikha
                                                        MD5:C78E3DE1F0B324CF7CC29D080E6E996F
                                                        SHA1:3DE2FB816A40F2C23970A5BD65AD0C388C368C6F
                                                        SHA-256:4FE2BD8E8413944F74BED1ECD65801C2D07121B6CFD03F2FE6BC2822B7AC7EBE
                                                        SHA-512:D1E770D3647B5E16DEF804F5A0CA4B380B89A9A13FF4D473F821196069EF2EA3F0E2A05A7533F32CE9CBCFF7730CEBB8ACF342967AE8E00018D431BA75F84306
                                                        Malicious:true
                                                        Preview:.-X..Y..k....K..f.&.7.r.* ....Aj....N#.m.....#;...S...;.L....Oq>.6.B...U...HI=D.u....N.2.....m...R..th..@.>s..~.@q4.)..r.!6....D.W_..@.L0..E....#.C.0.~e.y..2......i[0..........F.{.9Z.. ..0.kH.u.G.}..1.g3..$..r.9..%.W.......lz.>..ie...}a....@...CAs.2|..........[.< ?.4../....8...*...w.E...{.en....[".y:.1%.T.z....p.e....([i...L&.Plb...o<.J..}.."S7.N...:.......8$.z_=%C.j..fc.......{.P|.4....(...~..5;=~..W..4...Vv....;U/.....(.+z.{G...o].qm."...r.b.x..Gk....M.}.>.@.Z...za}dx...dA+..RS.....1..M.w....pZ..Sug.}'.r..v......}.i.G..aZH\._U..Sl.....=sg.C#............*.B...5$..x.Q.^.X.........E..Q?S,.JM.W..6k}5)@.4....N..,2.....~=|s.g....&...j.38.b...|........q......T...O...G..F...'....^.n...6..6P..9..H.RrU".M.U{......feG-...pn....A..8..7..p..2-.^O.E.7p>k.ZLa.E...5.@^...fd.w.C..e..3D;Og.|...cP....#.....'.....0n..(..Qn.FC$.....N...l./0x.k...o....S.I.g.....O..]..2.E^..j*u.........cP...).!8G...]..4.T..k]:.v....j.../...Q.y..*.......FK.....w...y.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_XboxApp_8wekyb3d8bbwe!Microsoft_XboxApp.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8168
                                                        Entropy (8bit):7.9742610350149095
                                                        Encrypted:false
                                                        SSDEEP:192:YABExo8U8J79v1zq/JUsqjvSnthCGqlKeIi1Akz8F:zqxhlzvRjsEat8G6PAVF
                                                        MD5:DA1BD9F2BF9FBDCB375001AE47B34539
                                                        SHA1:76A9126115293CDA0EDB42717A0B06D0E26C6E27
                                                        SHA-256:6758B6565887D580ECDC351DDD3D6A7013C01FCBE0BDBCEE258D4D1BE1E159AA
                                                        SHA-512:D9628BC26A79FC935F5CAA7DDEE99735AF2E0ACDE0E910B676544F3D06A5CDA6585567DE8BDAEB7C7A0B899CA4BA6482263BBA17633D568FB74C14DA31243F89
                                                        Malicious:false
                                                        Preview:/&..ln}:..qu&~.g.<r...9...'..P.W.F....c..=4..7>f..kyP..,....{...D....@.|.1yg..6]V.9..X.'.4.5.jN..:Q.w0...ebT./...V.....b.(./....n..6.H..K..6.$..).*.<...P5?...[;..f......nQ^z...%..1a...Hi.......t...h ."n.V.bI..X......H2...[."[.........A4..?57,<m.Z.U.mX..v.r%...8.zJN.(?..=......@..$IM.@.......t...HU&@.l?.PB .s.V...a.^.Z.5!.C..a.G..KG]K......F...\..m0.4..fj..q.(..}.l..Z~.P.|0..S....R..:.0.....-.O.#.l.rIy...apiE.....j'9...8...zl\0:...Omd.....w1.a]M..a.xVF..U....fA.Q..eK.&^....Z...........s........o.0.....q.p.).C.'...T.3.........<..r.<..u.o.....2./...k[.t&,l...<."U.....b...A..E...7......L......A..9.....N.e&......R.:..a#I...f......DT..O...'u.......9f..[.....0.C.t.;]..G.Z.T].Q..g"D.P....K.,m..'[..i.O3......K.....b1....#.w...*...O.Y.......27..Cd.:.).9...x....9.......]o*.t..G~..S.h.}l..".......lc$....*7O...3{:.......b~I..o..r.UFz.....c[...}....Bh.:....y....aP*.e.'n.=....8..4M#.C..\H.^ ......-.v.P...%.O.]...xu;SG3C..K........7{b..f....4....1...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_XboxGamingOverlay_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8183
                                                        Entropy (8bit):7.974477459649981
                                                        Encrypted:false
                                                        SSDEEP:192:+fsxt0fIs4XG1VW8G9v7p8Sad+wDikLH7Xx9Np3yvKeNclxx3F:+ftfl46kDCSad+wDi8XxrpivmJ3F
                                                        MD5:E8A5ECAE10750DC7CCC7C887EF695A4F
                                                        SHA1:BC46369CABB776E6C334E2C1BCCB021CACF0326B
                                                        SHA-256:89A02A56E04972ADF8D04682EADE478308DF8C84F4AAF497028BF685EC44DD8C
                                                        SHA-512:28B1C086145809B76441B50B0ACCE8C13AEE14183C55E836F363B2949908603426236BAD9C7BF29E8B1A921FF9F7B6105A0D74B30BC146A9C0B0264A6D2970EA
                                                        Malicious:false
                                                        Preview:)p..4.W+....z.y`.Y.J.;...P.p.-z..^yE..sN.`0...7;..Zr;...f....ook+l^`=.x.[.[.\tFPi4>`.."..R......i&.Uyd..*b3...0.....u...o..+.....8.D@.G......V.....;...L.[...2yQz....P=..~.i.IA.8 .B..e.AC{x.J...e..%.1..V...{.Id..AP._...~.I...o.Of.....#c......E..`V...J...........@~G.../.r.H.....n..x...P.$`.h.....7.c..8.M..P[......E..55........s@.[%l.".W.Y..3...n.}d..tE....0.%%..+...=.G.....7.......[(.Yv./h.h&.`...-.......(Y.*.!.......pW..9.b.4..D.y/q.3\n.Bh..X...1.m.,...o...f..0n..+..t..... j...z..._....m.w.+L.....XB.M.2v..p......(..".@|........J...:..........."..Zlr..t...u..2z.....U..._..z4.....rqGS5.&7u.rP...,.x.&q_.g..r.?..s.......o...s...WP.[.!.9m.qJ%....~.P.i."...5..%...!=...q.@.:.....&.k..U....`.~:.1.$[J.....(.....J;.o.....Z.G...WL..0..)X....6yr....+x.....]....[.r...*..Df..>~$MN..b[.....LZ.%..!.....B.b..~.jj..]..<...Nu.[.....@KwR|Yj.+....m.8...,n.2...z..B.'....F.E...F.x..4.71......G|o.}.rc.|?5.....(9".....w..(..*H....g.~..g.....y...a..f....0..,Q..C.L.I,..nZ

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_YourPhone_8wekyb3d8bbwe!App.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8170
                                                        Entropy (8bit):7.977188891425818
                                                        Encrypted:false
                                                        SSDEEP:192:9gwxCa/yLgwQpbnchR7riantaXaP/Gm35l8z05F:9DW4nQBunaPJ8aF
                                                        MD5:633E5AC8FF432C1839209213B3526224
                                                        SHA1:B1FDE0C4C3D5460F1FC2989D43CD9A7F9412884C
                                                        SHA-256:EA36D5BC7E5C33F265A8A433FD7E1FD597458CF8282288B155CA60EF16C7E925
                                                        SHA-512:C56B5B3A9CFC001C8EF4E04B88EB4698578E40C42422A77337D16664B89B1B25108CF89EF6EBF43466E95ACCE2805B0591AE049D90752F4EEC70AFE5703BFA33
                                                        Malicious:false
                                                        Preview:.j.)..8.r.O_.....< =g.-g.y.T....x.....zp.y..^.6>..!.Y.:Ej:...Z..v.....D$..;.i..q.*...Pu:..n.s.3i}-......Z8;.V...z.RU.c.......H..u........n...^..M..^...FC.u.....-.8.;. ..c.. R.?.....:..`.N.W..3.....7nss..X...D.=......O....N....U....[...7E..p..o.k&/...F.....b...[.^.S...bnB...".......@Ge.{B.;...7.v..q.......^|...p...Ci.y.......V.B.7.....bd?...^U[.1.c.W........W2`.....pL.SE#.....A..n_.x../.P-.F....cJ.27..i;`..Qm...:.G..]v...Z......;d....n........(.b.w..i.:z. ...s....kY.R.w.....&o...XR...k-|X.J..mZ...f..tA~.8..XOY...$.....e....n.$.5.k(.(j.&.."&..I.k.C..x...x........Q.P....$:xO.0....5....b..u.s#.......x..-W..K.s..._......C.@pI....p.v...r;..]..[.L....M9.+w\..l...)..../9%...P?..D...#~~6..G.r.u...`"..-.....^.....A .ez...#.x.1......S+.....O#n...J....W+2.x.r.."..i............019z]A...)..v...d.t.Q.48..#?O.h.1....6..%.|Pl@.....F.8......,/.$JdU.........Ak.>Y......mp....d.........!...(........>....9................i..P.[...@.B.}....{...R....:~.)*...&.e].

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_ZuneMusic_8wekyb3d8bbwe!Microsoft_ZuneMusic.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8170
                                                        Entropy (8bit):7.9798441783051715
                                                        Encrypted:false
                                                        SSDEEP:192:LekYZ2f+gVig2iv9k2F5jsLO38pY+4BzrNr5aB+B0RM5/yP5F:Ll1+Wx+u6LO3OsNBJ5qP5F
                                                        MD5:62C35A0E3E79E675DAF3D28ADDF7CB63
                                                        SHA1:A4D5EBB55AFB4D642116322A1E738060851E9B52
                                                        SHA-256:7B3BB86027B3953F5311F367107CE59B56599949C911F17C423A15761689EB4C
                                                        SHA-512:6A6F9BE33BA34426B55476033F1DA0C772808606C3C484D13E67999184ABCAB8253CFB448263B7377724B4FAFF0E2D27BA6A87717DD8475EDD0F5708C649EB79
                                                        Malicious:false
                                                        Preview:l#...(`..o......`. n..*.!.s.T.x?...F.X.c..h....Zg..v..Q..$.....za...i..-^....J."}..@|*|R...l.v...2F......+....7`..P....zZp.{].+e.=.k~.....WU..1!^.D...b.p!.O?\&..-]$.^.$.O0T.8@..._.05+.A-......pz%D......V..o.Q.w1N..u.C.&*..}..j,H...r*.+(...s5.>r....S....F&..z...Iy|.1...`@i..i18.|.c..M....F...K7>,KG....e.%........;fF|..x..$|Jj{.U...|....1...c.f.@w...jAC~..g.A..Vc~......2;..s..{.<=...q.H.f.w.t.z.6Q1......>.s....X...F~..q.Z.i........v..+.~...I...M.?...\T.U...r.- .a.;.9..Y....g#.V..m....V9..V'...D..#/{.T+......U.).K.....}.......q'....t....J....s<.....A-1..b....,W.)QT......{.#....(.f..U..8i.9.....w.e....s.Zi;N*-J.@.J..r..Jz.K....2..........,_.w4x.X.....n....(.Z.......G...E.U&.=...}.Y....6v...)9:[......=..=/r.c+M..ES.........%.0."x..57@..D._....`.^./.....ubRN1...SZ.P.a ?..e........;.....B..:.I.@...K,r#..X.K-...|),.2s..b...<w1..,...{..TuP...x.MQ.YQ..}z.v.....M.%....Q$.!..@.R.o...Ff$j....E.!....$.........W~.c.OY...6......H.`\j..H.N....K.*.R.....Q.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_ZuneVideo_8wekyb3d8bbwe!Microsoft_ZuneVideo.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8170
                                                        Entropy (8bit):7.971023473141706
                                                        Encrypted:false
                                                        SSDEEP:192:eNbvQWuJcP+fZQo4/Mpncqa6DldSQ8bxB5mdGNF5jxcF:4vQ7JNI/Mpnc1IQ7bxB5msNF5WF
                                                        MD5:F5C51A8A9209B555D8A1B4A8977DB665
                                                        SHA1:F4D1FBC4CD7AD1A87CFA86F72DDC767FF9FF2BF2
                                                        SHA-256:D40855D0BDA5596846C191C8B585F07E07F26E20E4386F02AD6770B37C25E872
                                                        SHA-512:2BC181BDF44EBA834C14239457CB28C644D2A6530B9FD8846476D95F27CC1BF6F36A54A832F2E1AD48B5F166BEF44E4FEAA56BF3538392CB347B1F91071576FC
                                                        Malicious:false
                                                        Preview:..............,!..-T..ch...l9.q...$.OC.........R..;.Xi....9....5+..Q..c..WZ.....F.]...Y.+..]3G..R.KA.....E.^../2c..@G..@\.kM .q.}.....~Ca\d............/....o.A.N..Q+Em.>.5..N.....ecL....SD...E..s...`....UlT...G..........fv..1G:.YlM7.e.X=....xJD....J..r[.E...<.~(......r..C.y..e.B.`u/.U(\Y.........=..V..q.Ib.1.H.-./...8..ya....)..O".vB4..2.(j!..vH`....+.......e.\30PB.`y.$/U&............T...hA.m....Q...........f.s]..".4)....!v..A"o...f...@.Y.......p.^...+.........#vz.@.)D..I{;h....jf.d]...}1.J..Z4`...k.>Ps...K......4k.^.FP.3.+...h.6e...]w..6.9D.N..+Tt`...<.....hdNA=.WK.}Tr....7@.....H^..@..V9.]......~..~.....])Fj...u....p9.#....R.....T.N.'.... twQ...U.L..w...........P...[I..k..(...3...%..w...uJ..C.&.h........h..GA....Rvu.........3P.^....'.?.n8vV.....~..Q.z.h......t)S..U.aG..~^..e|..S|gi...w..u..b ...Ky.:.r...[..7.}.?p....c.}\Ci....2.Y........p.>#.f4..|..y..3w+...3.6.u.h...[rDpJ..6......F...Zu..Q.|...).,.7.&r.<....N..N}..2....G..Y..A..h

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):37258
                                                        Entropy (8bit):7.9943175515045635
                                                        Encrypted:true
                                                        SSDEEP:768:504P4xHmInRi6w6KmGqkmiVVEd29kibKaSj5M0mEkG+6TdztF:S4c7RC6KmGqbKVyelKVe0mEsEdztF
                                                        MD5:4A45C05E97ED37B1B68CC39F9D4CA284
                                                        SHA1:42D1D8F2C1760290EAAF29BB714324BAEEBE7B7A
                                                        SHA-256:397E1730DC31E547F75F5CC6C3CF7BB12C1A6D7386392ECB56931D8689BE586A
                                                        SHA-512:9B93E72B8461B8AD102CAE7FB5E36B04A23EC7A21F591B187F9EBF38F9E618A6B0C03897E7352D6FF27D89042167C8B56CC58B7CD8457D7AA3E8DBED432F00C1
                                                        Malicious:true
                                                        Preview:.6e...9v:.K.v.mr.9..]O[).....&..q....%U.^.p.^@PJx>...i...#...fN..9...es?....I..@...@...=g.......gcW...n.N...2.....$.O....:?..tD.f&.Gr...>z.-...Nd...'.......&..:.?J.')6qRS...XD..v...2.....V..<.7.......U........y.7e]..^$Q...`..n.\B..%A..z'&....X.vh..H..d>..1/!_|^S..4.....z;.F:RUq8.\0......Ma._*.8........9......H.....^..C...W..n.9..q.#..Ar.A....!....X...R/..{..D.~=..V/3..HZ..t.A.h.....J.'.......,$B....*Waqp.OEn..l.....".wt.2 ^O%.h.........u...WN...,=......3..z..*..k..t..a.l..=.P...X.^."...}..._2u(|.w..........5..N...kK.[.....v..)..?|.;..6.D.N."..o..Y..........qu..e..Rh$]....a7o..%.#..L\..l....B...&..........:XZ.)......s.._I..dw..L.ai.V`5.H.=......].....S..Q.H..X..?.7Q..x..Nt......x..._....UC.NK...K....6...P..|%.\.y.)..x.cpvTt$.....B.A..gX.B..\?.6...X... .d...8e.y0l.:..q.?...x.f1>..A...].z..w.6.l]..5.4uT.n"..H.N..\.......-...X............Z..G..C:..c....y..efC.*..7.N%.8..9.=...F./..l.D.(_.....\.,....p_....JT.r..m.".Dq"...!:...T;..d..........M].{

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37263
                                                        Entropy (8bit):7.9953187082948345
                                                        Encrypted:true
                                                        SSDEEP:768:X3j6ygeBWiIoLCtq1+MFHC3Om0dhwMSRxjuPw7DFdiYyVtk0cMuGEUEoVoF:HOyCs1+uiONu+iFdkVP9SoSF
                                                        MD5:4BD9E8DCBF25929C197AF135B9DBFB6F
                                                        SHA1:5DA430888B441B3609EAD7D1A896C4781680FFB0
                                                        SHA-256:B786DA733EB1E5832C8FDF6896F539B288C18655391C767D8F6D0C6DFC3C7A72
                                                        SHA-512:8A64675D526D094B28FD878E898B83586B5F1EE28D2D2C87B96561109F1AFD3CEEA283BEDD79918609CEC2E9C0CF10F9568B016EEB7368E0E1C7A8EC9437AA96
                                                        Malicious:true
                                                        Preview:...(...x.X$..r...F...W.T..IK~8_~!J...T..U.b......4.....i[.L.o...T.)&.j....^.Fm......$..W]=.w.tZ..L.=./.u..9...D.~..f!G)..=;.L..y...7k........"...<..........A.[..r.|.>.......RD.K..|4N..RQ3D..s...n.q..$...L.!.4.h...%w=a?5.n.c..w;B.M..8.yxW.....V .;..w..nK...q.M.....(.{pL.j....B....'1[fUZ2jK...........q6.......,.S.4..[.......$...q.[J.+_.Y........g..3L..K.7@O..&..........L.....U3...hS..=.=*.+......mB....L.'l.w..7....i..<m.........%.V.......d..r..;.j...VO.N.k...3.....Q.%...D=A..Q.m.+M&8..N..-..L_...+J....d.a..d+....cH.z..........3...g.R+.q....2,......=|d...P..o^5.A....Q...w.{0.%.FD.A..3U.s.Q.(.<.#.^.T1..).\..P.2.^.hy[......,.{.a..fz...v.-..L...[6VT.QS.:.....v.;......Q........`o.....el.....U....BVdk.S...[...a...3E..;e....."0.<.-.G..?.S4...R..!|?.....g.Y.LVr.m.l|..k.<........@......l.n`.C.F.Z..T*.?R...f...+.X..u...Q..fC..u.*dB.`;w...Z..36_@F.dv..1...Jg. .y.....L.hm}.(.Y.j..g'1b.!._.h.QM......0..]?7..A)..SF.z.pg{..c.k....?{..:.o>qF.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_calendar.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8200
                                                        Entropy (8bit):7.977084237221345
                                                        Encrypted:false
                                                        SSDEEP:192:GMaHCFhz9S4RM4MifKTKtLi+TMfEbZGN57hneUjkZd0UypF:PxSl4Mui+TmEbZohneUIZd0UypF
                                                        MD5:ED7D5179E0C5D1E9B9CEB7DAD18BE927
                                                        SHA1:A22F5549344234CC71D181B448E9014224C6B982
                                                        SHA-256:9D100C8AE93E832CBCFBACE100D61928B863C3309D33C2C8E1AED243A166D3E3
                                                        SHA-512:710F25ADEF30EF9631A31E4B1EB8529FAA86947BD6A309D6043CFDC7314DE027ACAB84E82ABAF03CBF72CEEF0EA9B887DCFB528CC4B6209C20970C90DF2B4F56
                                                        Malicious:false
                                                        Preview:o.4..I.... ......@.....U.&n.G.c........WZ....Gc...6.@..owx.p.m.V.j.'7?.Hf......w?...V.>]....5......$... ./.Pz...<.d.`.Pr#....R.....k........-.....x.r.j.n$....-.<Q&..Fz...<.3.kV-=..a....V.{.J.B4].G..9).U........^........3.G.E...t. ..NI...1(.u.i0.rs.)...!8.=...1`>....4.Uf.G..i...".,c.j=....E.+.e..{..f.Z.....DHs.^L.5.r).;....t..!.Ps.&.P..R...0......dpY....G.....F.....{u...._.....;..h72..cI.!/...6.....Qr....... .G.t$Y....d[..a..z...:..1.F.|..O<.Z.k.^...y$.f..]...!x..J..-UU....e..Q....v.E......w}0...].......8.d...4.'|....4...OM.m.....A..f.......)...B....[....}...G..g..G...]."..[..T8...5*`...F@@.%.J..W,........5({..J....B..v$............#...d....<.J..b.....q.E....O.w.v..^..s...I.i....|.....\..%.7d....Dp..........{ ...f..n..u..r.{.e...o<...W#..D.........[.}xf=.Za.s.)3..YWBT...-.k%Qe...CG..v...`rh...`..H"7.W-...Ji....o.h..D...C.hO...}......d..A}....bql.Q..U.y5k......L;.......U.gD......W..Q^.R(.j4e.....u.JO.Rh.b-|M}..@B.a&B..z.7i.O....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\microsoft_windowscommunicationsapps_8wekyb3d8bbwe!microsoft_windowslive_mail.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8196
                                                        Entropy (8bit):7.973811872853397
                                                        Encrypted:false
                                                        SSDEEP:192:hfWYJ9c+t4cOvhQO3LJV3eRtdVOPLoqlsT0dHrA5dX0aM3F:lXJ9c+t4cOjLyvVOjdlFdHrA5daF
                                                        MD5:AC843EC410906C9D02164D6EA0841E77
                                                        SHA1:119ECA099CBF6FAB1B493412CEA26D125149E00D
                                                        SHA-256:0720E66A69DF998A6DB6AF5656A1C80207EEB84FACABF197887FF8CD9A703190
                                                        SHA-512:84DAA1AB6129C2B5B06ADACB8B5BC0E55B70E45E4FA45C39753194C31A871992481F99C7B9C71EF88337B97E95D33DB5D849D0FFD04DA6316AC6DC7929135F91
                                                        Malicious:false
                                                        Preview:..:.QUK.(02.S..Y.QC...R.p.G.G....8FIS.d.wkF@D.(x.s*~..X....b.....IU......gB4.(~...rc...z....}+.....j.qY ..1..m...TG^;..w....5C^M.}..[..n...5f.N.y...]n.......{WZj..}.8.h..%K.Y^..h...Sv-j.+1...5A.L..hN.n.WB....1..7.b,...o....+.=`.L6m}...N..$.....E...H...M...# .qnt..i...4.....G...M..+k..u..........Z.............s.[eq8.......VR.\;n....7z%...9.l.....9i..&A1.......x^.....:)I..s.".$....X>.!........?*......z..Lc...(.S.YB..M.@.b9.H.Jc.E.U....Y.E.C.n[...".2.O...M+.n.%vM.A.....!......._Cy..c.&.C...wX.6....G8<..P....fs..7.?@.iv.K...._..7....Q_.......`....`9.f!m.6..U....]0..]..8....I.....-t.../...b.(*...M.._8_...g.&....;S..rth.e7....x.....Z-#.0D.v.[.)o.aQ.....4....0E.. ....x....;.%4.sD.k...(...lX..:....L_....:..pMX5.4.....$......2...x......'.u}.1w(..Y......;G.....d.t.&us.$._.}fqA.....f.~F..5.{...(T.....22..s..j.....]..'.[.J.<..v.......*.=.3]-....D......6n...z....A.....!.F....ng....82.......M....:Z-...}..F..Mh.e..._+...f<...C........R.....ql..Q1A

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\windows_immersivecontrolpanel_cw5n1h2txyewy!microsoft_windows_immersivecontrolpanel.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8192
                                                        Entropy (8bit):7.976454272234838
                                                        Encrypted:false
                                                        SSDEEP:192:3M5XM8mwLeQwy5/uCirJOPXQu/f43Glszczvc7G4ctIklF:yXMYb5/uCWJO4u/SzczE752lF
                                                        MD5:7C24523DDAF20D3073AF578BE74D366F
                                                        SHA1:347A5DCA56D05FD74B6E926C26C225B3562E0DA6
                                                        SHA-256:EA47FC35EB93913A61D8F67F77D2AF6F78E4784DB3A4531E63FE895578486AED
                                                        SHA-512:EA58C56C62B4AFF71037472A6B431AEAA2AF94BE931548D0ADC1591CBAF577E8B1376853A2F190783DE92B20FA8E334B04601CC55D534AD00129650E147DEBB6
                                                        Malicious:false
                                                        Preview:.b\z.....'.a.Y..R...o.c.4...K.'.2.R._.82_[.qD..$..}..:n};..k+Z.\..".z..2.....Q..dK.....qs..R>.......v...3.AJ"!.ch.9.PV...l.;_PY...{.Dt.*_.a..`.5D.).....~.......yB...3.:.mN.C...6....o...c.SqP..&)0..........W..oZ.A.P. ....A.6_....dj.z..!..O.-l....B.2.e...]..~_Y..WmR.fyqE...Kdc.=8.d...;.....}...|!.%..q....V\.{/..a1..=t..3.....t..i.9.\#.4h... .Dt..x.0.3...'...d....~-B...1J=.>R.p#Rb...8....I..c.....LSj..V"O.w.0....`.*.o5.~..D.j....C.......S....U.z...F.:..?....+......T.!..]..P....tIifE...Y.....;.w.M....hD..4.x^].q.>...\t............,.9H.l.7.A:.O..n|..t....&q..ir..*..:.b).Gg..s.ai...h....<.k*...q4AooL.]>|d......~sE..Ma..obAJng..`+..D.*..zGmNb.Q..Y.....*..e.?Chz..'.Lf,&|y....f.}...m......t...;(...3.A.([w........Y..d.,..k..(...H..|.u.O.8f.k.L..].0.)....i.?..=z,..nP.-N..t...x<...J...t.......b.(.=....)/...0..s.N..T.B..u./..l0.......f{........$`.$...M"k.r...d.oO.........w.ze.~.-m.Od...V....M.....5)..8U..x....rx.%J!0.p.`"}'.,..<....Y#J.....'y.R&1x2W.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37300
                                                        Entropy (8bit):7.9955610192053586
                                                        Encrypted:true
                                                        SSDEEP:768:ScAc9fic5xHkvfJQTfuGF8gDP8rH9WO/SEqVDHYl7ate9Kf+96LCHYmtxa63i0i6:ScAcZiwux4GGCgr8rdWO6Eqx4lOcKv3Y
                                                        MD5:BDB4C4BA8D5136DED91C4E04DD44FB98
                                                        SHA1:7937876BC35285394ACD53F5C50D805703CD4EE9
                                                        SHA-256:6D4B9AE172DF6A55CC5730B7002D2FB05758224910585E639E00057CEDD5E68B
                                                        SHA-512:664486966BBADDFE74DEEA32602EB6EA68BECEE4D4B83185179307D897E204C1527F2314B2D80D079884597D56FBE01F642D1CC686AFA18CBE671C83DF6B748F
                                                        Malicious:true
                                                        Preview:...V.1....'C..6T..P#..(.`.R..N....C.A<.. ._S....q.h..X.<b@..^hC.)%)*.C......Y.%...i....t..}\]...j..k.4X.{.Q...\....04.J....a..`..bh.t..U....o.$V.>..q......U.sG..q....!.Y#..>HK..^h^.8{.:\_.(.3.7.j.L.0..L.M<.;.....vN^Y[.]..E.....7)..I{..c..../...Q.AE..-......\..(UO]...Q...vS.).. !...{.4.C"+...p{....Z,..F.h.1.(...0.]t...z.#..G..9{..I...QuF8..9V'.s8D.....c..T.U..K....._l.?f..o......rPbe.k]..sf.<.9.).W'L.....`.{.vx..R..........7..t.Ul...}.%:w.6.<G")5.F.*....w..%mD...(R.V.......:$.N...L.c...K3..8..g. ..^r*0p..Cn.v.3....Y.._..@8.H...c......A..e....Dxy.8a......XFn...&...Yr..z............iU..<....... ...]C.a.."Vkc..\.SC+.A..3D.n.^$...&._V_....\....Q..>5.....deB/...@..%.oh...\..pd.vg4.-.-77`.e.(...\...<..'.6".'&..[./.y.=;..^.h..O`.l...g. ..w4u.Y|..........g.D.M.tB.B.}L.`E..v~..d.J4V..;......T..'.......?..l....i.h.8..+..~.,...1..3$&.......=4d8....q ?......9.....OY.E...{.XP..J9l.L.A.......q....Z..J..j..Fy....]......Xb(g........4d...)(...\

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37306
                                                        Entropy (8bit):7.994893883478441
                                                        Encrypted:true
                                                        SSDEEP:768:Ad0LpmkKvl9czy8cKx0PT3jIZYWZkmhgVmr2K2DyMBYOTjnokF:Ad0LpUl1q033m4VmrQBYOfhF
                                                        MD5:4F1E95C2872B30580880049E8EF4E991
                                                        SHA1:764DFB2C1EB0EEBAC7894B27E37C41F4D1CE5EBC
                                                        SHA-256:EF6487B42433EF27A2AAF5840311529F28567487F2B51F71755C88BDA2F7D0AB
                                                        SHA-512:69AD42CA0281815648405F27478A806A4DFF6445689928115C0FDC25EC80BA1F54488FFEBB51879787CD343D9125F6EA201722AA7B3B4D111DA69F335D734FA0
                                                        Malicious:true
                                                        Preview:.6..ePp....;......%5+...o......G.....^k..........[.QYu.3........Up2.k~P..._.@...`Z`/...M.4.`...G.Q..]z.C.k...Z..\+k...g.I"../.......%.}...%q._..*...n.J.H.r.dbM."r.#..Rx...j&...X'"$*OX.Uw...t....Kh.....t)......K......[X"..=."..Z-.O..?.@A..H....1..f...1...j.4.MT9.1.&.F.....DD.":v.....9...../8.V.+.!..f..u...y3...Z..7R....M..F......^..bM..{'..4....s.....3...b.....V..c}+d"r....x(..$.;..Y$.p..f.F..k@.a..n'[.p.O}..zZ.6RM_.k.\.=z... F.vm3'...c,."..^.W|=d0.[DY...4.0.....%`).....J.v......x......w.}s/@....0...$*d..."^<.....[O.M...$...s...Jz.|.lk........>..6].........N8.......c%....E...J....@k.`#.......M.~F....).^...+"Y.._....(.l...KS#.))l..{{..8..`[-w...{U.2l0.@.jWb.@TN..Z.....k...._B....LX...x........".W.[qj.h..%.~..u.=.Yw|S..T....s..zOR.>...f.a..).(O!...T...<[..K.....X}......B.. ....{.WJ.b%h,.....-.....!...f.FH..o<m..K.D"r"q.~...gM....1=]}...."...nss)'X!.#..vU.x...bn.7.(A...5....BL..."....._.7..re..?..P...S..\J.....[.j..1.z...O.+.-....&D:.....[..:Z-

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37307
                                                        Entropy (8bit):7.99524114227431
                                                        Encrypted:true
                                                        SSDEEP:768:+b1dQtBUXItUj0Kc4lNB0KjmpMJL2gtxleTRkxZunOh6KjMF:+ZIW4ty/nCO+MJXtrfjuOh6SMF
                                                        MD5:DF8F29163E654E18BC8E3B4647A3EA19
                                                        SHA1:15A673C767EA1E38CA644A34F8F09D391F15819F
                                                        SHA-256:74A9687733716087E3DAC9B9E03AAAF9B2875EDB0D02CEB3F04E75DAE43DC5A1
                                                        SHA-512:6924ECD85496C6DD32E1A4BEA4609E3FB65D08BFEA60048237C5D6E74C4A1E9D32AF247C50399194DFEA6C87E39CBCB26769D85034E7830C0D54070F91379CCF
                                                        Malicious:true
                                                        Preview:.9.u...`a.....p....8Q....V..J4....v.f.....Jo..g....q..........OQiHM.`.w4.|..&}>..zz...s......t...$....=U..c...Y"H.:Z~E....U<D...?).pg.>......0.]|...5...1.......D..!.3.0.s|..W>.F...YW.&d....gF......c.........,....2. .Q" .A....?........B[..+x,.a."<.?!.J,?.....;A.#Uk...6+.|.Y..4H.v.n.}o.Q.c.\.\x{Mr.s.cQ.%6...i....@G.Tv^...l.s..L...pe..*.-.1....7{...R....{..1..(.....X.K.K..9...*ssi.T.3s..Vp.( @.a.O.r...c.3v....|....10....H.s.7(.......c..T.c.cRC.M.%.}."VN........w....S....F..DN....}nM.L....4P..v...l'..sw..o.....r7e1.^5.Pk.....RZI...Nj...(...e+..8...L(.}.......@..u1..w&.?....}9Q..q..!..Z.m..r._f.{. ....8..|...._ ...i...)......CKI7.....;......Q...C....QM.6....D6Y.D.tM.H\c.j..C%.].k.D...MVy..YJ...k.j.'..<T.a.v......4}../..8.Y.u.n.Gx..t..N..........W...%N>....U.:..:)..6V:.Wv..J..KQ...r..,/.k.y...4!5.5=A.... .a;,...).............w.ta..Z...~...1K.1v.w .6g..3...sH5.6p.(....\+f.......k...}Zr.2..%.r..Hh.M........TS.6......?....N..~.Bup.EIeM..l|... ...s%..|r..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37294
                                                        Entropy (8bit):7.994500830575016
                                                        Encrypted:true
                                                        SSDEEP:768:DZx50sCWoUqP3adEl10xco+WjYt4u3OKypZgCSfywabjamdMNnB4SszsUQYxyG1f:DH5joR3pl102t4QOYzyn+mat2SXOyG1f
                                                        MD5:EA2317BF2588BDAECE65C86A494377C4
                                                        SHA1:9999E3EB1399B370CE7A46110C4ACE945F9481CE
                                                        SHA-256:F38B0819C737F543BDB15A728F2F3E4202E76E84CACB2FA9D85D6C9738E0BCDA
                                                        SHA-512:725FDC811CC6BA8C5F4BE257F6003D5B6D41A28877C8A31A9AEAF7035761F2EBAA7325F4C908C9CE6A97449C491DBCFA84210711F2205AE0D4E4F06FEEA9F356
                                                        Malicious:true
                                                        Preview:..{X......f...k../..9z.[{$.........d...`Q.....i...[..G......1....c*....X..6 ...-Al.3I.~...0..5'.........t.BL.C..{._.?J.l.....I.Sf.{.+.]..q.G..cq..=.@.......L..zdT..KZ.O.....E...=........M..|........5y..]...s/..w7.+.J..TA.....?9.8.....S...0q"k.B..T........LWY....I.">....h...9...8....e..?..'J.......p..}%..v.....I.hO....M.C...8*.#..7EQ.#....9dT7/mu.)...W.>..f*m...D..M.b/jRl.z.2/........u.6.^&%o_.....`..c...?..k.N...%..`pM../.s.C.S|....6..#...s..j.jQ...x.su.f(>`|.kv...jJw^).b\.3...>F~1.....^..<.........'g...c.v...e~.:t|.]^..D[......~OH;..*..D{.QD..hQ...._..BqW.%d*.g..[v......?T...B.G..M.....qZ......&....f.h.u..w..(...(.D6c..AZ(7....B.\g..7.t.n.!.O.F..0....l../EJK,.E....(g..)..+...Y:L.az..C p5.S.c1....;.f..&....d-. P...J...x=.C^A..{s...l8|Z...,z7.<..K.K.i.M<..:[j~5..V...%#w...mn6..........cSq-.HJF....T....`..$..V1&.Mb.........[.m.cT][.VA..`.X.#>&L..m....7..R..U%.r....tz.Oy..U79..(...&==..|........@,Xf...F..la. (\..:..>o...6.Y...5...Y.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:DOS executable (COM, 0x8C-variant)
                                                        Category:dropped
                                                        Size (bytes):37293
                                                        Entropy (8bit):7.995630695896478
                                                        Encrypted:true
                                                        SSDEEP:768:CHkXCdX7LBaZbbf693HN7u14a6P1vd/61dpBJiYXzkAzXEF:CHkSpaZm3HNyGDz/61dsYDpzEF
                                                        MD5:73DD911791B2B939DC42E8650C98A658
                                                        SHA1:7AC560B8E592AC841C3DB095E036452B6B1142E5
                                                        SHA-256:03574CAC5675C81D80E43E8AC72B997D04ED4830DF770B12818B95268A8CF20B
                                                        SHA-512:41F7C05E278E3A0A51A98CC12C8ED0D6B6C814B3086A6A45471830B28EE265D7DB5BB3496E2D6E205A5E3153A5A5076D46139796024B7D7C2CD33CD83529AF7C
                                                        Malicious:true
                                                        Preview:.....`c...;.1...}#..)..uC.....n.U....../...}.;.L.h.fT....[.)e...x.}$.a..fW<....#a..6...r..a..)..f.S..e....'.......2.e`...iX..E..37X.U..'0z1EhZV..@2:.}.V...d...68X!..L^'...i..>...$..(lg..'...._.O2U..).......5....jJ.h..y`.F.5./T|=j.R.....A..#..m...r..c{..f....!..'4_..?....it..u#t.u,......Ms&...I..7t.L...f.l....RCq.)..g.........8..GgW.`...b...9..\P.\f...|.W...\..?.x..YH..........CF.~.6!.B.,...D...:=..U.....g.[y&......L.).'..............0.q.?.AOo.i...^.G.(...0[F._+*>..3z....7..K...R..v.!c....M.....AH9..]=Y.......]#....Ny.h.......L..N@..X.o.N.7.B.}...kz..mC.~7P[.^..}.U.kI4.%g.2.l.<...~.=.I....`...knz.eo.O{8....;8.EQ.Z.^:....'..d........I.2.T...J.a........Nwa.u|.D.....e.....v..../..8.......Ps.Bss.!g..+...N....Y....9....(5 w....-m.1....e....~...+. .....m...b.p.*.b'...d.pC.R3j.~..&J....>.E.q.Y....&.Ph...?.D.!..=.EJ....;k.....t..K.`._V.....^Ks./......L.]'./.c.].0$N7k..]F....lj....I0.....Fl...~.......D.?."gB..!...V.KP.u.X&t]

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37328
                                                        Entropy (8bit):7.9948466404186
                                                        Encrypted:true
                                                        SSDEEP:768:WnzO7qhLi76KOkuN59kZ4uk3R1gy+F7RfjR3ndAeBQavwpb0F:cFLirduFkveR87RtO8Tvwpb0F
                                                        MD5:B35FFD4E1B2559976DCF245021393119
                                                        SHA1:CFB5EAB78120530F99AD3FFBD76C52CE5CA496C3
                                                        SHA-256:A3DC1F058B1246A340F91C181EDE5DCFE6E002D5A1909AB9B74081B0F90486DF
                                                        SHA-512:15055653028FCA6320887AEB3BFFE9D3E5E352CE67F9410077A00F2814179A541E153471269FC16750F97F1378507CE03131FCEB428C1F33B9C70CD01C024E81
                                                        Malicious:true
                                                        Preview:..Q`.....t.IA..Y..7..h.XM./.'/....Q...@......Y.p)....I.[.u#./Q.%....~....>..F`..^G`.e..ZK5.)7\..R.?....W..q...(.......h.8.,\.bA...ea.F.Y.Os..iA.R.b........+..KZ....S.8.c8..-..X..\]M#.`....Y.-xv..@..S+.-'B..*...\^...?.R.....m.,.`....Pcb..O..&.7%.F]x.8..*....%h.Z.Yw...'W#... ......m._..O..|c.........;...G.h.....n.<.c...X.dIK.-5..[(......g]!H.i..U..J...(.]..................QI/.B..B.A/..l... /'...B..T#..!F ..,..n!....Vt....;[C."c.[<7..B....N.J$..Dw...l.K..+1...S.-.c%.~.za.c.e.s..lf........K...@....R9.}).V.u=..5R>.....B.,tp.`.b.hU. c3.t..et..P.6R.r.....V.3..}.EZ....a.8._...L..%AN.l=..C.m...c.z.j.....Z.:...'*7X...W.L..Q.78....Q*.<..4$...WC....w.8..&R...8g....F..._A1....%f. .....`......z....#}D..naC(.s..m.p|....".<.[.....m.brr..t0..Ng KR.u....J..%..........E.....l..JF....>....!.hh......rt.(P*..8......|.EmH.a..}.L.-B.........?||...%2.l...M'.9..x;...f.Oh...d..R<Sh..!.\2.....0p(:..&U(6.i...Fa..5........T..C.&D\.C]rCN.T..g^......MK...7.....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_powershell_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37327
                                                        Entropy (8bit):7.995849091608101
                                                        Encrypted:true
                                                        SSDEEP:768:psE71lQSQqrRFq5Z9REDqW/0gHm7PUcerpmu7ImK45qYdcOF:prnnqDrk0gHAPEc8ImF5qYdcOF
                                                        MD5:38441FB90D07B84DD8FB2011D830AA53
                                                        SHA1:28B70F97E2A0E9E7279487BE3028EA1B48C679E8
                                                        SHA-256:9D4F3445CDE03D66C2782694607D56FE92B2AD9E37056E648631F7C619E7FEC8
                                                        SHA-512:F9D4C2F9D3C416BC45CA9E2F54CB830AAFE41BCA29468F71BF0A997F0D60E79CC694930FCBC4F07DE1EFC653D518D1B08F6F3C468D7258D8003AC39871B919BB
                                                        Malicious:true
                                                        Preview:Z\...=....Q.8{X,./.-..Ji.O.iVZ/...Ni4(8..s....$+{..d*.uSH...;...........K{..S..y.qk.G?.......L...^..4@8Ce.X..:...D.]..0.(.r...#..cj..\...[.\.H4(S.)......RS..)}ha...s_..eb....<.........{S...f.U:i.U..F..~..7..@..!.w..7..f..e m..K..w.'...IJ....P$._.v...O..8..5Q&g...&.+B.>.$..d!q8....43..:.4SM?..Xn.~...c.h...1L#.ZDy.x...w..R.....i..I].E....P...NY?!...-..pN....nE.c.X.......@..5.a..j...~.W.J..^Z'Y.LY..t{....:.k...8..K.."...I....+...UElY.YH.K....l*gxM.Do.1....p..B....g.q..`...v...,...nJTMV...|.....w..?..h'...mbX..GH*g..{..~.n.xWV......1}.jS.:\...MO.......B!..5....x..Ea.a..I...:A..r....>.....j......erG....r.....l....4^...Z...Q.e.....+&.."GO.._S.,i*Y9/.....*D.W..x#.5S...?P...>.En..".F.....3.H.(.o.bM..`.B...........Gc..FE.3F...ty.OV.S6Oa...aW...Q...A.}.OH....7h.(I.q.Px|..r.y..c..r..b.P...>!z<.S.jQ...k..."..g.[...,..:...pU...e.m...+..6.....o........h.L.(+.......F.g.5v/.3k0.s.Wc...G|..q.2...7{.p......@;/.aW;.ui$.....Ml]..J.4...E...3.&..v..j..i.*.SZf~.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37300
                                                        Entropy (8bit):7.99495657888252
                                                        Encrypted:true
                                                        SSDEEP:768:9qV2dAalR/iqzliUpqzQNGjldWqYVV36SwsZyML1dBwGqXgU4SjbxsF:kVUJpWQNGhdW5rqSwsdLTB9igRSjaF
                                                        MD5:0A4AB34F0AC583B1B6CD106271C08E43
                                                        SHA1:DFE10F0C30F8E50F5E02A30936F4FA821A92178C
                                                        SHA-256:CA558077C2EABC6D69BF80626C672E8B364192AE62A40BB3C2667E657F0E344A
                                                        SHA-512:0B846D1B13A4031012D159B1296AB7EB4B609F4729337FACD2FE71426C01A03694070CAA65662C5254FEAB06512DC9595D33A095913F0885365058E6CD9D2E7D
                                                        Malicious:true
                                                        Preview:,..c....Wj.t.K.Ud.. ...G.-^..,^...'.....F.C........ee.0..|....WZ+,.s..f.n.|.q>%..9.W.SAl.u6+V..:.u...Y...'..~P................#Wk.)<zj.&...b..|L.Y...)!..2.U.IR...a.G.M........8..+.5...d\...G@M........g/.d`.{....}...i.F..O%),k..5d..._..os..V.\I2.z.X.(|wa..R..{....s..#.(..*.......(w...5..\...o9.3`..,IH.+r.... ......R....'.....R"k.S.......6.'.g.a.+.....Y..*.S]s.......$.P'..D.D.A!E..C....L....}.c..{}s...S.7..]........l..#j8.6qE3.}[t..s..e.*...{.M8,...~...oy^....'.(.h.....GI..).7th.a.l2.f.... .*....M}Fo..xs.?..U..p.Z.$.p..$.b.#.h\..GY."............<h.X..I.=.4L.......e5...<a>...3...Zk#...=/0.$.$N.GB.|.kj.j.&........(..,y....WA..G...].U}....W.....d<.!AVj....S.......(.)+%.?1.J.4U.&\r[u..@.^.|...P$..B.Z8.e.P.....\"C}...{H.AKhYA..C#).-...)O.;.f.8..l.8...dQ.4E.e........G89.1pAZ?.|^.H=.@..C..k.,..h$.....<..n..~......2].......p.I.{.n.W..e0...I.L..fJ....0T...8XT......A"..S.z.'.q.,.d.._..w..o..............r.?VT...,....T...........V(RI......e,.....INj.e.K.e

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37303
                                                        Entropy (8bit):7.995461612784349
                                                        Encrypted:true
                                                        SSDEEP:768:Q9cKSu8eBg1GJj9YOhHTnyNq32X2me9rU4RYFYLlMMyQp8YOrX4AFTOYXYgF:Q9y69TwNl2me9IhFYxtNVOPFTxXYgF
                                                        MD5:F1099AB243496E9FC83720AA94CA9A9F
                                                        SHA1:07C15C02BA50C25ABACE515946200D73135ADBF4
                                                        SHA-256:1C24BD7C04D348F8A8726373C0FA7CD26EFE6E912668275299F3B4D44CFB9EBB
                                                        SHA-512:2EDCD13F75127F32F2CBE5435569298915D9D5E218B1A9410488889B2A4FC54781A72F56AA1B4A0B0A5055DE32614492CA0B61DE82317D0D4692C77EB2FA947B
                                                        Malicious:true
                                                        Preview:#Km.ht2v..z.H...?......Z....uz.......e. p.FF~......<W5cl...E......d.r...,.,..!...]/..*qOl.h'..*s.,......X.!...r..l8..'%.M.:O~x1.+.l.G.l../.1..>..."..`r...b$....F.....r.D..:..........#....\S.)g.E-z..X.L9f.fS2..=....^..D.w.....a).D.g.<.).....5.6OJ..d-[r.....R.*... P.1-+.F.X6..H....M.Y..w....P2.nKi...0.f~t.s#M.......bl.T!.!uLK..Eg-.cd.lZ....y4-G.&...ToV......Hg..A..6.EW.K3..>.9w........%.iY...?B..Lj.Px1)........ E.?..e.....pg..h...+k......5..wx0...tTN....}......iT[3H.,7XT&.....&.....<..$.....O_$.&....Y.......=....G_...`....*.2..<.....V..c.6....,.T.>v;.iy..Ah.R^..$t.R.I)F..a.T......>.3... (KT../.F._o........ G.v..i,..5P..A....|r..3)N.3.w-.\..-..e..<+2A................0?...i.490.!..C:I_.H.....U...";".5.7....`..I.j.qB..A...d._.B...c...m.<..}.F.3...h...Nn.....<..x.$.....}.Z.x..m&PnQ...^U ....Qg..1f.(.~g...Q0.b........p..#..P......6.......P.RX..$p...B..o|P..;....m..-.. ._.=o..P.1....y.J...vR6....X(...|r...7.o.........4)2.F...i.I...D.`...X%rN.3}...&Hk.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37294
                                                        Entropy (8bit):7.9948558993201075
                                                        Encrypted:true
                                                        SSDEEP:768:M/n3r9/UzL/nl/3ogJ4JL1pubcVl48I+PwdcUOx/WZMLF:M/n3Z8Xl/YgJ4x3ubv8bU/aLF
                                                        MD5:465EAC2446BC7DBAFBD9B9AB22214C5A
                                                        SHA1:71C3A97C5B72D7603AF2FEB34CEB6FBF891D9D4A
                                                        SHA-256:58D4EA3B0DBA1BB44F3F44AE2F251E440B46D9FFC691BFA8ADFA1307F0973443
                                                        SHA-512:6BF7F7F8DA6DC2E5917D53C842B47BBDAFC06046FE31933BC9AFD5B3EA74EFC0C33B0E39173542E65227C7183CA63267C35F2257DA5E8F0007A3A58F4D8F8973
                                                        Malicious:true
                                                        Preview:...nQ.E<M+R.{.OFn........S.\.b.. ..../....ubK"'vZi...w...p..$. ..)...3P.$.....!...pY.........!Fl.......j..>..&.ci.Sjc.....J.;uy....d..S.@hzs.=2....#>T-8......y....G..d.I....8..E.v.[R../..4.$.*wz.....,..;.`..XK=.K .7Q11d.l=....!.'.0..= ..*.-.8....K{T:s.,...c]=......).:...*.Q#. @........Lk...H.5.F...j.1%...5z.z.t.......a.z.Quz[......&.a......+N.K....x...h.2C..eg.G..r/.OU.Z...-,.J....K...:.Q.H.2#...c...:..".@hI^...|..%{4*.3.e..i..I.H..p...]..y.6...!v..#pcK.......-....../.X@^....$X....j!K`$4l.m.M@...-B.U. ".o.q..~..q....*7.y...y..>.uN..v.......v(....A+...........n.d..Q.m..6.7K. ..0.C..s|...'.....<.f.Y4W.Y.SZ....E.g..o>-..._b..:....a.....`..h..K.?.{r..lw'.1"w.....e.\w....K.j........#....?.~.K.Y.Q8.....oS...C..v....Q+.2CBa7.x.&h...wi..i$.~....L...d....I...?.K.D.R....^.Q.....7k..C..I)...v.3.p........5..d.ZU....%5.\f".C.H.%.}i........Y.z..}7.JgG.=.>..?........'9...E...'.C!.0..........A.v...B....U..(..\...|.>.4.y..jd....5...]..'.+R......5...\.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):37299
                                                        Entropy (8bit):7.995349892966411
                                                        Encrypted:true
                                                        SSDEEP:768:wM9rwS48zMfQXgLvGE9YgvnQED3bkwvWEc+GUwUiLJV+F:h9rVVQTGiYAn3DSEc+eBqF
                                                        MD5:3D90339E6D78C6DBEC19D803D3C036EC
                                                        SHA1:258F5FBDEA86666374431CFE3193653DC8C0E20A
                                                        SHA-256:1A8E06E639D7E3A23088019B58F7EE1E1236539C46EF52C2D805BB564EFE9423
                                                        SHA-512:BE9DD6745FBFA1B75FFFF21E4E0D73AD6925165BA92C3E6790CF3FFED38BCCE2DC7BE6DF644AA7FB75C36FB1FF5C5B6CB5A265FCBB6A0A15C7669A5C18239D2F
                                                        Malicious:true
                                                        Preview:.z..A:.Eb.w-.....=J...h......#i.S.W.S.M...rg@.B...rN.`y.V u....;'...^...@#m.~..8.....P.yv......f.>.n.....L......A.I..A.o........6.d.0......H..s64ob......[B..e...M.J.#\y.8C....1....i.+......tB.......T.$.....G].3.5.....%...V.-y?.....Y.D..b/..V_#)L..pBRV5.........1.l..6..g......Z`p:%.A..>..j...A.x_-...`|..f.V.....?.Z....l.......k3.2..1h..$Wfz..3.+.k..w....*.|...T.*._]h6$...4..e@.V.....9[.~.o^(.........e.59<..5m....6....S......,.....0... .{..x.4.T...9M...t...\J.._..V.......j..X`Xq.....D..[...Hl..".\.]S..*.t.V.de}.-jA.q:!`..(kQI......I.^"Q...q.)....z....s.`9).......c..6:(.A]Y..q...-....X...E+.U.'b1..>c_...m..Zz...U.?g..<..Kj#_'..\t.../w.i....X...-Z0.......f..q,.s.'_@.~y...x.......".D......~....I.s6..`f.}4..WY..OK..9.....H..^....j.....Q....4.........t"8.e'S,{,..m!#wPFao..C..f=~>..^;.m.W...{{=.....). ....L...\...?. .y...Q..C...^.....}..KtV..3.....*..=UeG>%.....|yr]?&gP...r....j>.pK5....)..\..w.*.Q"....u.S.E.I..x.....jn...F...5..J+T<+.6G...j...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37300
                                                        Entropy (8bit):7.995055971504632
                                                        Encrypted:true
                                                        SSDEEP:768:SmavZA3u0CeHHx1ky6nd/35nvcg0AMhdcSzzgPBhhgY5PQMHz4GF:javZuieHRutndP5vngdzzIJg6Q4NF
                                                        MD5:7CE6D135507E4B114C64F225E1F45681
                                                        SHA1:CFDF4AFED8687C57CFF2826096B294B3F74551DE
                                                        SHA-256:7C75DFE2D924508A4AC0EAA061B78087AA5329FF0B25E697B93C3C9F7E7844C2
                                                        SHA-512:B5BE09A889B1579C6C532D1733316A593EC9BD1155D44FA4ABF71DA675B11C07F5D1CB4C9949C3DE6E4CC1207F4FFE64FB8321FE83261D0AC201765EEC939AC0
                                                        Malicious:true
                                                        Preview:...m.^....I...G..[9........w......}.xv..pj]\.T~.4..o..Eh.N.......7q.T..5_.b.0...1.....)..}......O..<O.....1.,..L...4a[.+.O....p.6W..R\......:0..gX..I5%.....T.3.c.g..Y...o.Q...,...AjM..P.2~...D.(.~Ls0.8......o..S.j= ..|:Q...:Z...2.y..$.../...j%..D..y.....=s.g..0~t..T=.Z...bz..&.:q>@.nl.#.t.H/...3..I...G...j....C.....n.syUz.=.EF..?\.KA.-d.)k.,..;.!m.0....X...3.O..WP.\.p.0......kF....D...........z.&j/H@.Ot..MnrW}.2....J..K..8.1TQ,F..K..P....O8............g...24....f..>..cL.3;.......a.gS.2.v.d56....4.I.6....-.......o.C...p=.xT.m.l...Vmz}..d.Z...1"../..Yn..b...<v;..I.Q...B..;!-+d...P2..*..+.....[=H..G.[.(O..|..G ..t..F......,..R..#.s.O..;.r.{.+....".<..EB...4W..g{...#.I..e&\......~..i+L.~...xr]...-..H..`3..e...|...x.r.^....y..'.#...=i.......].@9.8.t/.........P1......W.j&h..5.lH(..sHt2.K...|.)!-..?.....l.s............`.5P..@.x.)KJ..R.F.D.6..+l.i\HqW..`147.1..O|c..].!.K.(b...+.4../.Q..5y...E...;..Xc.2.......7.*?9...P..}.v...TT.....>b......

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37301
                                                        Entropy (8bit):7.99538660460842
                                                        Encrypted:true
                                                        SSDEEP:768:YUNUaKdGn9xOA1XF7VVG/D/y1X8tR6DHPrtgkyB6p3nJVWYDxrDsF:RNUaEG9yryCRwgkoOVWYD1sF
                                                        MD5:D8DBF69C112C7CEC2E42AF4C7232C19F
                                                        SHA1:593CB5FB6115ACA1E8082A91861F440A772B4289
                                                        SHA-256:D25414B8911166875C0ACD115D79940C353E04B433F859AAB0F72D59B6C9E38D
                                                        SHA-512:34F7CC1941E64358AF870CF4D0C3DC3893E1063243B2B640C272CAC3298B505974DC4AED3FCB04B5D29191E7410C022FBB5F527ABAEFB0734E7DE5E8047DE794
                                                        Malicious:true
                                                        Preview:..........a.W...=...[.2@s.m...}<Kn...<.e....E{........ .e.!Iy..AF..T....m....V.e.jH...!.....{....3v.:>..#._5DR.p!....w..6.E...A....r.;.......f..h..5&\.r...4d....q..3.y..x'.jMc.F...yC..2j....K.8-...k...g.v. ../w...a{.m.7.%..H..Q...y.p.J.s .<.[........a...U...v...:L...#.>.L~W;~.p..g6w.D...sA.....B..N{T?.&....?8..Z..)..IR.OY.[...._..g..W..R.$....6ck..l.4......?.`. .c.;../w..Q..t.A...0..6...RLer..k.v)..*U"....\-....W..}...+!+.lZM.5..*.n.I9.)}.........-........j......N]..P.cBl..Q..A.J.$H......;.^.s.....Y.K.rF...2....,.R..di...*..G'.zkv...@.-...'..........L.#..x(.C(."...5...%.7....,G.e.U.j.W..h.Kov...,l.=..'&..a.E*.swn.F.O.$.Q....k..K.....e....z...Wk..;...K.mb...<........iUL[...1k.*...>m;.B.!..zg9.w....k..f...1.>..u..z .%...z.{2.E.z....&......f9.E.........b.#D...;..k...Bo.t.....IN5d.I..,.....8...P^.k3.e^..{..O.....b.&..4.].G.aS..q$......v^....V.v.cy.V..P.W*..o.....u.I.=..<..U..*H......@....0...xj.LK.?.............H.....6(..w...0.vr.....M.d.."

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_magnify_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37302
                                                        Entropy (8bit):7.995352568682313
                                                        Encrypted:true
                                                        SSDEEP:768:cqfnwa3N02qEzac5Jux5ubIZHZ0QbQFQWrMCgTEvfXWYzeFg6cKq3auF:cqfwafqzvHDEFBrn4EnXWncKEVF
                                                        MD5:425E27F331B3155A79E15E454D6876A1
                                                        SHA1:4DF6DF2D4B318C094B79E3850B8A490D09B262C7
                                                        SHA-256:53B3EEE995D310A400024AB87B881FBE4B59FF91F36BC0BA2D8ED019A48E780C
                                                        SHA-512:1899B931D36B7D70778DFDD5835E00C8010C4AADE8666FD0ED026E6DF1673D0D90DE4CDF57836EE0D62CD6DD9DA043CF025F187ABAAAEC159F6990A7C50AE138
                                                        Malicious:true
                                                        Preview:"c.|.........5.(..L]...u....Q.*...L..........T.+...uZp..n.L.....5..g5....y5...W.%.sq2e\......L;Nr....O.#.}.....{ti..*..h./..p.+....~GP.....D.(..T.m.1.aj....p.V.Mt5...k.w..%o-.1..x.F&.GS..d.CXgh'.!..m..s.*.F..}...l-....m.....T+Vhj. Lq.].5.?....l.s_..b.B.js.*..../..p#....b...e3W.f........}..Z.7`....g.9l......^...Y..o...R_)be..*..T.9.C.?.gT\..'i.~.3.....[*.....hJ.kn.t...\.."A.."....N.I..lxUF...|.....b.h.........s.PS.B>..p....se.3..............ug1..6..!..i..#..6V.....o..)..?.`%.y:.A.#...j3_.}......c.i.&J.V.^{.>(C.. ...._q>....D..oC...c.:.s...{{.'Fa].....o@._..z....PnD..`.0<.m`"......-.T..iQ.?....pSy,..+Hc...3.?.O...b..q. ...|g.....B.`....E..?.b..._..?...q......W.P.....Q5.Y..T.0.b.l<.<...~c..@G...M.$^..?.h...[.aOC.9&....`.]!ub7v.=...:Q.{..N<..(l0q.^..bw.j..r2.%4....j1.yx.:..[...u.j..l.C...X`@a..T!A.%5.&I4}...H.l....._..Li..@.....C.....R..1.r....J..p.....P..._..H...[E.C.P.I{!.......3yR..I|#...y.JV..G.,y...e...O..R..6..E..z.M.{Bj.Q...v..J....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37304
                                                        Entropy (8bit):7.994861680588279
                                                        Encrypted:true
                                                        SSDEEP:768:vg3X2wVVqDr6q7M/hEyd0T096VYQBgWpzLWIq5jmF:vglq3tM/hEydC2Ux7kaF
                                                        MD5:C4923F5E2390D4D8FA46B5132823FEC3
                                                        SHA1:FE028F90A720C3DDA64E84C85FF74364A1731811
                                                        SHA-256:02DB008F3BADBB7DB6191F26AAF35B2717304B4662F207F6EB007B834EF924DE
                                                        SHA-512:8F2E554F272B06E57039263642B7B5CBA2D974A99B01DD0F86CCB3BFC377B464C45D6E1D7BFBDEE36077F1030D14372AB4150C30AE016767A187024387AA99B6
                                                        Malicious:true
                                                        Preview:.g.6.o.`.'.o....[I....L..Mg.....n...*s....t.oI.....=.....Wz..8.z.l..h.cD9w.l".....iU...;.....G.p.l b........g.: ..D.Q.X-.Irr.......T<.3..X]..b...d....6.p..=...:.....[.~.......2g*.|..uy......<.R"....55vR..B.U!0....[Wd.?.il9..*.`1p....{M....<.^.s....*`...14.}.d.#...l..ax}..-...qvqk.......Kj.K..+..{...Y.(g....%@.k.).t.....m............q...P..3.d.Ei.Bv}.<..\`2...E..."#.Z.s..~..N...@..;..4.......W..C........Y.....LX.{.+w...\'..7I.a...s.... .fL..S....?._w=.+.eD.2.`............uVut..>.2.+.(JC/]..`.....a>~.XE...`49..p#.-.~;...o...(}.,we.ro.O.Z`x....gF...h.....?..a<..>O..".u;.r.....J.2k....g.).E........c`..0>DE..=r_.`.U_+Y.O...X..P..Py.F..BY.............[..].IA^4.-...40ZUG(.-Z..q.1.,*;..=h1.).On...,.......O%m....b.p3....sXnY8N.D.z...Fk.B...=..2.7y.....Z....2...I7M...p.J.5..l.U....(.n.......c....{i.r.6.Lb.9P..\.b..[oo<.f.<..\..z..P.Yw..............I.9..3Iu.........L\3..R.-..=.d...x.r.^.pQ..QpNd.0....56..B._.}).......f~.[.9..F&.o+.*?+..<f..@vG. .;V.4W7ms

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37303
                                                        Entropy (8bit):7.994772341705643
                                                        Encrypted:true
                                                        SSDEEP:768:Ad/tJhEL8Q895uZgNKvsaXENPsHBDs250yXIYtEgMaiB78IV+ZJ9F:gNZPrqEiHB/SyXIYv8J+D9F
                                                        MD5:BBD4EBD0BBD09B749161EB7E92101B8B
                                                        SHA1:F3F24735771A99D0B04903C667918ECADBC58E12
                                                        SHA-256:96BF2174098DF778A99EEE8A61323CB7F141DE0BE9758E637E4788DC9F075A69
                                                        SHA-512:9F9CA28AE28887CA9CBCDBBDC173DBC90D776A540695760E5ADF0D7C621A2A03CE5EA92FF91EB5943FC1FC0B7549014A521FB6627CD1922140D33AAA0BC5202F
                                                        Malicious:true
                                                        Preview:!...U.N.lA/6..H..z#^.a...?^....!'...(....Tntz..vI.6G|_........DA........O..G.[H.......;r.pN..Zl...1.x..VX.6..U0.Hg..Qw.h.%C.Jt...=...7.j......X.R..Y,4.1RUT}H...UW..EM.Q.s.........2....E...{..*.]...`.Xc..O.....M.r...Uq...].....VR...~.0.9Y..B.....,iY{y.w..._.........8B.+GP%.....L..;.....B..-y."_.n/t.bb....y....L....W.:....../pW.K..LK.;1e.....SY.F.s..W....4....1(J.a...a...&..o.xo.}.1.V...).ZA...4..>..".......&....1(OO.........x...|.cj.C...M.........XR.....O.q.......?k.H.e..!*A.../..y..K..Q....u.{.......B....oG..N.(q..du..uy4............j...........vjt..1..\.l..g.O.u..A...L..n.X....]b.t'....{K.a.'..A.Pn.....D.kK....d[(...{`.%.E3z.0>.?...h...[b~..2..\&.O$..<z.>..2,.l..D\...p'.....@...n...p^.va...X#D.s.8../..t.......]...d6z.#`.|.j...}k..W....|..16...s....U.....W]C'.\.......=.@I..........B.J.p]..;.u..O....-...~V.g.oT...M.47....e......ke.?......E..t.+.`....n.+...(.'.9.dB..d...~.o},..s.d..1.....B.5.pK0s!.#.V.Z.....E.M}k....T.......$x[8....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37302
                                                        Entropy (8bit):7.994404995401118
                                                        Encrypted:true
                                                        SSDEEP:768:GotY5PD08Tee3o/ZYZGqppzGNrWvsrAGZUMedP2ay8YVrqqPF:JtKPzb2GRRibZsP2sPqPF
                                                        MD5:7A00F98383DCC476103C59B3EBCBBEC8
                                                        SHA1:CA188234C96F63F9EA4127ED57E06ABCB2544085
                                                        SHA-256:0EE84B6AE5297F8C9FB12465A7AEE9C2FA5A8F42326E9B9EE63D8736454429DB
                                                        SHA-512:D56F6A8415A0A795C79C831DDA4553299DF34E488ECA8438CFCB22BB4B41713FFB80E72674E323181A03B27CE0E393415518F84D108105F3CE8484F19DD660C9
                                                        Malicious:true
                                                        Preview:.+7...Z....'#.-&....=.....b...K.g.0.T.p...........8.b\.....#IK...e..X..8.+...K.._...t.s..=....D...AO......S'R......d\..>?...X..=].7.6.,.cG.8....c...z...=1.h.,B..:\mS....$...p...%..a....'.o.......&..L.<h<C.^zZ0GA...=.OOxs"e...WIP...%.w(kn.q.?r!.u...........).....=.pe.4.Fs....x.S5.My..4L..;<.......Z..P..Bs./y.b.....hK!.Hp.Gn...a..&....Tk.........v.2.N......`._.....6...u.....!#u!..iee....KdS.B.r....Ag...p^3Q.....H..N....p..we,.*.....C.$..K].....GYA....TY..o...K5w.........w....E=.........=...O.`x.k..=.?.K.,...........=.T9.....K...N#..D..E.q..:..}9..x.ss....sdH.k|d.1]G...HrY..j.>Mr<u.)g..$4..jG^L.nQ.4...8......T..z.mEV.0S@.Q.:..=.0 ].cte..[.....W.~.*.]~E8.a...v6.Xw......'O.....O..E.5..}j5.1%.<f..J#e...[j}.>:......D..[...&...|.....7b.,.*uF..ke..N..t...d.+...$#..O..].1.]3.U.g2..5......PqK.&..XG..ny..%...9.s.!......v-..&.o.1&b...t.c...*.*..N..Q....#....Y.m..%..G.1..;..oc.......-...M...!h*.c...V2J........&........q.2.K."c...."..R.^.Z.../..j..7

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_narrator_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37301
                                                        Entropy (8bit):7.995036115621988
                                                        Encrypted:true
                                                        SSDEEP:768:y4ouLNg8s7ZbbWwzKhq0snpF/Ub/XdogWTzL5PmyhsYF:y4oIylaKWqPnf/UbP6PJNF
                                                        MD5:080C4D34945F6D166AD39A8D79A5C073
                                                        SHA1:F9B9A37DF3F6E16692D16BE48FAE916C488E52E1
                                                        SHA-256:D686A8D5CF9ADB5DE42653E744EE8B782E32CC15A88E3FD29D7C7F516B16B784
                                                        SHA-512:9921B9AE2B9811617FE470B07DB8AF8447B955211EFB44F1CCE4A0D0D7695D6D52CFFB12202EBA95E3B04DD1A5AB1261477B4B9294027ECCB6F51D0C7E5AD026
                                                        Malicious:true
                                                        Preview:.aI*._RG.. .$>-.e.^oc.R'.)...T.&.......\+..d.....0..V.%...-...q(.pQ.!^...n..G.`...&.H....`k.a...'G8....n=^b.]../d-U`._....m..j.............OL.2>..\.....3J.......B.......]......n...0}n....!.R_.w.....t..,.)..[9...i..m.0M:..g.a.0(...2.65.T...h....hn...#...!.{....M%6.....B...KY....}y..9$....U..2yf..`P.....&..V..-....8e..g.D\..od..>.Q....TS...v...O(.[..XI@...M4[.|...%`...s..Pz.).....n..T...S.fF.N...7...uc$g....\....h[ .W'.M&....x.4.mb...9.....#..l.E..2.`......../....E.....{RX..\.k.e.%C...82-[(....(.Qs...../9..]j.>9\-.bPZ..v..."...A..\I:.;.$....!../96+.u.M..*..z....8.A.s..v..$..j..QJ.......{q:..5.3.V'.)%8...h....@.|..a...F..b.7.hv.9..4!;.....=..~D..7B.n.....h..G.f.6..M.n..]V..Qt.Td..#.$Ob...k.>...sc^.g...V.U......e..J.;._....w!.....*.zD.......U...>.}bN..q.{...J.......-.b.a3.hrvc..._.pu...~f....'....."....q..2G....)..._i.E_9.9/..../!y.!.vR?....?..l. ..m".......V|.1.+....|...yDc.U.S.:._.C..ru..O....~.....w9.w..j...o.......#.+......{7j.t...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37301
                                                        Entropy (8bit):7.995250785980036
                                                        Encrypted:true
                                                        SSDEEP:768:J224lHX3FJDuJL7vwcyjSdx/ZjqJpD1nIT258aghowHfZF:Ql3F98wcgwZVqD1RCI0F
                                                        MD5:1768BF76F94873083584D2A32CF9C87A
                                                        SHA1:6C651DA35D178EFE5B1621C80D7C6B9E6D87C73F
                                                        SHA-256:23B0AC5A109FF4FC97F5ACE7949144D0406262E9BE00E619220E70CA2ADA1969
                                                        SHA-512:97A36B2E1616C8A7868D24759BA1CC7E4594E01341A6CBC68DB769ACDBDF30159B2AD004C987E06F5A672C8EFCCC2D80BE8EB84D1FD12A9CDA346B28B3A1924A
                                                        Malicious:true
                                                        Preview:Z#1|..$?(..\.a...F....+B..Z#=!./.9...h>\.1..^..}...<.{...q,.....%...[m...w.x....B.p.n@z..D..b7y.).]I.{...m>.V_.[..0.(.><Y.W..I ...X..~-[&.g...=.f../.~.j....i\...(e...|e2W..s[..q.,o.57.R..6.... .q.$f..p.....8.......,".wV.-^.7~),.=Y...K .L.f5...y..x..e7...|sHW.E...-l......k.5(....|8...#.........5.;..T.u....=T.X._..mi..l_.....J.E...Y,5J0[...`Y...p.JSL.tL....$x......"........q)=.<.z..L.8#...^.xBSY...=..*.;.....t9X..l|.2-..V.Q..`..<..?qR...X.....j...x.T.....ImG\.. n.XJ.&.5.T...L..ar..{...h.'......r8 .F.......6.X..u?j..wj.B%w.;8.W 5J..u.Hk..|.........|............w.....W.I.w......c$4!...8.,n.s]...U...?..W.6../.F.c.x...Q.....H..RYE.'..0.../...J....q..........uJh$....?...F.+..L.aG.P.K.Z..{......O...0.. .y..F..x..0; ........T..H...H..P..vE.....G.6.&...k.=:.j8A(.{...y......].t....Q.D....(.HBr.d...U..&....X[..T.U....{.o!.>..u...w...J7EA....q....7.q..m+.....6..P....X:.ONb..wG....0..p..........=..........O~..J...2....(F.Aov.$......&s.*.N.....e.5tLU.P.4.J.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37302
                                                        Entropy (8bit):7.995528854624769
                                                        Encrypted:true
                                                        SSDEEP:768:ZvQ4gvtBe646hIKEGqxbm8/2Tb23jFsxlA3P9oU/44EKWv22WxgpEUF:ZvQtKv6GKEGa92TbgjFsjA3Fooz1U2Yn
                                                        MD5:58CC4979282792381BBF906933B2E57C
                                                        SHA1:DBB2798BF6CB0A506BD8426E5F819611894C2BA5
                                                        SHA-256:9379CCB1EE0AAC4E7537BE6B1651AF6E7AF23C2CD128AC419976F83B38156EE0
                                                        SHA-512:D40A1128186AF82018AD1F12B1CB77FE607BE71998F7BF7B56DF75BAC0BE3E718E4D2109FD7C1829C837A50F8A821B3D8B6C2DB0CDCEC837A5430D484DC0F76C
                                                        Malicious:true
                                                        Preview:.f"S.k/+.;.....1.@.K*....C....<...3.c..[.....O....o....D.Q....Ug..!...y....L.......&.o.C...z*..0....^..>.@..o..&.?d.9L9i...2..4..,...+..s........b.&...B<).MHe.>.+h.se..0D...^IU...q.q1.{.h......]R.D..#...`...N.........*.DS..0...pq.......\vS...+.h ....X`gn....]......+._[....L]j].c.......4dH.Z...x..FJ%EN......=.).5l...`...^Q>.....b.:.g#...Q.#nd!....NP.....m..2..%...|3."%[.+D.7.[3...:om...D....._...{b..i..z...='./.8~U..6......VG|..}Q.........E.n../...F<u.F.0.@|.O.m.Z.. ....z.1.....{...<G.C,(..@i...B....+.C]......M0..B...%...1]..tlN.{+...e..-KH.v...?..N.=f..j.Ee.E,.F..x.2SP...A........m.!.....=[......QnZ%....Tqr.D}-y.2..a...y8).m....s.LXdf=..j.H._.A.....+S..7.j...1.../...o...'C.Qq).S....6Z...xwS..`...+H]dr5...j..$.&+AMfg..?z0...i.2)?.^9|zF..rO.4.J...;./.p+[62.../...+eMI..6Jj.I.Z.....O7JL."...J...$.|.......,...,..8).Q..xt..7.....w./.9.+#......U.z.vx&1.Q G...Fo.+m.D5...Wt./2.....%7y.y.F...L_..|o5z....`S.`..K........" .k1..........A..m?.....F

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_osk_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37294
                                                        Entropy (8bit):7.994152467732163
                                                        Encrypted:true
                                                        SSDEEP:768:DVKDW5sAIytBeX2Dr/5haapplWaVDQHc+BdrNQjalHL6vDjzF:DVK13QsOPjrDQ8+BZHlrajzF
                                                        MD5:14512363EA88038E987CBD07EDBC9038
                                                        SHA1:09FDE5469625467347A157B15D0070627756A596
                                                        SHA-256:C2E87C8388DFCDF914F4EDD169327E8B0C66239664755D93BB560249E1191BC1
                                                        SHA-512:8AEC520812663EFFC3971935F61E2596AA20C68A88526ACC5372BC4F172612B15E3E27B07F2B3E7AF3B26232F44DB6020760A7052D77DDB02289AB3F11B4330B
                                                        Malicious:true
                                                        Preview:3.5.o.2S.;U....EU...-.2..$(....Q....C...Hq...S."..#h..;ql.^...&q..K.W.d.~..r..3.p.lR....:......Qh.`h..E.7..V.5...Yp.....&w..v..i.r..`H>u.w......!O.W.z....#..(#`......LX.......m...-fZ.......13..D.FC.N.J.....g..P91.{.............!H......c....#.......Ip.F\D...z....]....%....P...y.J..L.J...?.{.n.Q.P.#.........5G=.-...F.:W......dN..g..;j\..a..P...c.(.P.(.\.u.<__hJ3.#.......28.p..$h...._.A..Q3...v.-....o.HQg..}.2a..6.zo.UY.?5.P..R......v... ..E=9B!.z2/g.y.P......F.O.>k.f....y.../..-..U.#z.?.....i.~w5..}+..=./.,...C....V....K.-....a......]e...RL...../.{^{&-...i...p.. <K.R*..$R.q..E"..M .\..|...).j}..w..l}E...`..(.I.'_.c..l)m.@.ef...].8M~..%.0....D.F............N.@..V.)0.XVM|O.E.2.N.B..U....&.....0e.....m.3..;.I.7#d.^bj...~.F.DZ.JIq...E......r.T.....3.Eo.G..M..S;pJ..W.V..5..DTp..$a.......rJ.V...YF..E.mQY....L..W'..0.@..b.v\I..g.C.E>b...qq.Y..4.a...N>]..".X..Q2...Ks.J=....HB...C.....b.....Khh...........z<$x(.vx..@....+...z....)R...WS1...+'..).7b.{t

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37312
                                                        Entropy (8bit):7.9946074190030405
                                                        Encrypted:true
                                                        SSDEEP:768:x96NRsvVWBUaw5ehxpN7fNdUbDgW5pyYOM3jPnfLOzllZQwr32OlfF:z6NLjNPUbDZ5pya37nTqRQwrGOlF
                                                        MD5:FCA2B920483646F51AE88FF8FE5F1F4D
                                                        SHA1:9948A48D55C15A5E98BA23590469945CBE75EC38
                                                        SHA-256:8E78DD83780CAA20ACA93C2801961678502F9609183650D4DC3BEF2AB92FE8D4
                                                        SHA-512:1ED4F60801E3B6005972481CB0D24754AC08B99DAB943C9EE294C9DEF4A42603A71426AFF40D94A0101A2288F658CA6AC3CD800AE191F5A5F9068FA3BB441ABD
                                                        Malicious:true
                                                        Preview:..0....'..QI...s|a..5..,..6.#J.+.....O.....e..../D....AO..N1"..G...5..$*...~.o.....Q:."\.P6....m...B.D.^.=..U...L.9.VZ..qa.X...v.4.&..........(..!.z./..R.g........Tl...h....WF..Y_>.'.a...._.W............~....]2<..G...ew[..!....#.CbkL.1.0$."\...,'.l.p..hh\v..k.)h2w.?......<;..e.e.........y..I..'9<.>YL....U\N..'2....~..vi.2.......4.E.D.|....g2].4Ur.....}.-.0.........XnR./wF.?[ Ct.6...~|d....jOZ..*...cJ..B.....r.U.z....Z.Zi..Z...o..g..L..-dqx.........-l...........@......+J....8.z....UQ.i.M..F+...f.:.3xR-.k.#)..6.w.x....."....2..y.`l......I..4U...jq.......r.F.p....7.H......$X!.4.....wz..B%....p.c 1..X.Y......T.\..bfZ$.nBX}...J.o..:.S-.j..N1...'...p"............{.A..z9;T.w.{.D.Z'........E.x..lhk...<..I.....i......Z..Q.......]v..TGW.R.5.G.T.Z...L'..o..Pd..Q....EO....3...=K..3..$R........1..cC..bE.rD...&.m...).0v.M..tM_.....Oz#.i.....L.TE.\.k.w.... ...[PT..b...{.@.._..6.......$0..S>........\..Z"...L4.T\.......................zEC

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37294
                                                        Entropy (8bit):7.99552303765693
                                                        Encrypted:true
                                                        SSDEEP:768:Ej3BQjJtrSlu7mhEZaEWWzZzmh2H1DdfmzhzO88XshXjm47uOTF:c3BQ3S0yh2aEW3EH19WhzUshXdlTF
                                                        MD5:6A21F86CEF2A493DBBA035082E2D9641
                                                        SHA1:4A8B540A7D99A04B441D57F67A28FC5E57724B87
                                                        SHA-256:17A6845E1C86C89080C91A16C12314FC6ADC10CE2026F94609B8C6FB2674EC3E
                                                        SHA-512:3572E1BC9D1DD3626E916892A5A6D1FCC25BC61BE0512CECB4C80E1A51279EEC886E8E8660F4B016D577058DA00D3BFF2EF6B14BF877285769135DF6231CD2E6
                                                        Malicious:true
                                                        Preview:?.I..5~..8..].R.ss.P..:3..`8{A_3C.1o~...&......=.....ow..K.6XD...}\.;XUu..s.d.bf=4&2...W..n.i..F.<..=@...}..'..7..`.o.....q....6..T....xw..T.?<.25.....Q.....X...Ts!....._=S..1.....3o.p.....q.;..-_&....|<..G..V...H...\...U*......Cgv/..)...DQxx*..&-..^.0..1.!sG...........mw...4....>...6....+....H..a.tb..|.....r73~p...ym..N....{.H.Q{4.X.VX:..u.....d}.E.(....I.F!...........U..W....7...-"Qw.2A.t.....).+.Z.f1..\..pgI.\.....>.b.......^+WR.{N.(.V Z2.7............5.G.......:*...f'......\.K.v...........Z..>.>Z...........a..........o.3..2K..4"..Pa..A..I.7'.@.5..G.w.J..%4.e#.^E]Q..*..<..3....4Xe.m...Y.a...l.....Y.{./_.^8[.H..C~.XN+.R.....U....v..=W...J......"...x.:.$..QVl.a..U..c_!]..s...q_AQ...G.#2...m..W.+|.[j.[......n..Vc..V...l.@..c..o....&[..j@>H].$..../..K.9...L3...W.{..!=.PQ.*.m.L..^W?4.|$`.)."..q1\w.E._.e..>...O-......g]h}..j.04..].O.W..^h.m:.O....0.$....+.f.7......2.E...)z3......:Ld.....)l.:4...I{.u8-.{'........3...r.c........o5)..@..8..\.aP...}....a.R

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37307
                                                        Entropy (8bit):7.994352495352345
                                                        Encrypted:true
                                                        SSDEEP:768:haOFgbEJJTCVN6tVA4KXI8YoDNRiAFOwF9GFgD2NDK8EhF:h2bWJ2H+C3I3o5UamFYgkF
                                                        MD5:FDC2AE7DC29978E1977BC39D6ED8ECEC
                                                        SHA1:6351B2C0F0C03D093D333747E0CE474C218C0A9D
                                                        SHA-256:02A9F5D17E8E348EAF7E49325C58F654CCF0256DFA1ACD449421EFA3BB802B6C
                                                        SHA-512:F55FB775CA29996293E44F388A250788F64E1B65B058173ABFC0A6FC57D71832D51932FF649261BCEDEE58BD1E2143C219DCC44990B31A0800C930DC310A41E7
                                                        Malicious:true
                                                        Preview:R..xu..U.VR.-j^7A...ly5..j..*/.zp..D<.i...?B\..v......u/.T....[.DRV.....y.......I.lSo. .V.y..O..z.$.4..N...n..o....x3.|zB^#%NM 9....;.zeU........C"..#!.....>#......P..8.@Wm0.9.K....<.%...*.R..i........5......I..?.p.H%|.......b.i..%..$s.[..L.G....T..w."..... q..P.n+b..5...9.{.5I/..1...l......HO.^..7..N)Y..f3......c...D\.......m.o&........4....]Z..rf l.:5Q+...{. .c5..l. .+>v...F.\..A.57aQ...<...w.~~y.Y.U..5=.#..R./...+.....6.......J...!..I..d.....$......Y...J.OR..La........M.?.H.?.s.y..H..8.../e../.Ti..4.4..9....`&.,....a..;.k~VH.t.k.'TZ..D.?.Q.7...w..DW.F.3.[[ ...J..r.8.'.6.<.C..w..;".<..L...K5..v....G'aE..T.Z......;&../+.H./..q.b.....;)B.zKW....dZ>.K.V..i)L.V..w>;...~..#0...R..x.{.$+.....+....[..}qR..(.~.u..l..r...n..;Y*..op@..m.'.N.N@5.rl0.c?+HH.]..'.......zJ...:l......\..1E...B.'..q..E.dU...Q.,.D.M.!.V..4!~.\j...M..}.m.kJ2,.....zvh..,.x.@n.g..-.A..}.ck[....P_L..NO<.H.....Kt..@..n...C..a ...vc.U.~..^..S...U..m..3........4..-[..*.*. .Z.....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37301
                                                        Entropy (8bit):7.995495162811454
                                                        Encrypted:true
                                                        SSDEEP:768:cNbJy5+vg7iglJVnhahi8S6lIf/AAkFGwN6/KKd7VQlRqsM0rMw9LmkC199dsKxF:cN6+vgGgl7hahi8SI2sAkSAMCMsLmxxF
                                                        MD5:CC44BBB6B8D44DDD9187BA84B6C5258B
                                                        SHA1:9910920F09AB98171423F321668CBA3BB7326D3B
                                                        SHA-256:7E26D5B98A64D9C619608A56C565808B9E7DFEF0DD568141199DE434CAAA3BCF
                                                        SHA-512:742FF4E906B945C8A8CD977DF27A71470C4D6F7434EC98A2895A8EFE879ED038DD045F3242BC7626CB48CC646BF2A227F1686AE4577A7DE20FC8966404C494DD
                                                        Malicious:true
                                                        Preview:.^.j........E..})...}I.....D..._,...j.5...>.+*...fT.....;C..U..@..\.....nr...d....Y.......?*......-M.Y.s....{.:.|G.....m.....-3.)o...RD..j.&..j..9......YP..n...|.f.....gv...ey....,X.6.U..(.Y...|&...Z.(:..n03....r....w..Q'jm....M....v^.q}K......[0....E#....Ze...g....us*.X..o..+....u.M;..!=.].6,G.... .....v.....b...[..o.m....I...p{.&.}D1..u...{.z..|.,....vz....v...G..g.Sp...`..Fc.o..Kv...Ah......`^....!Q..1....~.....e[tl.....72..%gWI....l.?Ak.Y...O.P.x{..8.u.-d..9gq.u.7...N...P..k...m...w.Q....*...........L...R.I.ZW..3i...2...(.FP..i.].....37.............f.F.>6a`.. ]q..Y..NXR..~"j\s..y.<j....o...]...w.Y.l.A.2:E-i.d.!.....%..{ADw..I....8.*.C..;5..L.. ^.1l.g......M....89n^s......K.R.......3T,.U..?.....~&.#...j.@.\..P.+.Q...(`d#.=.R.5Z....Q..&.:.F[k~.q.I....$...Y/.r....%AzG.qO.f..`.'.....i...n.....;..........S....#..S5..f....U.....)..2!...o.xoi.._.@U>K.).}.P.d%..r:....o.....Es..>..;..<....Tty...^5i..oE.y.&/6..a?..h.%.XN.....CA...#..l.c!d...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37300
                                                        Entropy (8bit):7.994620930481448
                                                        Encrypted:true
                                                        SSDEEP:768:LTyKX0J3/OmnD1+dmDr+fXKD7USf0fjHA5bZ01zzYwKqeph1MdgAYF:Kw0JD1QmDrfPmjHA5N01wwKqe71zrF
                                                        MD5:6FE0754BF3010796AE129085133BAA00
                                                        SHA1:FD7167D5A7BBDB3B870C162ECB2590EC6A90EC1B
                                                        SHA-256:7D305944FCCBC6D022070930C85F2627D7046B63E5630BE103552748529DCE84
                                                        SHA-512:19EA41A021D39DEB65AF69B6C3816672969E14CFEAC98C24FF1404B6B295586A4300658907563DF413D138718FE3FEA9E5211E4DC5967B33137A8BAA65F18969
                                                        Malicious:true
                                                        Preview:|.5z."s....N..#:.@...(..o.I... .7..P..E]..5].Z.X..~{!.?3?...j>*a..-...df......x../.\B.\..1..P.(.........o...T4....<.<.r..?s......xL.k....RC.U.....u..(#aZa\,)N..c0i.Q...l...Bk3'.;{B.f....S..@......./.2{.....cn.L....1.&...Y.6.=.N0....T.}.o.u.r....=SWZ..y4...f._@.mr.YNY..%..E/_wW}r.^.$('..W.n.).T...#.hx...?..........~T$..lK.@......:S/......\^..j.-.A....O.p..Z..I.l...Y..?....S..d.\/a[..U.).4r.....'.U.{4B.n..k..(.T.b.e].\.M..Q..C)3.....L.....;....B.>t`C.w.j..,........sX.^..."p(....@o.....n!.........HF.'.s.d..K..{-/.{..aF..Gm.A..*i..l..YT5..r!9...#.E..!*[..V.+..M......#......`5.ZeT.'...`..s,a..g.....I5. .^.Y.@r..}...\....| ..<O..4.4...7.).y..rL...*....at!.......'`r.4....F.h..h..:7lX8.......D...b:..,....0}svG..S.%...q..ZXa:.=.G...njq...Q....7..t.P.........cQ..?.y.+m.O:-....q9.AH.....R..RQ^...C:..!..9..5...(x~....xa.B..Z.@H.......@'.v%.N.`.=..1.[H..H25.....Q;.F[./F..'...........w>y...(C..iQ.>...D....YR..`.I.[.b.c=.L...g.f.]...C...L.J.3....w.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37301
                                                        Entropy (8bit):7.995359175345665
                                                        Encrypted:true
                                                        SSDEEP:768:DNkqhfJ+oJHjgLH6cBRuEosetVGQYhEdKGJqLNrCN17ND+HdxujYF:2qj3JHjmHNYtQQBKTL4vNK/ujYF
                                                        MD5:5628EFC795B408490A2355DDCC6C209C
                                                        SHA1:272B37A5ADD12B5807134527CDBF42CA40C92F40
                                                        SHA-256:DEA55698A4CBAFFC340413BCFFE7BECFAB4CC3EF207016FBF09FC73B05241F3F
                                                        SHA-512:96CE5740614E74ABB4C57D447F795E4229D3F462025ABC120490C0DCD8B0F2C16B3B7C8C5738A6084F2CE8873EE43122E08996511CF881CD83740E2A3365DB7A
                                                        Malicious:true
                                                        Preview:.{.Jh....j.).@!)....e.^..>..,...y..P\HK...+....}..........)[W.}[h.B+..i'....Dg@.p.......p.o_.3.n..\$6Q.,...P.Qb....s.um.T.Bd....?...L._QJ.c..k.R........4:h.?..*S .M.J...qR;..._u..+7Z...I...o..........^.~..L`.[+..n...r..C..{ Re'...q&.f....F...#..44....m.$.6.K....~...[..joVeC....fO.}.........z[.,a...8_T.V.E.|('m...:.L5...t;..1V\>.{..2#..._P.R....~P.<...(...._.*J..v....DGp....E......UvQ.s^-#.n4W.Yo.j...p.5...BU.z4:#,.$....fa..CY.].=../.....1...!J..f.M..B..9.zxh.ABs\.Px..p}q.u.9.../....A7.b4*...s..U......x.G....TK..~_...:....Z/e..9!.._.S%..u.x. .o....%..2......D.....K.X....N1zD.f...puz..C..i].g......\.Z./....?.'D.=..*.....("..t~.w\..._...YTe$j..1...t...a....BQ.....s)&.....Y8OkM.r}.....#....Z..%.....5G..'....36.-...F...f..^.Y......o....|.Y.9..k.......j.O..0....Gk#.....W#..J.....{.?z..0=...5..G.r.....2.j.B`....q.l*d.h.pTe....c&=...).....o:Np.......2k[.([.+..f...."."m..D"U.........i....|1k).~/...k~..-7.8.u...;W.Y2.@X|.gb..=?...5#xy0..No.\.N.u...'...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Adobe_Acrobat DC_Acrobat_Acrobat_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37314
                                                        Entropy (8bit):7.995439939205074
                                                        Encrypted:true
                                                        SSDEEP:768:JZGUal972q4yikBR9mi4it33dvLrYjuPnn34WjRbx2fHGuQmg+yF:f3Wt24r75ujuPnrjlxKGuQ0yF
                                                        MD5:D196A833BC63BED410B89CB2F5A8835D
                                                        SHA1:95A98633699B4CBC595159C88973A12A7EFAECE4
                                                        SHA-256:B19A5BD81416BBCD1BFA82A9381FA059216B9A56F44329F554D56A2607943238
                                                        SHA-512:5F8A371FEA3793B0E64BCC30D4384264CA2F1AA92571CA6D739A549993F9057F27A507FDCCB2928851CB99A35D864BCD4CB6B0E780C1488F22FF349C54849CC9
                                                        Malicious:true
                                                        Preview:z...56.z.9.5&&E..#..1'O.....}^.`....".......>..*1f..@...rd..k.....X....Ti.6.....Z.}q..>......A.dnu>.}{..?.jv..'.?...<.&s..\..!.3.F.L#o8..T.- .:.p..wV..p.@....x`s.Wi..a..*j..K.V.n.;.......*.|3.........c...:z..Dm*~f./.1#Z.?..D!.Q...s.=.......oA .C/..%.>u.......A..]....R....3...u..+....1.p....S.zN.?c....1.WSC{.H.2..Y...4.k.;..E..A..rO.f*fRY.....`....OjX5..}Ha.R...Y.r=k.. ..1.b..2.t'.Tu]8.a..@.....8o.qF...L...4....W)u....:N.b.\.X.I....x....my|.|..:.....(.j3...pP.;..S.........o>......\."L.).p....%..0.G-...L..t{.U.........O.%.......S.........r.......@p....$....*...,cR.a{.......!K.,C.(.H....|\..a3..P@../. N,.......0..r`0YK...F..&..."{$.Gn.l.F....qV....OZ....Q.`.].]..>?z.yj^..sl..%k/...... ...:.;..-...mv4'.DQ.).....+..Ha.).).W.v...-.'.5........>...x..o..%v...X..k./G=byu>....c..-..^5"...P2q.W....iC..4."...E0....f1WJ'jJ...a...!.....W.T....TT^8.J.Y.....=Y..=.....\.d...P..N.UJ.bC8..84%..t..Gh..V...`.uJ..........!.><<?p......e.]...0.-......

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37342
                                                        Entropy (8bit):7.994473812178197
                                                        Encrypted:true
                                                        SSDEEP:768:KO71TcG/cwj0EAoTsD9uXxZ3diE7Wcyog82WZF:K+NclwjhAoT66xd77WcyoVVZF
                                                        MD5:B0E7C12813055A0E76FCBAE0A74BC96C
                                                        SHA1:1F49EADA5A1A8F278D14BC47F36D49D6E4FFC9C9
                                                        SHA-256:44B53D3259F7CDD4DAAED4C82326E4EFDEF67F6F31562587172A7CD1637A589C
                                                        SHA-512:D20B265D3128B9A316B9048102EBD32E9D9057BE9DC0593F5C6EE7C287AF8296C3C7CDDFE15113CABF4B14D570E4C1256A6EE654787DE9238AF6EDD9B31CE269
                                                        Malicious:true
                                                        Preview:H8.!?.SA.h..].ah0lkd{......U...#Q.5...r......,.J.q.JP..v..Q...3....e...o.......6.< .d..U...]....%V#..8._..'..r..\oK..iv.A.{EK6RD..8..E.....h.^...o8.6`r...M.g.}.R.....?.^..a.J!h...*.hF.....H,...Ig..?.p.f<.A.b.y.!.zz.@.Q.y..k...7..........5.......n....u@.9.......%.%OX'.&....p.|..R`..c1../.%.[...J$.5.."..UCH. 0....<Y.1]`...Y8B..Pqe.>...\....i.r.H|.&..$V.....F.!^8.Wh..@.....x-..5_oY.jd.o..u..$..Pp.d++.b.....I..t.;..h....'.N.....v...>.5..r;V.+...h.C5BHr.R.F.....l.>a@A.[.h..i4..(%.?_.......,....w3?..(P....._..A.f..&.M^...OW....u2uHY%........8f......D@.pF.... ....G8..N+n..S.A+....P;~.I5.o.W..[3...R.J..N..J#.j...k@.Q.%.!.:..z..g...CN...D....F"!...Xf..y..;...w....+...z...$7k-x.Ik..4V.[.Q...9...P."...7.X...T.9...o..V....&_.[z..S..........<.`.....n.~,.....h..k...U3.....>.'..iM...`........T.Y.....M.n..E6....D...UWS;....P..?oG.......[..t..LL:`WmZg^d.....YwE.9....u(.....;......>..5. z1..L~+...I}$....k..qs...].nM..|~.....%>d-..h.^..\.C

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Windows NT_Accessories_wordpad_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37332
                                                        Entropy (8bit):7.995222379163014
                                                        Encrypted:true
                                                        SSDEEP:768:AzZm17uWn6vo3Z0Tqo5LoEhGBL3Pd6ihlJlFv5mLt8NvX2F:oZmbnoHTNLtW3lNJlFvQLt3F
                                                        MD5:BECC2DA03EA0DCD10E8E8FCE9223BF35
                                                        SHA1:59E64226DFCB842F9644F82C9350F01413EF0940
                                                        SHA-256:1677208CFB504ACB82DE73910BDC0EC7CADB0116DE29A59B0994F9C20696E353
                                                        SHA-512:94264A1F756EA502D59BB6CB4FFEF273660E00B6D3CA058ABF643E213E331D499AEC4B5DBA4437B0EFD46CD198C9C9B13DA47808BFCA28945CF3D6DA4DFB0B6D
                                                        Malicious:true
                                                        Preview:N`...I,LB..)G]...K......29.~R.|((...W....V.......*....F.X.....E...'..u$.%Tw......g.........,V.......8..cx....b..}.T.".5l.RPA..!n.C...*63z.....;.Y.#........Pl.........N..r...B..E...p..L:@._......*|x..%U-.Tw.g-.$Pu.....5g..&.*...K...!Xo..>..@CI.&..8.7.;......n!.........Y.......<.Q.G.).....L....Q...P"...`$.Dp.Q....8.`P...#Ue..4..L.\....h. ...1/.m..UR.["H.g.p..s.......J.r^....e#S..!a..>.r.....'~.m{...V-..`.............]S../1...{.....%.........P..3ICS..}.......l.........Y*./8.`.(.r_C..Em .H.U...hr.t..8....Q...d-5.....g.w.R(HHP....S..;.."f.&Ku.Q........Pu..|nv..D.>..].........N..m$.c....F..+...j/..4......Z...cl.e. ..[cyTh.P......2...U...y..5...u...9.Z+u..J...T.n...+y......KL.e..{.#1Fl..(h.....AP..D.s...gk.. ...@.Fy(._.U.2.v"p..'......h. ....<9..N[..!.......t.h.z..X..i....D%Q3..<..o.H...C5e......b....8M.ub)l....S(l..W...w....V...[..1I....4.x.2.Y..m}...+..E...{..i.'..`..%.g(l.U..o.i.I>hk.\<.d5.$..|....V.4.......(.D..)*n`.-.61.:3.'#....S.SG..5*

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37312
                                                        Entropy (8bit):7.993991219859838
                                                        Encrypted:true
                                                        SSDEEP:768:t1vixK/+YMoeXZnLYHwTxxAe+6oajNHdmB6xL+2HK1Oq3p8F:zvicB7CZnHxKXpS5+2v2p8F
                                                        MD5:CE5F6800F69FB26BA2B2C0A0BCA7B4AE
                                                        SHA1:E8074C855A61DFAFB3BD09A784393986F5116DEA
                                                        SHA-256:EFB0F05F21A6F819BCC26340AE59AB3F3BC596B2C9F326C1911AC00FD3939C65
                                                        SHA-512:8789A5BABE1143F037277E8A0D228ADCEF5419FC56A2F6D09E3C586B7A3B6B62068287B21A68468101BB8D72ED16BC124B7B4BDBA2857314F9673B064AD265A0
                                                        Malicious:true
                                                        Preview:.S......xA.#...#t99.}......3f.Z.C.!_..J?...F..... .j...AL..HI...&.(L.......qA[.h.sV.tg..s.-......0.S.@......p..m.A..M...F.,=@.2P...M...G%.u$.I%(...<...W.z..]..&.1.l....[r..z_......y.=.....!.pc.Q...f..~E.Vv.c...[...7.+...X....8....Y]......T.l{%qZ........a..>.8lX..m.+[t..O...."-qI1,......v../(.........V+."....o....J...^..G..>.n.g......O...mQ..m...u.t2.8..|Q8..o]a..\.x..Bz....4.5.p(.z..`_..p..a.OJ...;.b\..IN....O#zq#]u.f.0.E.M.......h.Li.O&.9<...&G.L.8uV......XO..,. W.....ozp."zD`S..{.z..z.R....g.vvW..9.?..!.X....G....@0........p..A.o...@..v....nT...#..h%*......s....^,Y.oy..Q:}.CC.....R.*.`I.u..j..PD.`.>.d....%......lR'{.v'.Y>5Z-....X.ZmB*s%h.fl...n..e~y..x.H...=..*..u.OD.._*Ck.t...[...Tg.o..T...D3$.A. .[..CF+0...j..R...Sp,.a.e.kZ./.6/P.s.gI..O]...-X7..x.5...[..$.r.....,.i...[...8..m>s.I(..v!....X..a.|..m+..F.t....\..>.H.<h......a'd.T........V.1$.'..".6...F1C.KL_...K..U}"*...y~0."<.al.j.S.?.. ..d.N.t.nCwg.w.:...x ..N.\..d..hC&.;..........5].>.`

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_x64_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37318
                                                        Entropy (8bit):7.994692418681169
                                                        Encrypted:true
                                                        SSDEEP:768:3O8IpzqtsWb5Pu6RE4R+Iuoe65l29TSACg1P2WVV8Ihp9yrF:3O8IaPl26ZokeMmHf1P/hjyrF
                                                        MD5:7DC699ECD5F93C4D7DC88DC606725A85
                                                        SHA1:05542BA2D6A9C4251F61EDC0B572C78FFE605D0E
                                                        SHA-256:E1B257752F340449126E0749F89C4F77A2DC91555FA509FC7713534CF08F5409
                                                        SHA-512:4A909DCEF953B4966F9B2BC2B1524B4E5AFB04A2868C8F5AB190C73115F6C140FFD485566356553E31D78818B732D82DD4E849AEDA1593C7B427D4819D4EECFE
                                                        Malicious:true
                                                        Preview:`.4..JC:D%Jo.|X.z.n.YB..tS..dL(..v.D`.....S.**...+"uj...+clv..a./.U..t.......}...&..b.[..-...#z...%Of.8..k..........(...L...>......2..v...+$.t.s... ...5......7:.....F.VbER0...Q...54@k.T.WX.^.l...`..u.[..wu...W.3%...e.....[d.=..I..\.C8)..BB..^^.b..z,..Kt..h...........F.-5.v*.1$.....g.....L.G>...........*Lz....*M..@ ......;..7..T.....C..._0..m...g.F4<W.V.3k..4aS.).{b4..~.`.l...J.U'..L...a.......M%.Bk.*..H.I..p.).rS.).Q\..,......k^M&.J...ZOKU2........f.1.].Or..U.......{.p.._zQ;v...j.aw..m....\.E..)v_.X.<........@.T.a.).9..?z./.T|..n.|.@$...&..-.!...A...+......~v.W..$B....* "..*#...$.fUR..wE.Ww.J8.....@...S.....o.P6STl.. ..H!&GI..MQ.ov.ApN.n..\..w..R...p.[.8.Ua0...Kvz:F.m..(...Q.P.H....&.J..Ol..Qy,...Pn.W@..9...p.J.......!.....o.....b...&.a&..mT.(."..+EU.k[...hg...."...R.......k"....c..><O..D.t.n"........R...D.0..E.N.#..#fc..j=/P...l..Q.k.3.8.G&f....)[...."..9..\../...q....^/....5.a.i]`c...3.N~.enU.!...zI..3.=........[%.q....M/.oI3

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37311
                                                        Entropy (8bit):7.9951096217991715
                                                        Encrypted:true
                                                        SSDEEP:768:+UW2Gb1rwDPKVDW7Z8rEv5BdfnE1a3ESvyy+XS5L1hV/lii21F:1bGW7KskEv5fEuESKdXOL1htlM1F
                                                        MD5:D0C62B44B0533F161CC821DDDF369431
                                                        SHA1:37AFFB44DB46BC5BEDF92FFACD61C492DE86527B
                                                        SHA-256:32AE5DF985A3D249A5F238488BA09A3A7A2613798C3F7878C3C2850E0F48E52F
                                                        SHA-512:581BECB79B5FC08C38EC386D87DF10F7991CE5ECD96F89A2B8F283D7C353F014AB67B0D02BE891F2F7AEA692E3110DD64FBBA88C0574BFD51D7EAF182979F87D
                                                        Malicious:true
                                                        Preview:.l%v.Z........G..... ..v!.'6c...1=.!....1.CN$....ga7N...n.."^.EJ........LQ._.T}.......J.+.....<<:.E.=.....%F.?......J.ca.C.w.m.c..\....x..0..p.0.N.....;..*...g%`...-......X.~...c.6BW..09....7b./~ pk.d..p.....J.).....0KZ...+..J.6U.p{D....O.tcx...z..x.e{.z.*....A....9.b..?.......B.3..N..E..5.t,..+..wN.6.S...W.f..[^\..3t..O...=.....L....5...R.B...&zZA....h...(....-H..mSRi...kH...t..s.......-i.f.ha..8ud.h.<..C..K.L".....,.2{h.m{zp7|88..+d..<.9%6.$.4;.OP..$,.Ix.JP7R..:......%..I..V..b..'.i..._.H..:...'..l:A.6....xa.g..~.@..C.hTA..N.Z>..ic.c....!.0.p.....\f...P..x.#.h..ni:..=....G.Ve%q,z.^..;(J\.x.g..>.=..#.^.s(.|(-.[3S..T..:i.OF..i.Vl#.I......Y..BPf...vb#.x..$f...{....U..]./.5QC.[..{..G.......U....@.+lH.n.``.$T.V.~.M/O+..X....5}.y.r...oOa![Sq....._"QX.T.xR...wM..p....a..JG".H.....C.B...s...N.H.!......q./Hu.E..r.........rj...<.r.%.........B...~6.`.a..t.I.Lw......R.3..'K.uV...[Y..P.mA7\..r..:.G|)../^E.CFlc.....*.........O.>...a...9{.Ze...-9.{..(...^

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_x64_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37316
                                                        Entropy (8bit):7.994879366903882
                                                        Encrypted:true
                                                        SSDEEP:768:eGdNp025KRMgk70TNa2X5Z91bmjV+4N6LmzQS250mRj1vlZSUK9RnVHGVF:eGV0hy7MNR5ZzbQV+tasXR1lhKPNuF
                                                        MD5:489CF27AA4C32EB78E188158EA90A4D4
                                                        SHA1:611A1E2A66AA02ABDDCB3DB48C86287DADA8B751
                                                        SHA-256:988102F412C07F061ABCB6683D6F7BD65159F10EF182E950D35BAD18A545A060
                                                        SHA-512:B15D1E3A177BC5BB29F3DC89F88C30690A053977ABA74B53B37D2A8E28C4B21F93AB7E8F04EF896655B00FFDD404EC39A0681BFF85CB237FC905A1734EC970D8
                                                        Malicious:true
                                                        Preview:...JH.......V.66G..1.F.....I..........=J.N..xnN..>.._&.'B.^-.rsx.h+ (fN.$...%.J.....^0}..*.!..n.u.k*...Jw.r......90x....P..&u...@.(.....)..bCj{..'=l.6.[.{..u.@K.._."(2....L.p....k....H..(>.........>.<bJ...........UKDHoD..@x..c@.f.Z.{PtZ.$..Y&......."..........Ue.*>.7gF..Mm.=DV;j.o..c.7.4i...$<u......fc..../_.s.9...FB^Ia@....F ^.S:%...xY_...7=....Kq.A......).....Pt/.xQ'..;...}.8.3-.A....."..7.TEn.......4h.Q.....K.......T.l..mp.?.\.2$.3.<XB......QJ.)...N..)g.........r...x"Pj...V.......?k/w...OO..u.L...P.Mr.Z>$.Z.........#...../..C.....$.5....h.8.Aer...d..C.H+$.....BJm.=#........d....9$...^.e.[.$......TP..1YR9.M...O.....-W,...|..)...J..0...r....5..j....~k......~...J....$...5{...E.H....}.........\..Be....#u..:....Y9!OB`.RWu...f.<....i...P...h..2...].w..9U...Ds.*hl.j..JD.<....N...7....0k.v.g6=..;z.... .Pw....K.....w..]....?...>H.....{...R..f.V"M.a.%.Z...B.".?......;Y.l..w.3.\u..]d....C..mm..?y..&..f=Z.1..ro.@.T^....J...../..3.g..#'?-...U..l.S

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt v3 Website_url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37324
                                                        Entropy (8bit):7.99532132612602
                                                        Encrypted:true
                                                        SSDEEP:768:iDyRpV3Y3U3I3Iw9OKs1dX5ZPYTTwmTItcYpAJx9z/VjUSF:ieV3YE43IxKwJyTJ0pmx9lF
                                                        MD5:C27D130070BC81BB2FFF4082E9E2E635
                                                        SHA1:435EAF1FEDBBF00C43B64FE47CD5C262C3DE9E1A
                                                        SHA-256:146EE1B68B653C1BEC453757F09F31DB539E1DC5A6FC871A52A6ED96237E85BD
                                                        SHA-512:704BE73EEFC2C4EC44798A48375866180C38F7E8590EF51619E50D8F94EF9F1E415FD0A778887E1FADDCEF7597306BC86252E74FC83F7C4666510A116D072607
                                                        Malicious:true
                                                        Preview:q..4.......>.....7.JQ.;....3"{.K.9.....iYn.7&.4.9}....p.."T.OE...0f....$.NS616..hB..Li.j...|...MS.%.V.=.f.Lg.......;.l4...,.W.\...^r.O..9q.!..r...#O...-.3.t.|TA}.J....v.[.....\....~.i0O....$...L.r.F}.bX. .'..!'..9/+.:j.F..kp.....2..8[....k...(.JN.....m..."....D...-..P....O.{#.+:..*...Q.af|N.R.F.n.,cH&3.*hQa..zA.A..N3}....e<.T...}.......#.-..g..\..TA2.j...D..lJ.pHd.b.....Z.h....[.J.Y%5....rA....Q...4.....J..UN.....#.JZ.C.$..e...EY....!...VY.k.|d.S..3.l.dA.6.W@...[rCQ.....u.^\...m]4.b.[+..^.v!.].8...y.jQ)z....~-:.;o.9....=...t'.\..5..`...s..ab.bw....@.O\u.1F.n."....1\).L>......O..Cu.e....:.n;s..H..........Z.{7&......a........A*.B2..K.........!.@...:..t...3.[.AJ5.`..szX..V........a.....7.!(s./.3..h.u&......6...p.].......3F..5.../..O.8..Y.j.['..A..../.......t..t.d..[...J .....CT...b....0.rqN..PL[.ES..1(+.....5.....e..W.w..fL.b<.e7G....:..Io........u}.&.jL.s..k.X.....I1.+.et$1..DA+s.Z..q.1.Y....*.*.&....Su...~..z.m`S.........s.FSF...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37305
                                                        Entropy (8bit):7.994916629852555
                                                        Encrypted:true
                                                        SSDEEP:768:Qr7lxHd1s0gJk6hohl3YqUOggvnz09p/2DHDgE4HC2SVUWy4DXQkUF:clFLVeknNYqUei/2gC2S+W/gLF
                                                        MD5:77520933495CFDDFBDB09758BFEA5247
                                                        SHA1:6A71031E077E7772295DECEBC8CFFF6AD72502E3
                                                        SHA-256:ABFC4A792062949699E282A97B7BDF45DE121B16F0744C7443DEE4951C9DD97C
                                                        SHA-512:40AB9D75854960BF999EDFD3A5A03310DD9BFA42741C602E7F11BF7CAD0501837AD28D4CDB67814E7804DAC6C52E1BA448CAA5449C8C15670E33DADE13693094
                                                        Malicious:true
                                                        Preview:...L...E#2..a@E.G..)Ff........|.I.ya.'. .V...{[.....k.3#u.....w...../.+.A../.x....#.2@.Z"..X......V.u.'...,....u...EC.6.Ho...l....w..p.;{........aQ....E-..wT...Q,C..8\B...L....o.`......Tp...g..?..+..E&.G...'L.q@......_^2......gf..;..S.E..AWQ~.w(.%N|R...........Z.*~..>...l.z1?....7.:0...it.......^aI>.0......9i3......v9..GB.....+..q.7....H.#....8....x......o..... is.......t..9Zb....@tRt4Z.\."...{#.....~..f...NF.=C.Eo......WHy.LO.Z...Hx.x..../.9....0Gv..!.m......q.b...ss..0-.zE;..ME...y.gl....P..."w:@..6i...4...U`Y.g..G..1m..-.M....U>0.....h'.@.[.......$E7..O..(.?z..%1...iN~.5;Th..)k.....:P........T.p.L..T$,b....\.....,.......u.}.-'...".i{O.B.....&_.....Q]..}8......b.W.YqNu.I..w..k.QL6H.&.87).2g|.o.C5........c.q...."....[..^w>.@..f.9R>!A!I.....n..?M..i%.y..u0.IJ.cU.]...Jcl...Q2.R.@.Y6...6.)...b./.]P...ecV.e..7y.a....BW. `o.....&0.......`.#H......$R.......]......[..k.M...S.p.H....5b.;p....X=m..c.C..t..D.f.#Z....-.......r....Q...N.xtci.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_x64_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37310
                                                        Entropy (8bit):7.9949324502616745
                                                        Encrypted:true
                                                        SSDEEP:768:Cpao/qsWuf8lDLOUrn1z7SlrMtG5sGyWD+GFFYvSn4T7VFnmRwFO5H1ueF:Cpao/qsSltn1z7UAAOGP+kSSg/nmRt5X
                                                        MD5:B14DDFA51F5372F818A3266A474E0825
                                                        SHA1:E6E65D52F744FE705355A3565DF2BDE2E309F52F
                                                        SHA-256:0174AB8BD6B05FF2189CE8B9F57237191A1789A3796EF1260196C69C8C7C553F
                                                        SHA-512:209D27FE757360F4DC87F90BB99BDA488EDE375436B1ADD3602A6CC1D34AA8C809D5B3BAB7FB9953415F34F3B9C6E93E40E73EA6A5721EB6A6AE9EF150C60986
                                                        Malicious:true
                                                        Preview:+..r+..}...ob....../d5.[..-.6..4./.../ng1Be..\.....(.h=...E..d.q. 9.....U.....~oD..>.xm....Y.m..E..m..U.:....}.....K.Y....K.I7n~..3Wk~w.......fO[.d.J\.-OBY.E;.?.P......u..qUQ..9..{.. .:.V-..H.;....~..U.rJ.....h~.......f{.......YA.z__.o.(..s[.9..i....2.EV..Q#..........X.2..-.irE..4 ..B.........V.cJ........dJx.I.......G......S.U..3yT.-...*Sl}..2d..}dL...SFZU...a6c.7e....Qc$...y..j.."......X..].'{>...0enX..N.}...z...o.p.p...[6b7...m..:M.l2....`n#..*2...D>.j%b.....8.mA..nZ.O..PO._......%.../w.[..qK.*...cH.3.2P6c..mPp.d-.R..t]P.0....%Hv.d.8.h.nD.-?.-......0...C1S.........(.(....C|.Ila.k.Z.@...N....l....w.|...1(K.u)Wn...|$....mg..v..Q[}..|%. \.Y.k.w.w......LR.ke.;.....%7.(...x]..C......[B6....u..CB.iA!7O_...K.).1.......}.[8.[.. ...*8u...B........w.]4Y3.a.d/..$.<Uq.aWO</.;.E.#.uTKC.G.Qo...5R.~.#<Q .....r.z.3K.....G.0'.......]....9.)...../........R.AF.=.}"D0..85Dh.e(..]/....Mt.'+qb..o.c.*S.=Z9.....i.V..........'.\2...e..d.X...IR.....m...t.h `.x..Y.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoItX_AutoItX_chm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37309
                                                        Entropy (8bit):7.99551607481778
                                                        Encrypted:true
                                                        SSDEEP:768:3/0H/Kxa2DVEsw0WyBlBhRMbzPukFMPXblCbs1CwbTMPynblF:3/K/NCVEscyB1UPukFMUQbT0wF
                                                        MD5:CDF0AC5610E3D48CB923650AD217915F
                                                        SHA1:EF28AF4E7F56FDE5B995815E1662603D73C8F8A9
                                                        SHA-256:58F11F87DC785011DBB207F25CA6E49BC6CE36301886F837EBE9DF2BDAE4142E
                                                        SHA-512:7C657C0230AB5AD59AA9725D6851F7BA7EE8CAE81CAD5B06097CD63A98E8B638769F87D7E882710C84DA612CF1434943A5848BACA36239343FB1E94BDF73C461
                                                        Malicious:true
                                                        Preview:Ac*...!..SX...H...={......./_..B>.P>..!.9..p,Q.y/."VH3...%.yOX...L.QO..E..j.$..&..F#...1.)....h..>.Bv..=$.U%._s..M.@*R..J...E+={7.gKY.......Y..ZY.'..w.7y../..h.>j.V.~...WLi ....R[J..I.i=...{....g.B......M........h..p.P..W0i.uI|.%.*...B...t....b.............T.K..5..8....M.(Tm.H.!.b&.#...E.Bq^....V...."..5n..[|8..Y.D8.P....F.d..Q{.....J.V.D...r.]..4.l..tI`....Z.s.(3f.a...O....rY..kQ.qz..T._......9....i.A<.W...L>.|.[.......~....pM.Gw./..'.t6:.o.b.....D..J....i.A...XO"..6w..B..%.w..."...s~..*s..f...(...".^..UW~.Y.^....W.6.JI.cu...g..bO...........5.+..!..h...n.I..=..N..h.ZA^..q.{e"X.i.Vs/......'.U8...6P.c.q./....(...... wI....B..a.H..$.s....aW.=3.....|..~.x6u3*...j.U^/._..O..z....k...z...|q.O9..E..vej...r]>..C..2__..A.......B.^Qe.:X..F(+.NH....T_WA..3....nRZ3-..........y..H1...m.6.{......'8N...K.8S2.B}.......#...&|.|'"....Z....`Y)j......\..&&....Er8.<w....3..w.p..].eHA...[UC?r.*..z`.=.....l.i..'\....<5..>.."G.SQ.."q.....z".E..B.o4I..[.]..I.6......N.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt_chm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37307
                                                        Entropy (8bit):7.995522447587768
                                                        Encrypted:true
                                                        SSDEEP:768:L1SsloXve4WgCXSsqEndEivxem8hS8C/Asdg5aUF:clXG5HXrzvx60uTF
                                                        MD5:2D1FFA39659E17EBF088A461D99973BD
                                                        SHA1:06E4BEE5FBBB0126C7B2C2114882A9BB28657B4F
                                                        SHA-256:E66ACF03CAC1F6390F0D4630A9D873B70CDA34D815ED81BC56261CC130E17231
                                                        SHA-512:DFB30F8DDA2064BFC738216CE5712B219993D72ADAEA559D943EC5BCAD65A8F59F6A468419D865DE99131F9467989802F42E675627A26EAEC5513ABDA49119D5
                                                        Malicious:true
                                                        Preview:l.ekqq...&33.W4|%..mB....N..v.....eSa..*.z.<U...:.t.(["............iN:.F.yg..u&.d.0r./.S:...[.~....7I..\.j9.g.L.}...5.1.v...*.....'..-.U._Q.fG.+Dz....h]....V...G_~..ZD.K...3...J.;QS2...l..A.Xn.'...~G......3.0$......$.....ZE.U..X&D_.......@aQ.'.1.b...`RQB.K[D).#.&.WOD..9r.taH.I...a)...|.A!I.b{...U.r"wk@..V...>.+.A........j/....r.X........2.d...Kh....R.;.L3l Y....`..[G.."....4...}.P1..o.A......j..9.....;#..CM...e....V.6.K.^...6...%G.#.;...~m.E'x...$..y.;.u...(q..<i.=.5....$....JV%...{#.R......1V.?S.3...^..+..fo....G9...|.....\.wT/y.5..rc#s...W.."......C.1@.{...D...`..e..3+..:.B....'.....B.....!t./.5~..|..........o......,.R.R.i.Z.,/...Ci..B.wEg..*.#YM...H.).|..lF.......=p.x3..8..@..P.|.............z.lL.Oh....}]...o...7.......b...h..6=.$.>.nZ..un.XU<.Dk1,j.=..rr=.o:H. l..l ......#....Q$4....c.....un.o..DeEZ.L`.?......{...'aZ...<.N.Qc)gL.....0.....~.[..,a..".Q..=..z.=.~0.....V._Hh.....C..n2rd.....p.......3.^@!$Z....[6.Pe.......<..[.S.M

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Examples.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37315
                                                        Entropy (8bit):7.994814418111793
                                                        Encrypted:true
                                                        SSDEEP:768:GdFx3rN0b2FkbK4RhiJ4DtqjqBk/DwwPjgKLugi6pkj3cBodF:o1V47iJ4Im62/h3OgF
                                                        MD5:D2B9B47A170ED27C6618BAD7EC1D85CC
                                                        SHA1:040CBB4BD68F184C2643F7484D95FD636F41637A
                                                        SHA-256:33E77BFF8E93140D87633A2A1D4781C9EFA8B86393E138CD2095066C1B206EC1
                                                        SHA-512:83C30470091D26666C58F6E02FEE42BBA20F742806201415FE4F6D393A711F62571E429DA47F00B756BF1E9097B9E58AE3709751E0DB90F234362B498FE04791
                                                        Malicious:true
                                                        Preview:.._6.rox..4bC.Kf..A...@g....R1.g..M..(.Y...$N~......G...W...S...f...q.e..a....`y..z...........p..-t.R}....g.%....IG!.......#..........a.N.Od.~....S;.Gr..E350/...Ai.8..l.4.:.>S..W#.Q./h..ev......N....m*....-.U..[&..wj.k=..*c+....O)h=. ..Q3..8...'..Q#J..y!.%iq.....*....JhH.!DKYhG.....W.bA_....:w.'.XL.;.|.fl.f:...-?B.^..!........E'..V....Z`.2.p.KG..A|...d..UPGt(.=...F$Zp.]...|!...sM:.!..c.V.zgx.D.l.....eg.....T.....Sw.......d.v....p.|...-..@...x..#._#t......1......:.I.\...0o..*.^.M...\a.@].\..T.1.....5..Nc...<Ve?%.....1...j...YUbz6...}^%.u..J6\..D..<.pQ...`.7.s?].D..Q...j..E-.G~UA.z....w.u..).]i..<%i."3.G.3.rc...t.\......<F<.?Lw0..(.|Q.........-k.Y.Dd=pi.............$A.O. ...Q....2......N...|..^..]...Dn.?..(s..b....vq....>..............1....N.H.l..;.U..7.H..c....y".BWH.k+.H.x._..1.......\1.K......r...n.&..-..P.u.Dc...}.......j[.........:.ou:B....,Z.....p...$.(.a,....7..G...d..[..9.....iw..]TAuG...D..`....QYy...Gy.:4.p..q..cp..0_...~

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Extras.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Secret Key
                                                        Category:dropped
                                                        Size (bytes):37309
                                                        Entropy (8bit):7.994159663172311
                                                        Encrypted:true
                                                        SSDEEP:768:dM6B6Wl5yDp+5atQZPAr/WHHbbxvoykY65c7DH1d4qKjVyeF:dM6B6WjyDp2vZ4ruHxoE65c7DHLUjIeF
                                                        MD5:F4E3B5EC0A64B3F5D6E158CF45FCFBCF
                                                        SHA1:3C9FD50A7EE51314618AA6A432CC473ECF356E64
                                                        SHA-256:735DCDCAB10BEB4001BB8C9D3F3BBE6A4D7F8787568B665478820FFDCA77A677
                                                        SHA-512:A7041C81724C78587B23E51E97A06C5D3A5B7A76EC91AD560F42F1FCB7A62600F3EEB5E14F381CEDDCE3A5C224A1388C5051C94C52BAC8B983D4A2CF2463FAA1
                                                        Malicious:true
                                                        Preview:..:..^..R....._.vb..$....X.....;...x..$..&Ad....q>.Wfn.9......O.....C.OE...p...b..:.c.>s.:....\0M"....pA.A...hP.hd+..;........5D.._...p.......v.S..G.yr....wr.s..TH..;...H...8..1.@Or#..Q...."N['y.. .&...59..l..K..,.=h"0v.YI....(>..;..yN..Vv..Ev....l.H..4.....\.i]...[.]..f....K:.h..............8.$.A....28}..".8......).5X....8...c."..3l7^.+.....<..W.......&..h..nl.%P$Ct.Y...z..Z8.J.b.L.,@.......q%......=V..$.E*$}.7..y.uk....K.i.<..s.L1..Hw!S....D........`....Z. 0ho....I........v..!7....Y.... ..6.w.[..3.#.JKc..Y..1....D..).l.<.......='..@.-.........j....w~h.yj.LG....$.Q..E.R...y*..[...r>...+4`...q.....&..d\..(..q.#f..=..5V.......^..Y.=u...w.Y.#i....].m....%..-..m.....*.%.0.J..Q?..P.;..z.......LF..0...D3]h4lH...,..G+.b..lBPT.E`..U.T.m.2.....s....PS....t.0.....#.A].....x!.eO..y..4.S..U.G....t.$.A.+fL............S.r...D7^...<....H...7..h..{~@...Ml5..}Y"....2.u8......n..6....K..y.*\.$J.).... Y;....A...c..2......gS...I.Hn...6])D.P...b......K

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_SciTE_SciTE_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37314
                                                        Entropy (8bit):7.995096180302121
                                                        Encrypted:true
                                                        SSDEEP:768:tPlVoyDmS7bAHx0IipmBosrUtu56FaR3Eo7jjJey3+0TNzj2FmF:plKyhbAHCImmBotU56yEo7jjEuFpzyF4
                                                        MD5:E90605E7501F1EC974ACC77122B4DCBA
                                                        SHA1:522A5288B74A7FE2A457E6E94E656EE57793CC64
                                                        SHA-256:2C9B761040A06F51D8742CFD992BE4429E8A2E416639FC7F8088794F11EFA140
                                                        SHA-512:8B8BD0F491A22FDA39D8C3D93DD4A9D0C095CCC3C75B5CA5DA517451F96264EF16DE814B8BF2CF2DAA17671FCD7C29329A9E19EC5C518426ECE4CA4BCFFAC0D5
                                                        Malicious:true
                                                        Preview:...X,w.[......0([9.e.,.........Z.X...w.Tyo...n@.\Z..iB.1.0T>}.....[N].8vD..O.......<.r...J.m.....!U.7..!........m........n.-Gx$.="5.....D.:.e.&.........O..5M.}..yI..l.k..kk.;.$. ...b."..[....Y.....$c.C\z.Z.U.....8l|n|...^.z..k<#..O.]~..u.+..~:...JI..'...lF..j.#.e.N...PN#,.R...^#....-O.g.~knz<..........k.P@o\.%......JC.....wn..F.K..m`Im.S.~..=..61..v7.5..y....X4./..F....A.....yZ1........~.......S..l..#.......4:.r<e.(F.,......x^..j)...y.z...V|7L.mj.....tF90W:$........S....ex.~.....D....O.Z..5R.\........03.~.!..K.......'.......4g........*~.....=....j.q.$I../.|:..0.u.....*...Y...*..=.PN...4.y....iG..m.}.O0;..6.o..0h...t^."......(..k.*...Z)q.... .E....ns..X.>..>.1.....@/.QF..aFN.{.).'. #b...s.z8..a..........L....3@....M............].....A..5/S......~3.|.P........K..8.;i.E...IG>W.HlW.....%..u...-..)....x.,3.{(.8..z.$I.b!....A.....S...0.o...,3.m.S...G $D..z.).#.w.'...j.....-q..0+../....."..k..k..r.. ...).#.E.s..($.D6y....r).jr.2y.4|...\...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Java_jre-1_8_bin_javacpl_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37326
                                                        Entropy (8bit):7.994562459716232
                                                        Encrypted:true
                                                        SSDEEP:768:+2tse+EB4zPTANhiSrvlq5LorBVSuw9tGAGTENfE2ijrY2LylhcnvRYeF:bB6TurvAirPxwvbGINfhivY2LyXcnvvF
                                                        MD5:C75A6762A41E414C6222A77E10EDD4CC
                                                        SHA1:7215AF5DB2555B77128507DA9E60281700C1A72C
                                                        SHA-256:9BE5155F81AAFCEB13215E3905786B8BDB27955E67B6370C8C23FE96CA4FC6DD
                                                        SHA-512:C7B89782791339227C2B26802C12955C4859CD791FD92F14E2298EAB8A4E0EFF36DC9CD54FB1F56F067CD426E40B0648F3466F453FCCF8423BE07D0D155FFCEC
                                                        Malicious:true
                                                        Preview:9p.`.T.~.5.C..Q.....d....Fbo.7;c,..Zpb...U2d.lOH..r9\..E........\.XQP..._.KK...VP.i..._...=..i...'.{.. ...q...._........;.94U.b.....9.&..s...`.N.t.38..........Q.=:X.928..Ntyx.'O%&...)&|.M.8....[../ug....`...6C.....2#....G.....X!P_P{jq..Z.."..]M?._.`..xA.....4.O.._3..c...{ ...@.!.U.vE.y.>.>..l#...5. ^@.D..v.0. ...mm.-.t.X.!...z.....61.-......~.v.<...s..+.M.]..o%.X-.2.U.O&....w.d..>...../.}.%....>...osR.......[...".o46....M.9?...$-..lL.Z..#M..i.y.m.......-.w9W..k1..G..)...j..-.!.s...6.d0..Y......5O1.j5..T|%..+..K[)S..P....'t....H..,~....c.....!f..U.3.....c_4.Q,.....'....7?+%&S.sxH..F.?T... .1.a.A.n......:S.O.-*6.D.3.*.~......[.W.h.~..:&.F.2..m.....^*z.>..b#.w.G...N,.^...*.Y.q.+$.....<.A....xt.1..>iq..]..-]2.%.~.I......E..Z..1..@`bK...#..f./2.;[:..s..m.x.O.3..yg.F..X~..`.br.NX.c..v<...$4o..D......})i....z"kED..e5a.).4......xD..j..z.nB37.f..].+..H0.....>D.......C...iqx$u.>..l.02...[.w.......?pmq}........R}G.l.e.}.....K.L......~...Q..1

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_PowerShell_ISE_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37336
                                                        Entropy (8bit):7.99490878641278
                                                        Encrypted:true
                                                        SSDEEP:768:1csQWgPPQOMUv/OQh7s1Cl9lcJDAPjHdLUXEYDzIV+30A2F:1cs/6v1v2ywXU7d2Xk+3MF
                                                        MD5:AEECA7F2FFD8F1F60DE9C81DC9C622D2
                                                        SHA1:14E0985088D05EC16B938384658B819DA3423253
                                                        SHA-256:29F9A7C967293E47D6574D00363863DBE9AF2D2E8ABF31A7B2F685A73895B8B6
                                                        SHA-512:804FB3D8D67E5033449980D41D3CBCB044F6136F18E330CC2A79F9E3F570FEB3BE51FFB49E3117BA69672FE862C95345C81195AFC1C7D4F2A26D8D6193864A04
                                                        Malicious:true
                                                        Preview:.x.,.........!..d&..2v.....Q...rn...,ci.a.H...b......m....=.L.vT.....C84.b7A.k%6%..&CI.Sn.......b...#..B0W.9..'.9.*{.....Q>..r.!.i..@08....&.6.-.U....e..."7........)0...0(.#d..zD..@.S0.z1...Jz..Q..G..............6..<.;~C..d.....!..eU..y.....0.......4..-..".....!GOa....~.._~...#+H....kP.'};H.7$a..`...f.'....{.R|1D.Igt.%..t.{.Gf2...H..5.5l....v4.4.c.......XU.`......k.O\..y..mB.4k.=.i2M......)c....P......w..t.#J./...r.1R%.....+.....X.7.G..Y.#0.....qp.y...t.....k5.\..c...Rx..9rn.$...C.m-.Z...nq...c1..R.:.rW.s.vz.....C..m..;..!.<.Fz.D.j..H.....0e{..RO.i.-......O....,*..5.V.`.Q0.]..c.v~.\?..........L...p.l....e.~..b$.$2~....|.._..~.J.....u...KL.H*.2...&....=.f..\.............hM...J.~^=.h..sN.S.@N.CN.8....>ky#.M....R.A.o.j..{...X..^.q.cw.L...j#l..`8.d....#..{.~...a.S.......!9Fz..jiva._....z..fA....E./!.c..m...P..>.U.n.S.+...;<.....D.......fw...Kz.'..].#Q:.V'.U.oG.&.g....j,.h....Dhw...,A...S.=.....O..(...X=qa.oPd...]...Z....B..{......NR..\.....hl...=.d

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_powershell_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37334
                                                        Entropy (8bit):7.995042743184978
                                                        Encrypted:true
                                                        SSDEEP:768:qjGN7Hvm4FDl240fc3ngL17HGvP0XY1wzZI23qbpTfGmw9F:qiN7HvFDlF003g57Huc5zZadTemw9F
                                                        MD5:43805DC0CAF82E66CB1EBD3D019FA64B
                                                        SHA1:6D86F32DFE19C55EF7725A23607AD6D0AC50E44B
                                                        SHA-256:1F1AF7F32138AFD56C75E2FE7F1BD056421BD1D55249A05084B7FC2376BAA54E
                                                        SHA-512:AC7864E6F6FE43E4D4BA184AB411D603DEBA7C78BFF818DB4087E5A6F9009D1A84F60095A63BBDD379D4A117527CE04B618AAC75998A34171595D687949A598D
                                                        Malicious:true
                                                        Preview:%M...{.?..b...Z.MG.<$.F.|..L....\...=.Mn.t.I.yF.....z.8....i..F._....>...G.1.....jU..6.. aK.......]Q..bM.n;...5|Y...M.&|X.M.Tr.{.B...I......+..7...3.#...|j"..V..K.#.?.k*~.......v......1...5Ojw5|..k....d4.}v.........+.v,.....T..s.n..\_2AdH...z.v..3..Y..>8L D..rIr'..3H.Mf.........1.8....9q.ah......._z......N.#J..xC.x..7..o.......F.+R..6&.....%Em. D5....!R...K..m..Mc..;.y.B.U.(>OLP:_x...."....J...N..n.x.....O..Z..=U.i5-.c.:w.5n.<..x...g.tx..l....rVxT....b......w.@.<a..~.6...J..6(...B...E..,.4.#..8....m...7E..?peD".X.M...}:....@....5.L...R.q{.|}".h.|m"UW.....Z..%xF.../=VF......f.5...Jos...5..\...j!.3.a....f.An./......H....6.7+..3Z.#.>....5.a......w..:.2>.)r..X$+..hK....9){*?.3.HE.$..`......|f/....E..GO.r.j.!)..}..$.....m.n.c..W.i,.(...E{...W.H..N..AXg..N!0,.....T.....N{..4.m.......(|.`._<F...0.MJ.g..^.em.g.X......D..._.c...#2..l..YHLP........0X.v6....~...b.D..Wxa...5..&...D.V..-j..&=M.EO....z.n.w....qc..A..ms...p...WZ.,.g..0..U...p....M.b. 8

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_odbcad32_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37309
                                                        Entropy (8bit):7.9950317567088645
                                                        Encrypted:true
                                                        SSDEEP:768:XNEN497var21jY4IaTbBla8X8m/b+g1RlIMDDyWTKjZCu2F:yN4W21xIIuiH6oRyqyjZCu2F
                                                        MD5:FE43D7F9FF5D0AC1AD01352D7DAC4A42
                                                        SHA1:EAD3F14AD453D409B61AF0442DBB7CCAEDA5E54E
                                                        SHA-256:D00AFA9B2AC353E65844E410F506F00B162736292D243AD35505C665847382AC
                                                        SHA-512:71F114BF0C587EAB63B7F69ECB3A444D528977E443DCF233ADA3CF88489BBF2BEEE366027DF7E27B83BAB4D0D1904D1B1E49BACC4D3DE9C559188DDC1F800DBE
                                                        Malicious:true
                                                        Preview:..zx..IV..]..I{.$C"k.h.5...H..4....r..M.Hi..Y0....$....-...=...-..g..g...98G..6R......,2.L.]."..&d....,..c6,...Q.+\S...EL.s.|.Y..p.a..LL.Ka..O.P.....Y...O..w..U......R.f0P.k?.?..........[HS..._..s.2...A....A...~..{.[?G.tW...l\.k...(=d...N.)K....D .N.....s..p...h..fx..l@.+l.W>].1..}Y8..-lh>..v.r..jD.I.3.$%..4.........=.N..u..KL..Tn.|.8.p..'2m..$..<. ...iT.[.^..d...@.......;.g.!T.nh..6.n...../...[.V..5...Y..xC..@..S.9P.j../Q..W......M.Z..Ol...L&;."|.a..M.'P8.io..j.\.2M..^=....w+.y.}...5.1.$. h.P1.......E.....7.C..W.Uz.E.UG. p...n.*2."......&y......x6..+.b..F.0h.T^I.tQ..5z.r..lF..>...aQ...r.zX..|..>........F2...Y...b.pw.\....;...x.x...p..eg#...b.....o..?.pV...n.._].f.........yE..Y.7_...T.......).f.Bp\..u.N..j...._.."aF*).h.8.Z.O...|..s'-!...k@....1..N..%m...m..[x....i.aY.9.3n+.z.H.t:...lBBf.*`......./..yA.}A......./.Y.........Y.,.J2...EU......V.E.HQ/M6._,.<..|..lu.(.4...p0_..4..-..(..gC..;..zf..x.<....{.O6.....!.S@..SM.....).`.....%...././E

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{F38BF404-1D43-42F2-9305-67DE0B28FC23}_regedit_exe.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37306
                                                        Entropy (8bit):7.99492664548283
                                                        Encrypted:true
                                                        SSDEEP:768:t2S7fNoCm8WsCwT+vDFhS5spcxj0d8THlusEJcmU3N7j8F:t8sWsCwSLFh7p+jlu1ENUF
                                                        MD5:B5C2DBC9A2D27EA22952AEA32C88A720
                                                        SHA1:604AB2A57C3695C7223E6BD0D45721F76003E154
                                                        SHA-256:0FEB3A19D29B339EF4F26EE582AD627489CDB227F24C7647985C269FD08480F4
                                                        SHA-512:113CF2386E2CE0D9597B6E665E7CE1D3DC1773933E02C317DDF8C6B3F9E1B271E31845B79E3362F3DB8DF4FDE2163AB125B591939A53C574F8713420D7916824
                                                        Malicious:true
                                                        Preview:v.<.:v.Q=@....1........]........._zF.fO.3jJ...;.3O.Ox.V.L...h.J..!.S..V.K... ..6.-.q.Z...4mJv.....spAT.s...G.".@..e<U.....[.RS....NiK........3t.4.Y..j...D.K.8&.KG5.....Q...|(I...:..w0...df.).i.O..K....+.9T*..c..Z.19%;..*...~r..Jj....m~.u2.K.R...#...").D..~Q*h6..U=..D..X......`.4M...TH.......z.h}Dh.f.....}r%G.....R..(._.B..H..d.wF........I:!fE.|`...LRt\.._q.X.r0<..*.C..Z..[[.O...b....L.V_..M....q)..f.m.U..y.p..+.t.zXz\...".XN..Z...ik*.-GJ}c.8..d.H..t..g.a}......J8..'#'d.........~......v....q.TT--\F.....R.......7..Y...g...O6.C..."...l.R...6!.n5...U..5..e.....h.Od.Q.....:. xH7X."q...0F.cK..).~.'.v.REu&....I. .rh.c.3G...q:.^.!j..C..N....:... ".. ..=.U.R.;to.......z.{=.S..q.E.;...q./.A....Q.......=I2&J.\..o..b9.b7..-._!I..[o.Z0IGI.=..Q .{......0.. ."(B...16..Q..y....+....*.s.+?....xV.)...O....@...J.a......I0n.h.FQe.....{....r....yQ...L'.g.D.I..+..4..XL.....f!~.*^....N.a...AuJ......DJ.....Q..7.x3.....p.Y.L.......kh.q..k.X.;6..P-..+4..n1..m

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\0.0.filtertrie.intermediate.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37712
                                                        Entropy (8bit):7.994512360234842
                                                        Encrypted:true
                                                        SSDEEP:768:Kqd+2Hzk8SGgceDZ3JQR7Pwqw4fwb1Z9HRri4mVobgxmEJhP4w57nmo6reF:KqY0kUfeN3JQBPwqn4b+4YxmErPpmreF
                                                        MD5:B25C5DF85BDF5586B393EA2298BCE654
                                                        SHA1:FD5F65C2CC8BFAE8AF9D8373E82BE58BB9472207
                                                        SHA-256:48C32D007E79A3C27818C50313C28B7823BD1C609099E27EA1347A0A2BDF2122
                                                        SHA-512:509AB02326FB2362E6ADD8B5DFA7D612FE7194F3A774CBFE05D65365CD060FEBEA4F85406A163C6135E068D10F1056E6EE002B113307E006C560F5C5644BAE8B
                                                        Malicious:true
                                                        Preview:...5... #.../f.R.tM.D.........W.C...ZM...K.o.5d|..0.o'..6`...~...%.s....pP..=....!\G..By;}.jnY...m...Y$#.@....U.ZG.wrJ.G.J..3......nm?s9..:...4......s.....r%..X`7.b.^..I.v.-...xC.O..|ri.^.~..%/.k.'F\..5..1.u..E_X.....nL\..T..C...Z...J.].W..1..OL.n.:v..7B..?...h.(...q...u..:....<.....$......M...N....sy.7X...v.#B..A....v\F..j....G.@v*,M.~..Zc^.6e.......=)....i!......SWrU.Y.<...x[L.H..i.F.M_.......I..5T...AP..C}..m1.M..[..'U..}.<.`..Vn.......o.(...YV.M)...R....\.S..N...h..#.Zq..+...0.w.u..f.....;.f..;oD1.i%.!_.I.gV.K(...%[........1...L.>.....7..M.Ipsp-.w..\bQlktg......z.....P.T=K...u.X....[..L...].0.FT...'.Z.LY..UC ..C*8.i*43.i...z...O.,...2...ij;J]@...9.=QT.[...LW.q%W...f.O.4WD0N.2.'8.D0^_wu.O*".h..jG...[iB..."..^.I.T.........s.U...BOC.<...A#...hd9r_.p.....e.......N!?...5q&......O..T.c...#.7-..........,K..|.G. .\...e3.D5.@....<..}I.4..]..,.Q..RM.ek..;.N..>:O..?L:*..3...RB..Z.....C`..'..H...7K!D.7.....l..Wh I.`.K.G..h|@-.. DZW....8.Hp...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\0.1.filtertrie.intermediate.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):264
                                                        Entropy (8bit):7.239308537989797
                                                        Encrypted:false
                                                        SSDEEP:6:yoBNeNsW9MVxu6Uy6f61aBDE6txWw+DdP9l49aUSnW:yoBk9MVxNUy6f61a+6KxPlu6nW
                                                        MD5:9DA5D4C4B43644E0B134939A3EA2096D
                                                        SHA1:390340167856709D8F48B83C5CA8F7B6DDC87E0C
                                                        SHA-256:84E5BFD4F9B53C0FEFB41A9A98CC08F1BD13491877B597D2A145FA9B53D5666F
                                                        SHA-512:16F41AF5D7DFD8940931EC8A29A8FD5952D058036556A547FBD7A9A20C64BB53DC8ABF5B43D2B7D8E26EF23B1438BFD037D83AE5114EC3B55A568D1BC5673C72
                                                        Malicious:false
                                                        Preview:.a._;..&!kc.h.6,......C.a.....=.6..IK.Z....6..l../R..,..g.....^...qL6../d.....}......R...%...@W.eQ.A......(D....c...}....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\0.2.filtertrie.intermediate.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):264
                                                        Entropy (8bit):7.251978909080505
                                                        Encrypted:false
                                                        SSDEEP:6:WOeoBNeNsW9lbL6vs31sF7f61aBDE6txWw+DdP9l49aUSnW:W7oBk95lFsF7f61a+6KxPlu6nW
                                                        MD5:97B28F3FA89591C9515466F8557FE137
                                                        SHA1:47BA465971C2D6460CF2DDFACA9A40324C39BA64
                                                        SHA-256:706CE047490CFD93DB51E3EBFC87BA61D248B1C9BEDE77F1819F1D3C20F67636
                                                        SHA-512:A56DE5F546383E2EDE38C27535961BB8A95A31D79FE1E8F3963E10AA0FC50317CC1C327D137D883B5DB2E365EAC60E29D43B64039C1E6AA64376BBBE3BDA54BC
                                                        Malicious:false
                                                        Preview:.q%n..&"kc.h.6,......C.a.....=.6..IK.Z....6..l../R..,..g..xA...m./N.\...V?.[!.k0.V.........S..A1q..@.b.....R.....4.v.QX}....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\Apps.ft.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):50651
                                                        Entropy (8bit):7.996745086142589
                                                        Encrypted:true
                                                        SSDEEP:768:90wHwfqij7zEXCU0XHntEXpJcVlTbWMc9jz/mxJQtemYDwx2O+4PldPtokoS0br4:sfDU0XH6mZbWMc9HWvDiPxfH4ZAl+YHF
                                                        MD5:F61B9F498235538183F443E6015E5BF7
                                                        SHA1:24D2DF4C43E73DBFD53FF44DDF44CBAD50083036
                                                        SHA-256:F839B4A82FF8F18E5558B73200E948E3C1C055551F4DDD8C8395A77EE3C1C1E8
                                                        SHA-512:E18ACDF1270464C6457BE6C2D7BE73C83700B600753613280DFBB47EE98A9B8E12BA21C38E56AA8B4587CE76322C6496D4E1003BCF9E9FF588BC3BC7D9F0D02A
                                                        Malicious:true
                                                        Preview:".*.l.eQ...Sa...._RUJ...}...).....n..&r{).;..,./...\mvc.Y.j.#......A,.(..?..H.....b$...D.x a3....\......ZDPl..3w .|.H..-..F.Zy......&3...%v-_P....3..\..9n.I.H.S.7c.}0Kl.\B.R..BE..f...t.c..~e...h...p.u..%.RA..M......#.(...8...d.74.....M..o..B......'#...o...5/k......jE.A.$..,K.*....I(>.N.Ak..B.`]Zi...C....O...E.&{?.Fp...B.Bj`.......MJ..}......T..e.8=.Ss.O..........g....Ip..*C........v........0...L....-....).B.P...8.....z......G...FL.8a....{G.&....#/..R.tc.....T...D.....[.P.$FQ*U.[...iSb....Q[...U.....C..R6.u.^.J.0r(.)E.Xg%l.5....n.C?.N..hBM<,.'._E]........W...(.e8......i.cB o..f..U3.....H... ...}.7..-.X.3........K....._S...J...`..y#.z....kz..l.ur?.w.=/.:...k3.Ntgz.Y..;..7....[n.G...4.P......\...5.E......f..+...h]..%...L.. ..3..)@.z..kQ3]EIUC..MRj..=....0"E..[...l.=..a..B.d.h!..\.j.pd.(#<.W%X.)j.r<Z..D-.'....ti{-.F3....}.y..DFw.Y....qA...i?.../8.{IP...<.?..O..=..A.'...P.W....w...b..~..U6.....Q.O#vT:.r...O.1....|.a.M.g.*k../E.[s.#.*"9C.,E.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\Apps.index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1126615
                                                        Entropy (8bit):7.208001454573996
                                                        Encrypted:false
                                                        SSDEEP:24576:8EghnjhNgchUQme1a9rRr7YfoyFxz8GHxUMf:8EYNHhjJaxRwf1xz8GR7
                                                        MD5:9FFC970588209D90559AC1A0D15DCEA1
                                                        SHA1:14C3A2C641A499AB62A34B0886AEB355D515D379
                                                        SHA-256:0665522AAB3A14C5B9B4653A10D8334CC4C0626A0699393BD0378495432B3466
                                                        SHA-512:ECA2EB8306D27F46FD894A7ABDBA960F1104BCF5B56A95432ED6EC750ACD3F22A9C3908A1E888D81744D10312AEE225F8C45A1B967A780E5B59E0E4441AF9DA6
                                                        Malicious:false
                                                        Preview:.....Z........O.1a..;....^..N....0.,.....v.9..<%&.....S.Fc:........_.........hD......A.6./u..wSn..K....:h)BT..J.k......b.......B..E.L...|S..q.......|..6...fl._o<...H...Uc..P.....x.A~.@......QS7.....B.8....y........L9.wS.$.?R.2Y.3'w.x.V.E-j.k~..P>B"..1...'.>..c./..I...._....-.x.(..J.a.......1NaFoQ.'o....1......]x..=)Z...".`]].`.....\..:.9PhGW.....L.V:.m..q.b@10.;3yk..h)...$...+a....@rvC.{5....aYx.....~........?^\..|..k.H.D.o.YJ.?..y.X:t)l......Z.S|9.D.~m)k`.....TG.=..C.t...O.u...R.{.2E.,c(w.F..3@).?../.........A&.G.nj.....x#...4:....H+xz.3.Xh....f6*.}.j..e6..H....&[L. ......=..W..).*.|=<..k.?#.]R......p.....S<.q.gC.!&..'.W.S.L.....PH.Rf"v.`l{.B....T...&....ck....u....o.Yr&.W'._I.....[.a... .o..^cp...h?.s{..6.z..U.....g.......y.....?...[h+.&...!..Z....tE<.^.".8..I......../....S....U/....kO..ws..}....'.z..0..z%.......*G..`..@.....j.1....|Y....@f.M....,.0//f.lr]0l..9Cg.F"..p...1>Kro..at..V....d...H.......-.V.{.....5..V*.`.k.....b...(.....\m..=

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{59b571a3-bca9-49e1-9e72-2d4acd92de8f}\0.0.filtertrie.intermediate.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37679
                                                        Entropy (8bit):7.995061768886067
                                                        Encrypted:true
                                                        SSDEEP:768:TBeLPM9IP/Sf3X5Hhp3LT0s0uBZk24+f93FsUdIwZqvJjdOHVb6TT9F:TBcHKHwD422Zt2UdIQHoThF
                                                        MD5:536AB4EAADD0E55DED0265045CC80D7C
                                                        SHA1:132E229767944A5184E8DE91B06CBABC67A25B08
                                                        SHA-256:5CEA53CC985471BA4BB0FC3404EB1B01D9F273FFE2208B2B2FD04062B0D7A528
                                                        SHA-512:9127AB00E850A8946440BF615FB03D4B7E5E4D1102E1B4D9685331B067F13806485D8C34109999D3FFF9495284CB39426C7B830DDBB19C88C9CE6FC34462C39D
                                                        Malicious:true
                                                        Preview:)}...I...x..$^n, ..."g.H...Ev.......**...`....._D.X.B.....Q{....S..W.T..$....4.[........z.q....v........uh0Js.P.,.S:@..`ncwej..}......8U.....C..`..^i..W...uR......).P.F.;x`$..6.......y<{...;...i.._...Y/.`K.u..M|tU .....m.e..d...x.E...`$8a..u.&.9....A"C2bG....%1. ...>.+.1{.\.~.h#1El....h.>..<;...q.B2d.(.K.%.#.......d.R..1.....=...q.Q..M.$.Lg.'3$T.. -...9f.n|H)....I>u.@p^.V|[.....Svg....#T..`..!::TI....(.f....R..............Q..`@..tb.;.Ji..*7.......t..k...p..,.@..J#....L.;N..D.2.jc.a.4u....|a........P&.j..S.]8........qr.:......#.n..#.,.,z.....7..D1\Y...o...i.8.....760!az..8.M......Q;.l.d|..~.fBU..o:.....r..\...z/...")...@..L%..Uc...E....~.s....-k..&@...'.F.E0....(I..a.u..q.m.-X.Q\Dq.|2.. ..........7[...... .w}{_v.uY.W,..o1.,...kAw.?.J`G...>.*....8L..j....R.l.c...iK.%6`.n..n.Hy.&...zB..^../.9.;r.x..+X..N8...n...PR..g".,7._.^....|....Q...<.F...[;.F...r.>..z....y..0*.........0..X>.J .jV.[.z#..[.J..b.I..D. ...,.`..?~....C.O....,...1

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{59b571a3-bca9-49e1-9e72-2d4acd92de8f}\0.1.filtertrie.intermediate.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):264
                                                        Entropy (8bit):7.226540320122716
                                                        Encrypted:false
                                                        SSDEEP:6:Ym7oBNeNsW91gRY5q42gTf61aBDE6txWw+DdP9l49aUSnW:Ym7oBk91IUTf61a+6KxPlu6nW
                                                        MD5:6B24E75988C89781575E57D231B9A4FF
                                                        SHA1:3490A7C0B15017D4F1A731F63E49ECB044CB9662
                                                        SHA-256:1C91361ACB18F7D8F6F43A38FAB60868BA232EB55703720D154556567C4740F6
                                                        SHA-512:8426D1C0EFF3862D1C507DDB2E37C43D2FA285F1FEE5E8BDE92B747E5745B1FD1565AA673EC1976D640C268C31C6128D42C52FCA4BFCA9DCC7F61A0B663FE5F0
                                                        Malicious:false
                                                        Preview:.6..8..&!kc.h.6,......C.a.....=.6..IK.Z....6..l../R..,..g_.OJ6..T....,...x.|02,;.I..;......@...K.....(....W...dD'*S...*.}....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{59b571a3-bca9-49e1-9e72-2d4acd92de8f}\0.2.filtertrie.intermediate.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):264
                                                        Entropy (8bit):7.227394723490832
                                                        Encrypted:false
                                                        SSDEEP:6:+qoBNeNsW931IK/4XNLz3f61aBDE6txWw+DdP9l49aUSnW:+qoBk9FIKSlzf61a+6KxPlu6nW
                                                        MD5:D2E93DB7358ACC34B094A883E13E9DDF
                                                        SHA1:0C3D8420F4C5BC769E86D583ABBE47A36D8CC924
                                                        SHA-256:D8EA87D77674F344D176CACA1D35BBEC7CAA7CAB6100C3A18F61BABC726657D5
                                                        SHA-512:43A4700B07274CB96DB6FDDDC21DDC08E88908A9AED10C764091D3A39BA030A283FE2E825147A1EE4EFB798329E53512F2EA639D71F702E28877E432FECA27A1
                                                        Malicious:false
                                                        Preview:*F.{D..&"kc.h.6,......C.a.....=.6..IK.Z....6..l../R..,..g.L...&..d.D.k..TW.M...qj.z.4.1A......JU...oK.e.U=.l...Lf....D}....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{59b571a3-bca9-49e1-9e72-2d4acd92de8f}\Apps.ft.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):50605
                                                        Entropy (8bit):7.9965404145378125
                                                        Encrypted:true
                                                        SSDEEP:768:EbsCFPuH7JboZG4GfaK5Ns8xJospkWYNFPb1tC7lsfwfMbkxV5rOE84GiHJLvvmj:UFP4+10aK5bosGzN1b1qnUSxGovitzF
                                                        MD5:323BBD7BE389A62607D2BB749E6A06F1
                                                        SHA1:8D449178090302886A3661E03FA583EBC6758CA1
                                                        SHA-256:D719DB7B814CF98BD6DE423CFB0624A8051E206AB585FC5FE18D2263A09ECA42
                                                        SHA-512:CA60B5365443842A84D5950C60D08CC20FF8CCD58BC662E36C930064B924C01859F40454D53AB4AD80695DA5961F1DB37F60062BF60F6B1058075B8D9E382B20
                                                        Malicious:true
                                                        Preview:..+.c.(.ge....D..Od..1.y...U.E?...~6.5t.W.M!.......D.....N8K.!cJp.i...L..././...}.6F....Ovp.A.a..[>.h.d......)"y.a%.J.}.4.c.}.M.Z..8K.6j..M....*...m.....3Y......4.....Z..y[>.DP..2.!.........^.....M...61....{*.B.....F.c......q6.]w"pR..'.afM.....DOr*..n.,.4.Ne..YEYt......JEe......3...n..C..........,....!.[..p`?>t7.%....f.....C_r....k.<..1...e|.H.K..hp,*.V".c..%.....5.`4.VV...q.......9...aB.D..-.!.Q.7.>.b..:.l&.........i/..e8V~%.jZ..e./.t.g......D..R.p....$t..0.=.6..+ey.>.....?..fx(..P.f.....;...]'......R..mbq...Ni....%."...a...%.n.[L...l...$............'.m..3.i......#....V..%Us.H......X.i.K>..5..4H.W...u...<..Ue.L.'W.K..?S.k>....G..[../Sw.)t 2.b.r..l.(.x...q...=.."..+<...q.....,...<A....X."c..&(?JE..Lu./e..g..8|.M.J&V......N.".\{eHI..y._4W.A. .=.....X....../4..B..X....y1U......e...S{.vI...JCD.A.KV...Z.*....0.E.:....#.Y....g.c........`CL;.I.>......FV...~hdt...Cy.HO_%.W*.E.>..._.;.%..S/.!..l^..[00..|.A.I.8Ii.y.........;Dx.PT..F...$H...<.<. +

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{59b571a3-bca9-49e1-9e72-2d4acd92de8f}\Apps.index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1126244
                                                        Entropy (8bit):7.210268084398262
                                                        Encrypted:false
                                                        SSDEEP:24576:FIofXokmnZZDrgUcLatuxisA5r7YfoyFxz8G21ita:FpMnZOLOuAsQwf1xz8G2b
                                                        MD5:9FA161DBFF8E39E1CC0424DBF69C1577
                                                        SHA1:DFD55D060C50647A10551F3088E66ECF38E280FD
                                                        SHA-256:B4D5362BBAE90687948614C1339F3DA07896F56A205567D2406D2E2CACF0542D
                                                        SHA-512:1DE0E96CF6816FCCF7CF49F6618C8968666840E9B22EA8D25B39644C04BB86A1395E71418B2A8BC09F5B3578C8C6C7E7658F12895174EA6096F45BEEED963CA4
                                                        Malicious:false
                                                        Preview:..xA.....i8..o./.EC<.Q.....;..(N...4.P.H$.V.?..n.|.*._aU1..iJ.:.4['......#r...r.-...Eg..8..&-h.:..zAm.,.....wk.*...!I..h.m... ..-..L+..X..y:.'....t..O.V.y...Y.....ZuP.u{.&.-.s..03.QV.Q.b.E..si.Y...W^.-T6l.i..I.p##..'.....^...=.._0....C..L..Yu.^.U............Y..M..d.......5..Cn....(..W...5A.."-.......0R.. ..9..W.O../k...%C...8..z..`O...B..y,|I.3hjS.fx.6.....N...L.k..-G D..1p...;p._.r..F...wz!..q....\y.br...'.Q.H..........4..7.......r.."...9GVz.$.t.)V...z...j.-.[r.W=w....|Z..l....9.Xq.|...q.R'..V......v.`Gmhh.....H.......pe~.+~W.,R.[.../....v.A......@.[oc.....i..`..g.v......T.......i.$MSlUB..M>2T*&....[.3...E..4z"....8..#...n..K^.5FH...u.:.t.K..x}.`.Zy.Q.C"....=...r...M}..#...7<].......g..g....8.t..5?Zk..^\..2.A.x4...w.....~..V+.L.....d.AOb...T.....J.V...d.j.q.....u.8.Kr...H...MtzP...1g..9...k........K<....f..%....l.t..v..Mu.U0.........>.......:..v.=.~"..*.WR.......b>.T.|....E.._.Gw-l..\.W1..|.9.{..l.H...$..{|k.k....Z.E..}..h..&.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{59b571a3-bca9-49e1-9e72-2d4acd92de8f}\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e65614a4-2986-4163-aa7c-1a44d47f3a43}\0.0.filtertrie.intermediate.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37679
                                                        Entropy (8bit):7.9949381668634105
                                                        Encrypted:true
                                                        SSDEEP:768:vS9ZqBltQwOczvsd5g2B7C7wTvHj4CixvjfEtW323POSItWjuYmERuF:UZ7wOEvC7C7Msxb8tWxIm5F
                                                        MD5:FED153A08503D26BDE9153B8B44F1EED
                                                        SHA1:68904CF86ECB24A293FD1B8897DAF585F7B9E540
                                                        SHA-256:28142D44574FD446A5385D3C452F4CAECA202C113D952AB057EE42B84DDE85F2
                                                        SHA-512:2C7C1E90036DF4EF8F9A85E1D6CFE541FE05C1903CEA3E4104CB65294215D40D76461697E82FA1FE7BBEDC267B0B7BAEC5A865315813B5F5CC40826C6E8D56CC
                                                        Malicious:true
                                                        Preview:8.T[4gw.6gW..1.p.d.Eq.Q..qhm..y...L.<.b..Z9ScL.~..vpsi.QH..Y>.K*.%..z...t&4.q.>......N......3.(3..+....CJ}.".K.V../.D......y.K.M.S..y,.h}Q...A.o....))....UP.h..k...ag...m..?r.aSs...M...`z..|.r..6DQW.6..[`.i..6..`:-...2W:...."...ls<8..3+......a1..*...../Zo.=.....).h..y.wG.4....y-...c.g.~J"3......Xc...$.@.....+L.?<../m.W..b.........8..4.Q.#..%...............:..Q..h&..i.L.h....S6.u.P....$d? .I.K\A.6.3?g........x(}.5u...._..3`.F....T8.... .H6..........._S>6L...E'i..;....K.]..........M....H.I....I..te.Et...`.>pxA.O_.....%.9.8...E........|...z:fE*.4..#....z..0..T...)`........4xX.......~..n.d...V.sUR.......j....kEE.....P...#....}....,.bhp\.`...9..;w.R.......6.0.(...:o76....r.e.c._~h.b.uk.?3.."./X.S"kM..R..'.....b)[..........qQ76.kz.u....V.hfd.J...E.7.....wU.}">..or...S.....W.2..U.....;..ju..H.........Py"..`.=..'....|...;].A.u..%cu....}U...<>..Y.Q....O.%..s$..X.3.....!....ku@.s....H.(.;W&.4.*8....G3v..,x.$I.B.J.u..$.4.7.}Z..N.ot...A.YY...sEb.....'

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e65614a4-2986-4163-aa7c-1a44d47f3a43}\0.1.filtertrie.intermediate.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):264
                                                        Entropy (8bit):7.2263922139965535
                                                        Encrypted:false
                                                        SSDEEP:6:Qe1oBNeNsW96sx864ygiJHiq7f61aBDE6txWw+DdP9l49aUSnW:QwoBk96sx864ygiJHD7f61a+6KxPlu6W
                                                        MD5:AE40E4CEEEE430017FA7DC543EA125EE
                                                        SHA1:A3282CDF85C9178CE15B0E35A9A229D5B8C9A7D6
                                                        SHA-256:C1847D9457E9B58BF8F6ADA75E89B639B73ED86F606DF63BAF7E373B4630198F
                                                        SHA-512:4CF1350FD08C9267377DAA0416ABF61531668C6DD3D2E7D03D61F44489F4EEA86B38256159D9A2A8884C9DC0E0CE410CDE21FE3A8E6AC7E2C31E1E74C87A26F5
                                                        Malicious:false
                                                        Preview:s......&!kc.h.6,......C.a.....=.6..IK.Z....6..l../R..,..gr.......G.d.h.Jy..I......A..........n.......y.y@........7..M.}....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e65614a4-2986-4163-aa7c-1a44d47f3a43}\0.2.filtertrie.intermediate.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):264
                                                        Entropy (8bit):7.188037301045519
                                                        Encrypted:false
                                                        SSDEEP:6:JeoBNeNsW9Ht/OP+KVWkzNDf61aBDE6txWw+DdP9l49aUSnW:JeoBk9N/O7WQDf61a+6KxPlu6nW
                                                        MD5:D417D1938B602ABDA8980AFF163E37BE
                                                        SHA1:1C19D46163200EF990E3D67B6398B0BA4FFD078D
                                                        SHA-256:631DB6265E86D9FF71ED6ECA65167D0DA61FD6C3D16C00B0F39C47AE905137D8
                                                        SHA-512:6F9BE4B588226C2C6E6E4B458A9A9B8FC4A97595903C19FD99C805AB3AE4B6AFF56B19E504BDA9876E90B913AB9009B80F1A70AA4921015F2BC6CDCAA2F1048D
                                                        Malicious:false
                                                        Preview:..G.R..&"kc.h.6,......C.a.....=.6..IK.Z....6..l../R..,..g..'y....e7...jP>.....$...Q.vT..o./#(G./,.....?.h.|.z...L...}....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e65614a4-2986-4163-aa7c-1a44d47f3a43}\Apps.ft.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):50605
                                                        Entropy (8bit):7.996219317096202
                                                        Encrypted:true
                                                        SSDEEP:1536:UR4940gViAYkuAqPefZHar6bEjnGYpflwrF:qD7N9oIExZl6
                                                        MD5:84F4642ADDD791D93017CCDF33E875C3
                                                        SHA1:52EC585F8E976D6638A3038F9D85019D398041E5
                                                        SHA-256:09974F14B5406D9353B6443A47645CFD17CE48D11255C5FDD4E7505F5B02E685
                                                        SHA-512:D7DB0BE29C654303C7FFD31976ACCB3C76344C069A2E43E126019BF9E8F7D0EDB25AA138F9BF0DF86725926E715524E7365D4CFECC5D27BF9BC1DDC4023F75D4
                                                        Malicious:true
                                                        Preview:v...i..kq......Hj)g...<$..dx0).@.6,..3.[...z=&....:....Z.#^...LJ..c..K.......Ik,.......@k...ZlI.VRY..'R.........T.....O.g..H.>d..z4\.5C..O....#.d .w:.6.r.G....A.P.......cg.j.!@.0@.7....R....3.0..p2.rPuX@.Aj.$...>=...B.+...>.....7..u...~..pl.<...fdL5..%a..uT.{..$..+ s.....bF<.Fwg...?m...e..L......^GkU.r./2{J.Q.[^....f.y..WO......o.O.P.s=J.....-.[.......F.."....fn.4..{zlhL.?....w<..CMiz......W.?..5H..m...oX.....\....kJ..".....`e.xL\...nf....J.....V.zN...*.[...e..6.=.1..#.....#i..7....M..A......cb......T.4.#..0..!%..7....gz...\/..[......C........B..7..q...m..D.`_R...zW8.2.......L....}~..cjN.q..l..@.S.Uk.~...E.y....TZ..O.l5.e.r$..(.j.y.?.b.`..(.e...m.pX.}.a.a.J..e..q@..V...R....vl..m.N..|....<..-.:.\..9..p5..7@.T...#H...s..sA.Ax...<..u)..Vvl2r....f.8.H............o|...{z........0!r.H|..W...C.\..._..N..;.....Sx..A.7H.Hk>fe9..Q..-.~.Q...'iX.7.5.TY.h.....).....^.0.7 ..J.Q.....iK.<..KYL..x.gL.Ap..~w..zy..h....q..].....`.`.3..%.Q%jn._......~..a...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e65614a4-2986-4163-aa7c-1a44d47f3a43}\Apps.index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1126244
                                                        Entropy (8bit):7.209429382787633
                                                        Encrypted:false
                                                        SSDEEP:24576:89jG9pkD6sylpT54UDsqYYu+P0okr7YfoyFxz8G21itz:89jG5lheUrYJ+P0okwf1xz8G2S
                                                        MD5:C6CB621C1F7E85D83C40B39365196D92
                                                        SHA1:DE1630CEB6EE9FCC8F77AF3E3C5527F4888388C4
                                                        SHA-256:64A637689EA8069290CC19C3566794F27750EFE50975CB257C09B83DD5654CB2
                                                        SHA-512:2D742C122D638A2389272A5E4486AB1E5C565B54419529C6B77AE9557BACE6A62319C2F6FDD181BDE569FF5E409681FD5D6F221715858B4C2BE3EEE8F691FE9D
                                                        Malicious:false
                                                        Preview:..=..R.]...,%.>.mWte....L.).D.P....|!k?..g.>.._.g.C.....n}.m..-@.);..........(...d..a.......:.L..(Z...*-'&Ga....!F.E.t./=g{....Q..A...i.+...Q.*$N.}....2...zF.........`.!-........J......@..g..t...^^-S6U....U..o............]C).X.c...W9S.R.B.)...v...N.9>.F8....+..Cr.%..{..1...\...}.#A6..'....S.....l.../.%......[...U.G.H..a\........y......H...|.W..5...DT.Md..A.._...t(d.i.#\..u...U..+.{..1...+..>}R].\@.N../Ae..!.C)M.K.0exPX.*.yw.kk...u...5+.....$sgP.....LA..|../....I...]....u.....Ts.d..> .uf;....m!......I........7V..#C.1.....:_-.....b.I..5.r.Q....l./.X>. .s.`.C/...gm.w.h.};...".....y.-..{.&...pEW..-...x{Yx.5.....h.<...R:=.+Q."...h.Bu ./...U\....^+....T>..b.H^<T.!.-.2......O.hd...z...oh.1.......P...w!q..G.@../J....3Kc..(.<..G.I9..+..Oc@|v..o.H.#..fX.f.v]~......i6..sE..._./.../S{G.l.).....M..&......l.W.0..E.....8..A. ..'..{.`.*)......<.+w&L+8,.N..0B..t.Y!....be....x.8..c.&5T.qf.0y.0.U...b.\Y.E.3.awS.iy10.4..x...`Q..r.....7.:

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e65614a4-2986-4163-aa7c-1a44d47f3a43}\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\apps.csg.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):676
                                                        Entropy (8bit):7.706982935309583
                                                        Encrypted:false
                                                        SSDEEP:12:iX7w+FxPBdy+dk2jcsdmqoPgJOUMYnMxCdkIf61a+6KxPlu6nW:iXhDFc0oPEnMTIf6bxPlS
                                                        MD5:1964218F4FAE32AB22B8CD9A21EBC4F9
                                                        SHA1:69D99D944836A7867DDD047CA5FB3A391FB95EDD
                                                        SHA-256:A9DDEA9DFFD497D939014B15B1988E43BD1C48F830A62C2A6F7906F32C1956FB
                                                        SHA-512:CED5269C71F0FC2BB37C6BBD83ED1CB04206153358CD47205190BAB207F83F8B46EB78C8D28DE1C0AEF93D7D1B35DF43CDA9A3E371CA4EA830A087DFF4135DCE
                                                        Malicious:false
                                                        Preview:....0......&.^..Bz.A!..T...g...R8I.....u..z..Mx.`<*DU.....>t.M...o...-.|..gl..go.ALy(.z4.V..a$Joqm....y.#a.bQ.~.XS<......aS..~.:...0r...y...`.....9i..Vb%.M|_..K.-L..=....=.4e.r.E.=..I.e.|*......p.B.`1p..]..V.QM...c...#..]....F&.......>.K&.*.D.l^.T.."u.l...&...C..S...X.y..'DR.\...X6)< ....`....Y...q..y.9J....m...DBn......NU.O..8I.I..5@])..B-.V...}.^.l.$kOoc..C......8..../...b yb){0.K.Lv..<L=.t.1!.."...E..g..U..8..eN.......d.j.=.....x.9.^)L...n.3......}AA.....8I.P?p.$...Y9>H#I....K...FW.....9._......g.i....Z...b....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\apps.schema.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):387
                                                        Entropy (8bit):7.45282585942986
                                                        Encrypted:false
                                                        SSDEEP:12:X5qEj8e2+L6UXjLQ41T7f61a+6KxPlu6nW:pqEQe2whXjUOf6bxPlS
                                                        MD5:F53CC52418FC48CD7D9FCF45E42F0B11
                                                        SHA1:D11F457D8F27BD50CE133158A76B6F6097735BC3
                                                        SHA-256:978B3984A05972B2D694A99E9012AAFA88A8BC0F2E8F4CF8F938FAF2792B5070
                                                        SHA-512:9817A976507B2C4D6EE6F1294B9B840704A4CC42ADA58DC337CEE33D1D8515A2AEE4FE12267AE903E2F0D49A4E88FBC8D5C0488C61FA744CA3BCA15B0D46E32A
                                                        Malicious:false
                                                        Preview:s.(..8..wY..WGz7.%.6}A0.UT<.l...{[y)M..t.9Y.......]2......r...[..........Hm}B@!..!i.+G......p.Q.`}.<..+.tz...G..=....v{.s.*.i.3.6.-|>.<..#.........f.o.\2..w.o.;.K)L....n.0....,e.".T..`$....KX.C...1..JU%...jk....r.M.......`.g.S.....6 ..Mg....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\appsconversions.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1426150
                                                        Entropy (8bit):6.588650086051039
                                                        Encrypted:false
                                                        SSDEEP:24576:yWAp7a0u1gsvtEPqxOupNdr9yEKzC79ufKZDXkmn63mlDEyjMR:yWI+xmslcqxOup3D4p
                                                        MD5:9253C3EC29F2A173B71BFB98C16AA12A
                                                        SHA1:52E7E0E5B1A0C2F75A07F3977F56955C2A6C7BD8
                                                        SHA-256:5A2385E44F5FD327A11724994007236C885A3F772A17255F1F0FA76C6F351DFA
                                                        SHA-512:2BB22851FFD6C0593EC35FED422465B666142064CC5AA1479882BFD7D1BF15ECFD0FDB22D3A617925EBE86EB1649688F868ED0FDF3354343FCD5F2C74DCFE7CD
                                                        Malicious:false
                                                        Preview:....... H..P..#Bt....5.Y..@..`.(^.'8......-.C.i~e.P..owl.CI..h....a....)`[....nJ.Ov...^.....i0.FFg........N9......}........i.&-~.N...o....(..?r...dQ.r...M.G..\..r..8.o.....S.&.4...f..<....<;....q-a1.K7.vV3.J......6qI.<.&i$..^..[....2XG....t...|..;.=..j)*....g]ZI.+V%..p..'..La.^..p!.4.#;.;H...0...6eJ.S....Z...%..Q...i|.N.B...+<.w...rU}..$.v....z2.HsW.y....h.g..neu(^......cx)+.x.>e...6..i...'.].H.&'C.`..Z....4pm.........E.tq@.....eDq.Z.....c5..f...L..N..W.Q...m.i.d.+...<I."/.3.....I.....VK...%.E.:.E.|n.*.u.{.f.QR..\.(s.C]......-....A.......m..3....O.j..e.t~.~4Wn:. .P....":...L.0mU..r.....t......J.K..(.......MJh.3...sQ.....}D/.'&...3...C@Q.......2..H........;.j...Cp...O=.^.BI..@Q.0..N..B.9,-f%.!..0.r.l7.K.S.l......f..^Jn^CJ.x...F...sA.............~......T..J..k....l....{.G....&E...-..TM9....y..._...T...nx...U..h..p*...w...d....8....I.T..WM?....H......k.%.....#..?`..S....(.d#..=s.U....?i.i.=9IV.dSJ.@D...).z.5@.F.M..$.V.}..p....O....xQ1i.Q

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\appsglobals.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):351972
                                                        Entropy (8bit):7.999551873701357
                                                        Encrypted:true
                                                        SSDEEP:6144:Da6V3Mb+78kcW78BqrWKnUVOEVndTAc1eeYu0nGS+Bl+aj8/WOn4aLdJt+F8BeJm:DswcoyKmpVdTP1epuUB+Bld4/7570ZZ0
                                                        MD5:3000F1B8E94555A298C5F1FE65F671E6
                                                        SHA1:15520844326849749118D5CAD66CE1C9BC2E3078
                                                        SHA-256:8B3E8D08678D9C6E0A17477876AC490D79E662F2DF7CB3CC68C9DBB0CE32DB1B
                                                        SHA-512:00ECDEC4BBAECA5381B2BCDBAABD2A7239952708BFF32BA8FC1D39CE839C8D84BF9C6535747D6C4443248F25839DA86000B4640BF14539B4AF5444540B6C3F48
                                                        Malicious:true
                                                        Preview:#O.d...'2..0.EU.T0!...<....\..|..* (........QN..D.k.ye`.wU.).d\#..=_.Q ...F.hXl..=Ezv..I6d....x.z!.....IB......U.....~L.,}..q..%r]....Y.....n.(-.d!.M5.......L.....zVvI.3i.:~@.....Fy.e..OCJ...w.3uQ..l. :.<4..P.$k.<..Q........PT...6K{..z...C..,...<..M...-..M....e....Q$x.}...i.[."..8r...o[..l*.....T..j[..(.ZYd.~X._~p.!..N..V.|...gNr..c~.....L.....?.....[].5M$.K.;.4........8a.....G....0..dR.......WU.}..\M..E.A.A....OH!$.p.9.....n....._j..9....P.j-4....4..).%.p...T._..i....<O.m..4.$...=>.....I...c.Q<..W....h.B.=..m.(.;;..}....g......?.d.9q.R)......d.P...g......pR.:.r..|U.=.e...%Tc!...E-.....Z....#...5...b.4..5...... .F.$.?....|p..G.~........(.kn.K.<w.`M.../P)k.*u...8..'.....i.....ZBeo5V3...0o"..w".0U..q{.f.j.>S..:...l...\#8.....dnF...............9.Aj..0v.x...+.d.j...A.M.. ...1HZ.{..q...9>.......j..m..8.,d......R.k.U..V..H.{.n{S.)cv.IIr..4.W..yH.).......@.t.U.....P....E...t1...............|_.*..oI~..^zP)...y..u+X.R...p..+...XK........R

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\appssynonyms.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):243736
                                                        Entropy (8bit):7.999143875463187
                                                        Encrypted:true
                                                        SSDEEP:6144:LKUnymJFPmodzQpK/r+wjlBiNHVD5fHcoP:LKDmJFPmoTr3jlBofd
                                                        MD5:D7997EBB008D1638DBEC4C9D29BB8775
                                                        SHA1:B0A1536AE9EE25068B876C48F5FA3C98B022C48E
                                                        SHA-256:E489F8DE2BF4FAE7B8E53BD90299AF1EA3DDEA1441E979A1F2EBD182042C7FBA
                                                        SHA-512:3460984FCA2FC267B3655DE2FC3F9232AC7A3C10DEC6D9DBDD5F205A5A969A5CDBF37996CF595EAB84F1285AAA7229DBD17485C491828F630501B505D59B5845
                                                        Malicious:true
                                                        Preview:h.....=m.S.....#.......4/v..].7~m.B...+..u....sT...t|.ZRs....$N..Jaoer.......j...O;......!.A...BQ..~[$9.......D.Ax...oZ.P?.....[.V.Q......&..f..0.%................./...........P...A..%0l28.pM...G'.T.S./.L...].n3...V..;rC).LN..s..,.i:.eY.$?.d.3..d...g...X6H..(...H<#..j.8.0.....cl..x.o...y..%[..T.8..dJQ.\`..9.E3....k"YX.sx..../q.n....^.Y$..>.1L.lX....8+...L.$.WE.+(..nF...V.e....3....../.......~0.U.....X0=.....Ud........b...d]6..K.J.Q.>.+w.+9s...'..st...H.pR...[.q._...5.).a.O.o.kK..L.......@.(!..T...VbE.)..\*.)Xp.......e.f....]...8.9su9...<.JVO^.II..q..,.w..$.w.u&n.R!....0.J4*.<...._.....l....m.l.8.d.@...T&a....f)Dp...K.Cl..z..i...<p`...6..8SO..u..rE..d.....%~....h.....t].......JM...$. ...o..]v.....)...u_.>..;...!.:.2p...5C.@j.w|/8..!...C)...F..&../.x..a6a.....eO...&P...\y.F......@..>W...u.gd*.1...L.K.!=.&....~.R...U..cx<.N..-E..d.Q....=........Nf.\9......`.....W.$..p}hQ.....}s..........`p..d...".xYI;...1X.r..cf......$g..D_.1...E3..Z..$....t..\.M

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settings.csg.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):693
                                                        Entropy (8bit):7.757133556533428
                                                        Encrypted:false
                                                        SSDEEP:12:grZTedAGJeGXInEaxkZKY62TWvwUedc16H+fG02Fhm5UtH07f61a+6KxPlu6nW:ouo5Eayh62TWvwUed9HmGk6tH07f6bx4
                                                        MD5:C4D132A42A2E5CFB358545364DB0B8B6
                                                        SHA1:160125DD9DC8C80592D80C38EB78385435509EB2
                                                        SHA-256:53C93C2DA46D7D3136D12080FBF96612BE2AF144EB7E456E28AC76DE2F6ACCE0
                                                        SHA-512:296D0F3F069CDE6B81F5C40539E9679186A0BACD85F7399DA54D466F60B8748FE49CCB698F92F1B411289E8A6C3C74B4C0F53FC8D43CD7FAD28798EEEDD905F5
                                                        Malicious:false
                                                        Preview:g....+#..).8.._.~.@...LY.W.[X..'.An..U.#*...T).I`...4.16.+ZP{..;.Q..].v.|.5HWU}..i..aiP...h..I....2..X.x...)......V>~.8..+.......O.l...2.CW..n..R0..m...\.....0.+....<.%.n....E..."#H%.$..r..l.6._..!.....Ph.v.cu.t..j.#[..9~.o..t....0%.....;..T..Q..:x &5.E%s.............1..D..M..,..Ua.+;.q>.}.R...e`.p.s%oU7....IK$.|.t......I.?KxH. ......5..=..o...b....J1;..n......x......F`.*.pi.....1.....]..,.j.^....sM@.O.....{...O-#D."....4}....&dko.h.=;..v..-..)[...n.0..../e."._..J.3..!n.j...A.NLN..D...O..H..X.ZGl.Zt....\.B)..$sr........+i....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settings.schema.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):406
                                                        Entropy (8bit):7.437109578433318
                                                        Encrypted:false
                                                        SSDEEP:12:NzG+s5tOW9/hLwtM1yN95iWNb2aDe4HCf61a+6KxPlu6nW:pbsX55hctMM95is1if6bxPlS
                                                        MD5:CA8CFE932AACF84BE01866667B34AF68
                                                        SHA1:27FE890A7373143E7E6363BC18C7A9CFC0C3CFAD
                                                        SHA-256:82B8569ABF1F9101DBBFE8E262FDEC5AD6F5CD815B7FD6CA4597DBDDD26F9493
                                                        SHA-512:A2C7E5D07001EE0882CE94F5D2EDF9A8A5B28B6933BB822493E33B7322DA7F02A4764DDB2B57C08CDA949598797B944006564F1B0F81D57DD424388486F46FEC
                                                        Malicious:false
                                                        Preview:y.......z...LeE.*?o#.!..D.Lk(|.....%s...&...X;.......Ni.z{..e..o5aK~O}.,?_...~....m..!......3gA....5r.x{.@.ZzQ.|...'6...a..I...y.2..-P.l...24G}qG...i.`.._....&dko.h.=;..+...Q.3.-<...r.0.E../e.!._..1.6...X..!o....Zj...K%..<....[bY..`\..0.......e....$T+..e-=...~.sn....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingsconversions.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):533001
                                                        Entropy (8bit):7.997394262308219
                                                        Encrypted:true
                                                        SSDEEP:12288:4g08WObYtNtSOtafvqMJEGbZE5B1vh/zsa+eW:4V8hbYtvVafvqgEauBDsoW
                                                        MD5:5C0D896D12AD9DE860ED73FA309A09C5
                                                        SHA1:BEF7D52DF03659C1295D6BC6E1BA19C4048439BB
                                                        SHA-256:BF31D5310097A4CBA210B3E8E6B2DF400E3A8D7CF85A240A451D2BD895B92A10
                                                        SHA-512:109CAF357DD72FA7AFF3DDF30614E3102CD1F66F72EC710134346A835751A3B7D7CF3F3569429C1A65377CFD9FA51EDE7D95DB327D6E407BC37E93272E0C6332
                                                        Malicious:true
                                                        Preview:.....?.&.T.....b..O....B.d;....#...s.:..]..r_.M\.F..G.B..i....=....)...^.Y....2........=..@w....q..Fu....Z.7.F.v.K.-........".x..........8.c...n.k...g...7..x.|b(}g..[{e..vE..m...g}.Om3.y..w9..!Y&.Y.To..y..^.a.P1...-.!Z.V.....!\..:(...5Q.[...H......W*..I....#...C...h..X.u.....,.f.v4..%%.?r....\P...k..u. .......nNO.Fc..U..f. -m.....!d.....r.s.&.e.,...{.at.....%b.....I.I..7....6...B..].R.g.y;....0L.Lb......T....O.o..?N......A.......<..H..E.........K...k......K..+..OT.....?.LE.G.d...x.H.....^?..$"...k";..p.~m.... .i...P.I.2I.r.M.<..XH.fP...aA).6H.5...6.B...#=.P..D......vk...1.98g..1.........E.&..../..7V..X.3.VK..B.R.6).K...s.....?/.............A0.....Z...~.....$..5....._.$....O.Pe.~.(.T..tv....[~.>^...0...Hh....hn1/..*t.|.+.HLu=....uJ8...v.....4.]..y.AyH....&..@.fFjae...L6......W...v........7|.,.F.|.w...........}g.0..o>O..c.t.........g.....gQF.L..T5.Ex.a.8{.....5N...L.m%...l=..^O.~t.K.x..........i.z..$.s3-.[.a|..\.Q@..S....& ...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingsglobals.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):44748
                                                        Entropy (8bit):7.995323865141596
                                                        Encrypted:true
                                                        SSDEEP:768:K0k6IY+tkOa4Hu/rAoVdQsQ4kJ2XAgFS7VcSRRJ/WkATYsPk5kY3n0MN4Gru548p:K0jIxa4HsAY9Q4VnFSO2RZ5ANPnYX0M8
                                                        MD5:26B66F0081F6FAFC0F1274D37193BEC4
                                                        SHA1:A338B37E88A4057860A81DD1D559D98D645160BA
                                                        SHA-256:BE853E1C577238589A737EFC99196A9CAACA1298FC65DA11363F86AE49CD6784
                                                        SHA-512:4EF48791E913C34179D7F05307102F35C99C2E15BBD51EA4CBC7BD959B964664EE220FECF74CEF563A20FF1A871853D104261067B5F80CD19B1D9AEF9AC1A888
                                                        Malicious:true
                                                        Preview:.O.A.T.c....T.................Lu.......L..,...]..X..(.|8._.>...."&....K....eJ...0.]./.X@?.d..6..n...L.......U.j...G..EP...... m.j/I_...i.....1...f.cT........U.2..-....9. j..2..0..a.vx.....n..:..;uO...q.rR....1...t.IY..[_....c....^..<._e..V*3:.s....a.7.fy..............M6.....(..4....b...t....A....u{.:P{.[..!..i.....Dj-...iA....Jg.K..k.P.....7.s'..s.C.......1.X.m...]..n. 0....j.z..u....b[xZ....'xH+{t.<..1.e......1.S...k..cE)!p-......0...$.y.z..7.\....)e4....D......H..7.Zj....A..9A...{..eX.]I..AH. F.;....D..+...,....w../..-!'.....^x M....e...[.^.5...GCe..xbbl..h.o2.**a.o.c.[...e..N.....f......~...P{.O....V.g=.w..j.... +..P.x.M..?..g.C.-..`....o`{d..{,...K...^/.O..'.<......+..Y.Hn. 10.Xc3...D^..q...(&(Xr.........D....X9>K..J.....+.} ...~$...z,&_`/.._..j.uo.}....vY.6..<:....<G!...'....[..lA`.{.e">....4B.".F;c$M.E....f&N/..7.s.8...v....T.Ln_..`.*5../.I.y.H..!?...?.....l]'....oW....#Dg.yTiO..._....0`j.3..X..:.q.....g.2*.,F....:..#.7JV?Z.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingssynonyms.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):103964
                                                        Entropy (8bit):7.997986860817048
                                                        Encrypted:true
                                                        SSDEEP:3072:Y0VWQXVBgKlD3CT3/BRsT+7MCLPty7b9l:2QlBgWDyL/BrLPUb
                                                        MD5:BE7FBC423BDD88980E18C00F31C12645
                                                        SHA1:E38FC7A1BA627856EDA11332DB089B86E3E5F197
                                                        SHA-256:73E5128D355BF0A24FE021C8EFBE7B01025D2302325A7DDC10ED012D2089BE03
                                                        SHA-512:BB7E6AE9B9787FD05106223E9B1F594724A5CD2B64A460AFAF11C6DEEB7FE365E99002C14D1064587080796F714F134FFBDFB0DC5521D2A12A6CCA3E511C28EF
                                                        Malicious:true
                                                        Preview:...2.{....P>S...0..{.$..kQt*......#.........Z/..\.:X....^..vM1j....T,.y....dZp.K....V..P....`e.L..f.`.$r.......m7.........y...5..;KwH[...(..U..`..|h...:.v..?r...-.Ud...s.n..}..o.WI..W..$.<..p..c..O..*..xg..KN..5.7...s.^....k.s\.N:...b.V.^sYC.].4....H.....C]X.'..b.Yh....Q.A..8.)....;..K. .....&r.J.....O.r.2.!+$.d.s.`..N.U....S.!.....6..k_.a.jk...bt.*...o)r.......1s..`.%.yf.2.U.....|.R.bpk.....4Z...|..L..a. .....#>.\*..6...U......n.P........}~..A.g........IU..*O.{.n..cH25......f.".iW@...H:=.J.F.....a>......H.].......7...D.j.7IP..L.j.i...g. ..n^...w...}...+E..9N....v...=<..WY...RYP......<....j...F.....:..#..:..#.:...l......q....1l..nb..6....@...d<bu.....9n........<.N..._...;.0a...K.xS...k-.t ..llQ/U*...-I.+.y.,TJ......'.t.l..[..QP.p...)d..(h..F.dB....I.....".W.M7..wHW.....?.:T..X...n@.|%l.Z}...L...=..L...x;.%{.-s...kB...X+B..a.Ph..|X..eF^*vl...w...>...Q.{R...[..X@.S..J....IH)<./.o..R..+?3_.q..;C.i...Jsx......~..\f.yD>.e.D0........P.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\0.0.filtertrie.intermediate.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):217776
                                                        Entropy (8bit):7.999126564328659
                                                        Encrypted:true
                                                        SSDEEP:6144:7RjZ6Zp2/CuW0OZVwHWnlyN3/LlJQg35IKTds:p0z+UQWnlIjlqg3aUs
                                                        MD5:8289E17259F0C695A7467A61B7993768
                                                        SHA1:FE511B7ED5FC0E44FE92856A43020D6E03F8A956
                                                        SHA-256:248E5CC85632A6810386BAC112267E6AA69D10B30EE58B9740F9F005AFCE6F50
                                                        SHA-512:06F6563002630B4AD1C0ED06A1572DF30C23AC350595F4C2CDC84EBB99A28DA5C61F166D892E2F18EB287D7ABC484BE380892C8A6BC52B659AC7C7508B160E5D
                                                        Malicious:true
                                                        Preview:y..;]..!..ZP...Z.8C.t;...l...R...]..2,..N1.....aPN|/v>...*....U....,rxn...Bh.....x.Qd_.M..Q...?.W....[...-.......0.U..^.64..1........w.g.Eg..=.5....D.G....P2O.{.V.b.(c.o+.v{...&........A.X.[N...!qP..'..k..MF.Dn...V}.V.....W...gt......t.#NN..n...l./.....$..j...b.K|GGsT.....?v....To.Q~.@QO...n........`A.H....kr....y=..2..Q"^.....9=......:.."$.#.]*.<.7.o8k..P.3.l.=...D@..s.Q....e&...H0V..7"..]F..6.|....H...a"...j.Z)..n..o.S..'....<`..=v....G".N3..:...se..J..e.....K........@...M.i..G..1....4..|....E.....^6.`g.)=H..9..:..L.......{..|.G........6...&.<.('fqf.R..B..=. =T8....2.T...Ba......C..)...zc]..I@Pa#k#..^n..)?.zt.Y...y.;.6W\m......CU....S..Wd.U..P.....+..........|/.:.a.....+<D/i...R.c.F..Y..'..z....u=..Bm. ..C..m{zd.D....!.3C.nC.`A....!....t....S.z.O.vf.3...".7.3YL........ ...}.....9..uN...l.Qx.N.LNa.....f.....O..}.q..........z).H...x....Z....."......d.......m=m............U3..RQ~.Z...v..]...Siz...-....g.......ms..8....?....X...9.:.T.j..4.U

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\Settings.index.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1482093
                                                        Entropy (8bit):6.646527966240607
                                                        Encrypted:false
                                                        SSDEEP:24576:zxF60ANTpHOLrd+8COuZ/kr2bEEYz1jBa/mqkNRM3lVKSuS:dF6ZJOLrd+8hR3z1rM3lVKSuS
                                                        MD5:389B4050CC7FDDC4948A19D781FB5AD5
                                                        SHA1:C54AA3354A7F7B5375A6263DDC0D3C91C37AE784
                                                        SHA-256:31342E7E8450245A2245F7ABBB4AFDFFB2229761E26DFCD57B5521DB292FBD57
                                                        SHA-512:7523FF9440A5DC609E3421A6D46CF29CE3072B897B44837289D9ACBEADA257F4768400C09E7E3B73025C528816D052CCFE5B8B5FF1E78A6EC74807E8403B134D
                                                        Malicious:false
                                                        Preview:.eR..M..&)9*.)R...\6)......=-v....P\...D_t...bE......]x..U....S....-.l<V.t.A..."....#.%..o..Y..P#.h.....Q...\.{...YG.T..g.2..g...K.j.:%-d.s.......(....@3@...}c......`........=F.*.v",?..0M.F.R..^.#..eA.... ..>AZ.Z...g......4".A......O^..;.Z.#.}.HA.q.....H......#p.....).i...mL.Ic+B.JX.iJ..K..i .|H.-.e._z.Xr'.>U.Uj.S.c..K...l.0.[....9....6.|.s[>.......'....v......``(...|U.J.Y6.-[%.i?....luU.G..BK../.G.q.|.O.q.wVF....L..`.i.Cj?.|....v..rk[....,3s.g._L...%1.R..\...X]..}.V.."K.c.A~-Y.k..tN..']:R.... Q....b...YZ...._..9..q.@&@...qZCW...m....G|....9.u?'.\..oc1.......W.V.1Ms.Ku..4.o}..D......k..@....C..F%.J.$"Y.C5\.$...."....6...vsf...F.....V..?b..=.`.j..?M`.h...!]..CC.ZO{hHY..F..!.v$.sBF.....*.q...].}`gE.....[..%H.v..@pV.m.(.r......4.Ts..U.%.d.o.n....0A...w(q..MG...G...........'."|...m....P.......mKw!.?.pa.h.........}.......=G..2.+....+q....b.v8e.&......;.M.......e.W.G.cx.g.j...Q.E....m.H....LYD.>i.3.....;...U.7..........Y...]...8..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.9759361959806805
                                                        Encrypted:false
                                                        SSDEEP:192:2Ozsyvu2Z1iHNMyjzEd51dCdq28xpiMuLpG1ugdsOF:2OzjvpZ1QNle51d6MSNcdsOF
                                                        MD5:0C2A0988B5E936E176E67AF167B14AA7
                                                        SHA1:237C7508F0CE2C8496EA8F9F4886D84BD5A33AF9
                                                        SHA-256:937890F59A911E6333C2DE3B694E6D2A6CDE9B659488065F62E965B04C6C1219
                                                        SHA-512:CF1DC0E5BE5DACE0E908EB575D2EB8BE228F2F4E572DD7FD251F5C9FB9F599D2BA96C3BD34BB5A3073DD9AEAF9A525786EB5DF27A959260CFC58DB5F998F910E
                                                        Malicious:false
                                                        Preview:...ae..a.e....]...43x..i-W...c._W...V....Y.`...P.I....:.QD0...........Z%..e..*?vh.e....20..j.z...B.M........h.5(2/..S..a.Hn..VjQ.k6..!..2R&.d.u.&...q..f.d....q...|{7"S.!z..L.....0W..O....y.#......D.t0e.C_.4.oUgxV.......~+..)S.`.]..0.ggj.7 p[...z.'.e.....&e.,.9.....L\J$...:hF.uW.....(......t+..'D....s..[...9....9...{.F(..w#.{.Z.(w>.3hqs.Dh.E.a!..7..$. ....P=.^.4..~....%._vN.&.%...p>Vsu.....^_e.d.'.....@....D..k.$.P$..o..g.<L....`t.Z...^..n 2Jw'.7....>..f{.@w.o'.-i.@_.H..I.....6...........E.,*..!...\......2D...U. .1.R89.....*..f......9...].4%.>v6..n.x~..n.H.g<....!.%..=.0........P50.u.mn....#...9...L[.......L.H.O2[6.oApB.AG[;.M......M...(P..5..!(.F.......e..v.rh.&...*.uj....%...zh..v..6.dK..K..`.........`9K..<..Ve_.a.<*.xY..>:.y.d...G.....\.....sOp.?.o...9r!..K.......\L$.J3hzn?.ohq4..s..p...t..2..{..,k...~.Kp...M..u..! ....f{.%8~....-[....S.TI#..) E.;lKr=.h.....Ps.#....)=EGr.$...q...6.#...b...k.BD.U.K...(..8.?..j.5...b.].4...`...

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\LogFile_October_3_2023__13_9_20.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):548
                                                        Entropy (8bit):7.638439396311722
                                                        Encrypted:false
                                                        SSDEEP:12:jjMHk8cgQXBoSMrEqgy9WBu1v85XA5bixPvuC6ln0+kf61a+6KxPlu6nW:vMHkbkrEcWo1v85XA5AOC28f6bxPlS
                                                        MD5:27C4B7220A2452BEBF156DA867678F5C
                                                        SHA1:71DE20D96B10D31B075ACC9AB4E9FF10DF5FDB75
                                                        SHA-256:EFA0C3FF099EBF44CF359234358B152C688930D17DF727349CCCEF7233765664
                                                        SHA-512:EC0C61D2B800D5B697981CB6462D23DF7B3F9BFD6938646C905C2F73848FB0CE6FE170950BC2F5E661FF75B75C487A4435DCEF99B9C12061C28F0856F80F77F1
                                                        Malicious:false
                                                        Preview:J..8..y..GV..|:L.X.j1muR-..A2....].Z....4.[...O}..g.#t^..,...s.Q6n...s.k...2.\.J..e./.....5.KZ.I.i.*..c..'t..g.a..Ssm.i.}Tl..$.6Q.-`...........QJ...G....X...,..l.JT.....".UoL.R#.f.).\>v...j......s&.l....X&..Iw. ......C.c.S..V.w..=...FC.>..7.K@X.p....&G2.F..i...~^"+{...&wE,..g.GZ.W........i.]..R'Y.%a(..f...'o.u....R...,..g..........M..."......~_.>...... .-...d.`6d...T.q..2.1.....;..4E........?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.978282331851742
                                                        Encrypted:false
                                                        SSDEEP:192:2rsk1gr/a3niRNxdpD8n0qtDFbYHR8U/BDOzF:2TgrAnUpD8nbbYF9OzF
                                                        MD5:1D550265384D22F86AD515C1DE041750
                                                        SHA1:9114E773D4B30749A21962E9215342248B1D87DE
                                                        SHA-256:E5E4C6D8E412D2AB4DFBB859F284751DCA4850BEB1B7C044B1542B7A41CD2F2F
                                                        SHA-512:A26BC570B414677E8485E11B6BD85018E9F2CDC2D5A9C6F2279D051D66CE68AF56AB76C651D3C1370B426DC258182F5DD4288233338F298B0C30B2448E5B7829
                                                        Malicious:false
                                                        Preview:`......R...&T..&.O.........Fv..`.&..B...}Q..55ig......,...]p..E.{...#....I.gr!..W5|...O.s..(...0_V...ir*..y%,.[...........%,3.{..#W>.hp........[.X.......Q`......Y..m...X.o.<...t....TZCm.........4o..-'.F*A5R..(#.R....<s.......3.......0.....-zH....-..d=..?.\.../xL...v..U.G>O.D.{.A>....P60..../..1.6.\.gq..~[.4..S.\........./Lv.~..R).z..Dh....~...gi3e...5..~J.x.."'...V..h.`...5.hn;.`4}..l.....}.,....iA..M*..[q.'1..`tV....h..?..$..~...r.x.....R....7.V...O.^...1.y/...DrjV2.:...%9..P.6....Cz..x:.N.k..".<.<n,t..j...c...q.2.r.i......\..zZ...IJ..b|..~..c>..>.gu..%..{[.'4.Lop|.+...N...k...kb...m....k5.c.......%..]...(S..@6...VN.*..c.yo......).....V........I.6...._..BT....[....j..0........?.Pr.Z.......4>..lF..@..`/.T...(h..d.. ....<.R...EI1)o&}J........p.......5N.]..w0CNa<.Q...9.5..Bj4........` 4[W2...-..k.).........V..U...).3.."..v....<.l...../.2.T...:.V7..7.-!..w...^.....E....mn..w..~....w%.{..{phl.WK.I.p.J....\$1Hz}..J..4@..i$#...aW...[*

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.976562599325277
                                                        Encrypted:false
                                                        SSDEEP:192:K27y5nJqAQX1BmiFd77qkuXR9BDg81ESFYppJh0g0cjbdH0Y2O9F:K27yCFBBFd77WrZWdOotB59F
                                                        MD5:DECD27DB222F75D4E032A2B32B827160
                                                        SHA1:6D40A683B89C8E4BEE4804B78FD9EEC9C84834E1
                                                        SHA-256:5889690E9A3067F4AFD46BF6ECA4F3C7AD4289232CA86F282B8F4740F08768EF
                                                        SHA-512:F639A0EF751D2BF022B53C83F8AB44F9BA3FE1136D9F6570C94F5AC921222A7AD5394D4667231F0D41E0ABDBA7BF772EC78CAA8F6804D8C99E3DBBD968BB3E62
                                                        Malicious:false
                                                        Preview:....}q(+.......i...W....R..J..$...L.......,T.F..@NatE.0.K..lr.#dp..*.t..h.......+p.....2z@..[.s..wuW..6......Q...&.......l...cMj..#..".e..]/.W.+.....@.......E'P.F.....e.;.f.....h....h.^.zM..<d.....#q..M.p.+..."%+.FN<jFL\..9.F..mL.P.Y..^..n4sQ..4L.84.v:.)..{.O....m.2a.0.u.N"#/7A:....>....J....Y...d..r.(<.....e....]x$..XC.v..!G.|.~J..e.O.g...Dx....J.Z..ue..b..X...Y..O..A..../Gh."/e.....(......gEJ.J..F..?....Du.r....gc&.w).../..C.._.>....Y..k.4.......>.=..6w...U...........q..}u#.VH+..y.72.iX.cCU.P....b...yq........[(..vK.Tz,..c.*......j..mo....e.O...]|W.6k...I&...(...Q..d~..P...........!.G....^....b.V9.z.S.........7l.K`J.........=......b.!......7a....!.6L.Y..C::..0...0..........:hN..;..........M.....{..O.3I.b.Lo.\..!...R......a].w_.]K.2...IAW...P=....:....ry....4.....O...R......x...{.XgM.B.De.4K2.E:l..j#?&..Ai.@."..q...X.".P.y.3@....}ZX..J.u.........Mch.Y..... ..O.."...)#P.....A]...........Z:............d.zX...U...v.&O.{.....\,@.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.980107827586623
                                                        Encrypted:false
                                                        SSDEEP:192:pG6yJkt7WtWZbv7csu+TzUUJY0Okq0cnJDqWEKR5PPWsF:pFyqtuWZvcCT4g8JfXPPWsF
                                                        MD5:122F127D85FB318594AA8C186D3136C9
                                                        SHA1:994063735E65804ACA6A5F6F7947CA57B6CCB491
                                                        SHA-256:54B067B4D3D67E245A19BA95CE4F3378AE41B93DE836CDDC682C013C35C53BC5
                                                        SHA-512:3FD13FCA1CDBA947CBC067C5E9508DAA676B2B6D9AEEB0A91F2B5609FCA2149B64004AD4FA939B2A2FB47BB6F4DCB64E2847CF769C089896508B05DE309A33F1
                                                        Malicious:false
                                                        Preview:..M.JI...NK3..q.uc.UR.np~m..6.i...J/D<d.3V....}....K......>N...F..Lb.......F.C".......H]...}.$*/...<.s..I..J..E......j..R........I}r7...c...g%..D,E_.qYj...A@.e.N..G........A.7... .VbJE..l..m..i......S..icN...A.?.....s....Y.#....p.m{.V..."}....:.h..R..-...^C....-sB...'J.X..[...H.9.b..1+..B8ox~@......;.M..?..4.U.s..c.kH.0.TB..7l.1s.h.:&..eXI.3b.rz.Nd.P...up..w..u....+.......t|7..._E.X0G}X...+.E..l.j..h..B.=0..R.{...\V..#..[.J.cw.....)....&...Ym?^w.SYp..(.@....|.....Yem...F..~5.i....].Y..r{O..+.1../t... .OP..O.V}.&..v...K6y.....U}......v....Q.3.y=.2.......%..&..zP....l>...F...SK.->U....e........t.Yg..qE.).(.........J......>.3....,.Z.M.....{v. ..\.k.s............a..9.....:T...G".z++E........C....o0.......Z.J..(.2~.Qq.Y7*..r...(..6.._bU.H.3..O..... ......j*.^...]b..5..{.....s....s....X..2a..2f..h...H.q.De........{.tq..B3-..X.1 ....ru.....e$..Z.gx.m.F..]...q...........Ekm..n..)......0...v....s....j...I..K...t.g....xj.H|<.v...n.Kgt0...X....~.AS....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.977355373462209
                                                        Encrypted:false
                                                        SSDEEP:192:7MPu/edwjjHmT1yBk19myJekQG1HWairBD5nq4D9Q/F:j2ujjyoidekQGMBD5rDy/F
                                                        MD5:2A77FFCF94055E13A8A5574EE29F37BB
                                                        SHA1:08325D42A8C4CF89E6AFA5AE4A4BF04C9F749593
                                                        SHA-256:781AEB9C36DA68097BAD88B1BE1405935271445DEE02263B8B10CD018E3290FB
                                                        SHA-512:6055B88E015621857B64733BD4EFF015EE66F9CA610203B0F9FAE2C7F99C264BC576F4B41D34805670FEFE0F6BC62D480667723F95623DDF38FC7001BAB5677A
                                                        Malicious:false
                                                        Preview:4b#.....n.(y.~..Iw....b<..en0......b.U|K....NE...S.y.#.(r.`...wp.J?`1.....C....'&}...De}.,r..Y.w...........a...x..#.M.2pEb'0.....M\z..........00.3:p..dh.....i...W;gB..j..0q.r../.....zA_-4q.^...H....s....aR.75.H.X.7.G#.t].UP.".D..n........`.*..2q...Jl^..z..h.K.,._....&.h%T.,[.B...G...*..o...0....&..~.J\|`.;..W..^~.B!..#....fi_....x.A...L|.9.3UFO...ZL.a..\...B_.*.].Gi5.....z...j.......S.iG.C.8.b.m.X.....S!.e. i....[(......9..P.g,.!Y.[..o.q........../.......".H..@.I*O.<./*z..iw....7.rB..Vj...o......f..i.3.>2.r7M.f..2..........L.....0....t._..n.`.3Y...c.A..A..@$iC.....R..t..%.."j).W....p..HH.....u.k....BVO?.&^..+......lfa..n..YH...f...j6.F:...........]X......j{..Lr.......-62LAyD...Gg.C.2p...c..._T.<....TX...}1...pFh.;...\.."i....+'t.8.c2k.e+.......I..f.........P.m...3..........w.6.....Fp.....o.l...o.=PNo...\.Co..Q........b.:.....s.58.0...j..q3..;..$w....7......_.Z.[..y:.tT....4.sHDq...(Z.|..m.e.f+}.8...E..O............L.p..=uG[.=V..,..U.L..sL{,

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.980266671015841
                                                        Encrypted:false
                                                        SSDEEP:192:xNzO5Xd5qO1XZV8OjeQb7wMBv4GOKxg4SperVMWcooLEkdkdF:xNzuXOO1X0OjeQVBvPOKO4SZYoLMF
                                                        MD5:63231ACE895B7D6FA679B7A91BEC2912
                                                        SHA1:C9D67AEAC5AAF72706CAA9A0720925EA44AFA13D
                                                        SHA-256:251D26B9C47C08EB7EA0B65498D2B26DA449E52FAB75433377F372C445388983
                                                        SHA-512:81D3CB13AE1CAC1D4202389867E3C85C5844E1226AED991AB2BBAEB304D3791C1A2C21F1D2283B0CB3AC25A853A9A7F16E956DD3B61D2BA1CAD26158695D3746
                                                        Malicious:false
                                                        Preview:NA...._.x...3E..(:".....2/.b&.}...D......q...k..>j..?..!....6....}...p..[.~JO...+{....I8...4M7..q.d...6$.......q&..P))-.lT......(p.~...7.....^y..a../.!....d..3E.U...$..?.M.6HI.Q......(..,C[M.v.."...KRf.......b...H.R]..o....:P...c..........B.m..`.}LE...ecc..@.Q!V..n)..2Q..u=..T...W..=........fpa......S*...r..F./.e.Q@VC1..PUE^."...i.C\.fv..V...).4..,% ...(...c.....@.ZH..M.D...........1J..%.W$.....$.v.V..{#3.g|.....c...B..../.;.;.....x..8...M.T...P..%ru.F...a'..5ED.B.n/...]...=..{..U*.G.d....}.[...Er..Y..5.jJ....]..A.....J..<.w.~b;&%....&7..pm.-t.*...|......P.i..q..i%...C..._.;..`...7|...&...BA.t.....9.7.ZQ...P...R....;D...su.....i.8.QU...k.....m...`..X.z.....0f.......$.........;.{m..h.y....Ox.......A x.\...Z...s..(s..3(..J1....(@.....{.YC!,p..Hif..j..,.NE..7.........Q........=dn....,..y.p(:.{..........:*..a w|..... .M..D+N/.o.....$TI...^..).JnyL.tR..z..?.7......Xj.*FC.8 .0[/.C........t...B.....LoHF{..`...C...U:./.z1..........7(.!.r\.Z..

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.977770847783933
                                                        Encrypted:false
                                                        SSDEEP:192:BiPr2if3nq07zQm2hBslsV2p1aa6lmDZVobJWcGG1phjSGVBWAd3F:BiD283qAzZ2hFV2pFEivCJWtuSiWAd3F
                                                        MD5:A308DC57B95415370411758536EC0C66
                                                        SHA1:C4349CF16BA715BEB5A7B098FF81BFFFC1E1D676
                                                        SHA-256:37A5D8612051BCEAE036A9862232C9D9A5AA51FCD4DDEF7418E8AAAB119885AB
                                                        SHA-512:C10E8DD8A51BE6D8DCA589C42A446C3A0552B369468E0FA2F91591AFFBF9FFFF3F7929A7DE1A376F2A1E86A408FF0544136F05FC8FC29D632B58B1186C1A215A
                                                        Malicious:false
                                                        Preview:w.#-...u.....#h......P..;...J.!.;^.|..1.BLO..P..^.....a_..=..G....dSM.H..HlA........(...."..*.%...)(.yk..9q.(e".u$2.cp......Hw...\ .ge.h6.G...T\d...$.>.p)...7.l..E...A.-.M.G|.J........oF.t.95A~=............GO..0.e.$....|v.7@`.j....J...M*F.-yj.,.. .d..X.U.Wg.*...Ok..n...K.._A...f..l0....a.J...yu^.&{'Y].6.....Y...i.~mbn.V..;Z~.._..g.G....3....TF?.._._...y...>..g*.>..+zeA...}.., b.},.>....giZ=#*[.....Q....Og5..8...E..9g-.}...d..Q.......^qm... ..I}.l.5lqE....`{.T..Md..............G......7.........]C..!..Z..F..>.(o<.....^_3.`.=.y....J@....dP.P..h.a.Z..E..Z.h:Z.7I.R.....T.....RS.}[Z......W..m....JQ..Q.#.od...n.4...bT.7H..0..^o.=...G...Kq...3e.3..=..&........P...O*...,3HU.......G...^.2..!..,f~..GS.X..../0..[{.\...<.#i..P@$=..>..U..~.W....?..b`.......4.6XHx..qX..V.~.N/...%.......m....M..4C...lv.E&.A.\DZ...$......'.D........../.c...............t.@..@..\..e.../....'.C...d..7M...Z...=.G..~.^.... .M.,......g....e.i.t9.$Q...|....Q....t{z.

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.978196559635582
                                                        Encrypted:false
                                                        SSDEEP:192:CV8o98xdMn02KL4uNmpRrMPVgf/fxbpAYWf0+2RDbZGWTDdAIu786F:m888Q0plENOVgplAT0v1LTDdAlQ6F
                                                        MD5:359E7AEB887554CF998AD25F2245980B
                                                        SHA1:3D3225E6A660DB94AAD5ECFEE6A23EEF9B1763C5
                                                        SHA-256:9D6E8F094DBD9A01185044DD1A0EF0CEAE969BE2DAC068C633C3846224F63CAB
                                                        SHA-512:66CCE14F70CF3E21852BF2F9393AB74CEC7FE5A6B47E6770A74218577EB7136AD6B18B96EB38C3A3F871095D0010D215D02EC5C986CB94FFED7CCC5F31FD241D
                                                        Malicious:false
                                                        Preview:.".i)..5....5...>!%-K...!.0...yG.Q.I...CT.....a.<.....w.2.q....A:.~..[...>.^d66...J.g.G.1...ZB..!8...Z....1-${......B.A*........2.j...Y.\c..@....F`:F.[o..]@.xy.I.7.+Q...3S<.....(.v......J..&.qQ..v.bOLd.(....?;.?h}9...FR.X...K..B.^c.1y)..Q.D...q.w.k2..Qu.[%.....XW.|.F......h.'...........h.........\.a.".6*W.,-cH...% .h..<@#....e.PJ....K{D.$../F.4.L0...9.!.U..7y...k..O.....K..=...m..D.....".7^......U.n..H)..U.6.=8.+.Lf..c.-..m.F%bly.*.w....k..F.z..+.2L>&7..n.....c.+.<.!..v..o.w.... ....7...'.....o..R..`.r...&.&Lq..O....CS......3...i..'.......A+|.;.q_G.s.W..v.R.oI......).w..;....@.M...K..:+-.AX....`.=3.`?{2..~J...8.5.J$.....$...c.,%tcf..#.h..F)..T.6_[...{...[U~.'),....U..)..4QJU.....,...A....*.oh.&.....y..p.P.e........./.....]N......\E..R...2.9X.d.b..^ V...`....k......9x@.F.&..1b..N5.W.A.mC.sE.........Z:.z.(.iQ-.*HH.O..).w3..!....5..hZ....b.ni.l..]w17..l...R...$dKQ.......O...B..L9S ....TP...\Q.._..m7.X...#..TI..D.. 9..F.a..$...z.W..-.<. :7p

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.977561236046283
                                                        Encrypted:false
                                                        SSDEEP:192:WkFEkUYlzItEJR4Ek9G/l3+PiWu6+mfATF:nEJYKEJR4VglIiW7+mfATF
                                                        MD5:126CE861E4C5E51E193B9B5763D6FE9D
                                                        SHA1:4CEB827B0A8445AF7D149EF635C44E5B4745B770
                                                        SHA-256:4930622FACC7C470C4A38429807751024C147CE092B3BC741E4B5719A98E4F60
                                                        SHA-512:CA6C3E9BF78B2BD8E6492F079DD46E1C684FD4AAD9B8A2BE36D6D646F1749CF91299AF7D538D0A2601FA19118452F2C81141D69083872F1ADA7E5E2DD15B86BA
                                                        Malicious:false
                                                        Preview:S....q1..l.......*U..J.Cn.g.nG.tk.WF...7"i....U.q..>..=..{.|8.~.u...p.Rd.g[.Q.o17.............6..n8.<AS|kG.S....E.).l.U=.=6.!...7..|C.p.Y..$..S.:k.n.".w.B...w..\s.4.d.Z....c...27..}...sd..m...W...........5#.hl.E..M..|....k.l..?.e..f+.=.P".xCj..E^.+.j.v%....;(..4`..}56........'C....X..FP.<.!q'%.oT.......L....&......rt.]R.hq/....(..[C.....|...`.1Z.......F...=7#f4.!'&%.sJ...9.....p..&..r.&...]...[.[...-+...C\'Z.#....NB.h_.n.P}r..D.n."........%..)v......n.1..0.G.m7.k.Y1....y......h.Klp..;..{Sg..l.............1.5F...#0.bz.. .Q$4.....i...7.Z....V....$Q.w.h....?.2....<.@E..1(.....Oek..3vy.Sw..k.._e.@.s.5.`d....@....-b./F..s.......7...x.B/.7.N-.... .T.zF..y..t...X..S.b...9sD.....p.S!.%. v.U.....:...%...f..IJ.......o&.d.......N...~.......<...@+..q5..M=.....3)8N.../l.#.f.u..P.."....n.....#.N.lF.|..7.'...M.%...U<".(..5.(...H..Ho..*..:.i}.6q.Q0....B....L..L.E.....Fu.......Z.<.l.jC@.~...OY.....jQ...... ......gI4..E{Hs..W..`.p.....U.._U!z;.....6......g..

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.977347534308179
                                                        Encrypted:false
                                                        SSDEEP:192:6ntPKj7UBXp4RQdmHQAjZFFmLvurFdb7LXeppH9lQO+F:AtPK1RHJjPFkurFdbfQIO+F
                                                        MD5:10AE443873F7B21DB91789D076A3A086
                                                        SHA1:35528DA4AF910901BE1301A9C7CC8FB4A1B8B05C
                                                        SHA-256:724584C0965A1A531BFC6C76E7D96A72C6EB25DC69EC2966ED93BEFEA358C137
                                                        SHA-512:20D128E4D537EB2290E50CC6E0EA650060E476E57F109C9BEA98C6C6FC7978C39A7B6B5935AAF9D2A338743A82E5D1B939419C31694978565222CF2847D0D982
                                                        Malicious:false
                                                        Preview:.........e^..t.?....M.k#.6.r...-..fv.=Pa.[U.M..z....5.o.2.a.\...-.....>l..gFzh.3.CO......B.G.2..E.....x,kt.=.H...o..3e..'...>.4.n.:"....`...a..M.ul..xg.....Y.I.........y...O....2..|..&.k..pT..]....t.%...X.....\...O.....<E..6...|.K.@.k(.;<)...qk....E....3..L.}....o....9B@1.Fe....s(...L..o-b...^......n(x....$...._.rE..k-.}E7}.H.....C'9.n.C '..... v.F.(.q..E..kYQ.>S.....u.<.}GV9..q.k..le....{.:..L$.... n....;.4.9.yHt`ZHQ\._..ae.5..j. .{...r.{5...K..zRc....B......E>P..g..../..:...tg.....Jb....\.*....t.C.F....U...6!M...p>.e..w.:..d.x2.5.......i..LM...I.>H&...S...g...l..1z..W.#91.g..b.K.......f.ON..s.EGF..Q.|3.y.OPP..%N.LH.T |..m0..M..1.'./.d....`....).A..P_....,+.|.\?.......!...V#..yh...n....xH...(.f..WOf.N9...;Q,.t6-..7.....x....j..'....i]&.....vpX.L]..W..>...b...5..RD.?.Ct..B...5..:.....g.f.5.o.+O6...j....)...k.>.{.I.+.K..%......Q.@.j..."b..r../...!....G..s..v.i.z6.+.ji..%.>^i........C.+Z...r..F.......?..bn..2....u.@)Wy.......,._)U..

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.979146652898558
                                                        Encrypted:false
                                                        SSDEEP:192:prsS87iYyy5oUoehlqc9gugrFOIRWb0MtMrdo4Sv+F:prsSHvy5Bn9GJfHrdopGF
                                                        MD5:4625EE25317D5D6C5AAF01C345B59B31
                                                        SHA1:024BDC55F60FF737220D0CB017897E62B6E37489
                                                        SHA-256:F5C048D665F70DAEEFE0CC623D8BF1740EF567B9EAA4C5475B7D01C35159993E
                                                        SHA-512:53BF39498BDADD768446A390FDC6F38812E7A5C407A929E6030A052D0AD4B7CCC4A3944AE45A22B7162C6F3050F4FF4F0B0856429F5AF353B2829461A29CB41F
                                                        Malicious:false
                                                        Preview:nR..hGR./5.9...?......tj)l..N^...St}....e.D..,e.@5.o..t...b...wK.Y.....)M.5..erBa..q4/..bBds...|...p]...(lg*...{}.;..0P..M.r.....4.q.i......wj......}N.7.u8.}.........&.5..g..v.*.....HU...\.-.!c.[.....h.i..Nl..8m)W.6....PlnP....j).z....V.l9.Q.>c.n..f@.Q.}~$.&.+TBk...*...u.)=g"MP..)B.:.....C.f/..o..Qe.&.Y...x....2*}.i.h].v_..."...............;...:;.....y.~%B.+}.f...q/..`......tc..........)..]..+.9...`...Z..f....y../P..'..xn.8..o..I[.3$6...09..~b,...*7.$c........x......o...?...C.!&EI ......(uc%G$.!O..s.....Lx..G+Np....q.YE~...9.H......Tq.j.g....x..+{... 0J{...{..o_...T.c..k...y*..p'.Z..6.. .-.:...V~..P.3U.....g.)...@..Bo.T....XD.....l`0.M...7...W...+.vo.b^'.....y#E.."e(?......^W~..9=.}6.Jp.VZd.%c:B.i..'h.8...,ak..vV..L....E...@...4a..../.Re...*....;,.u....H....._.%..h..<..z.a*..EK.,Y.3...nn..&_..n..(.l.....a...?5-...|..p....b.d].....jX@Ad.u.A.+..O..j..<p......&P...).*@..C...o............0..Q#h,5...=I.H ..9....M3F.i....;...nc...y"Q..V...q..N.v.6l`i.nK~l]q

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8431
                                                        Entropy (8bit):7.97933880264666
                                                        Encrypted:false
                                                        SSDEEP:192:mHhuIAWZ4qSAqbrmMpnb4WrAhqwkxS3pu+owM2HKdEewKqgmJF:ShJAA3/8bh0hqfxIpu+wdvdLwF
                                                        MD5:1BD11302EED913E4E738156378E6DD24
                                                        SHA1:20F3622319B18E9B785939BB9FF4A0FA85009E50
                                                        SHA-256:555984785AF070316B1F6A11143E8362C2AF83EA33EA329F864A4075036020C8
                                                        SHA-512:CDCC903C30365FFFCC086D5624AE9EB2E26AFDF11821A07F9B991F44F5D9BC0F7272C24315EB92E81754FAEBA12A92E3ED711B715F3C9ECE73BCF824D03797FD
                                                        Malicious:false
                                                        Preview:&...WdZ.Y.&..6..s.x.......`T.7.9/z.~38...9...-[:*3a[.^.>2.......<e..#.|...qa....QB].m..!.[...=..-hE..O..<=.p.!V......"&.....]..|.+....R.....G#k*....U?..g+....jO..GumX?..R.../..L.(....B9.A...1.M3X. FI.V....,.S .....I8..9......W{5......~.....9QZ.G....>u..mp.<J.8y.G.n*..S....."...{k...d..3I.....i?# ",.S....6@p..E..M?.-..x"(.rFW...h.{!o1\.......4.N.bbf\.N.6F.B[N....6Y.89...;..cBuA..q..=.$.?..X...hO.q....A.S....t^..../g".\...h.{G.2.........+l.U.. .?.qO..yqp..E..x.."i..n.:.....w.b)....+.*).Rf.(..~k`e...X ..PLK...........1...e..0(@.g...%.8.w.RL..h+K.{[R@S...0.`.(.......tno..:..QnA.2&r..rJ....>r...k.w.v..#.....1.$BH!.].y g.\U..B.ogw%..7.c..yjG...........e.....[Rp?J....Cv...I.TP.9o;s......Sgf.2.<m.I..c...sz8.w..-R.=.O\.K.ea.VVH........8.yPz|..,Dl.!..Z..pj..lu..F.:.....)H.S..}L......K.....7@..........q[.h...*.....{5.vE.[..-z..-.,..#..@...G..+...a..Q.YG...a........[z....a9....l..L.11.ol..>......)E...'+>Asc.=...m-....tZX3..q.......a...!.......

                                                        C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\PeerDistRepub\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Publishers\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\SolidDocuments\Acrobat\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\SolidDocuments\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):22714
                                                        Entropy (8bit):7.992783261905302
                                                        Encrypted:true
                                                        SSDEEP:384:Y3Qm5Yn5PUuf1+bKBihvY1pkVv9Lr+6pcgkl1uVSCkALuV75CCuxW+88OMQZavXD:YD+5PUuf1uKMckV18g4/KE5Cfr8aPaEb
                                                        MD5:87AB1F3793CA9E7CBBC58DE347F6D39A
                                                        SHA1:8B82E508BAEAB5733379B1562974750118AD2DE1
                                                        SHA-256:13048E245864AB603AF11265C331FB3BDC734A30C590506C5070265F6B3005FA
                                                        SHA-512:41BD830EE926DCA93D63E5F10B116108FAD50CFD17F9C46994F86325F54AFEF485323715866FF652BE75C6E207DD36498A533E3AB73EBF1756E1107FE9FD3B07
                                                        Malicious:true
                                                        Preview:E6]/a...Y=..Y|..!.R........<....hPtv..9.4.0A.^T:'....q...[....g..W ..&p#F..CD..f.f<. .6..QQFg.(.t....#......UW..R..@..1.2.V......=`.\..#.~.....C3...k....D.MSt....bd......j..{.8'..I.Z..|d.R]..%m...]TC.t8.....Y7...1..........q.".......z... _.>wM`r."Q....Zf"..7....$...-..._.PK....=._n..;..~.>.....].#1...x....#..m.a..d._..J...Y..T.6..[..Z(M.g...........g.p.N....9....w..Z....0.=@t...S.e.4..><QM_V.0..E5..c.L.g._..+E...xy.s.p...3....."..)|..6Q!.B.x.q&(.........g.Y..+..X.f..._..P...j................x=.....D...g..lw.n._......0c".u'~j.p$_s..O.O".K_..V...3..qf$..`I.{.(mC.X.$5.e.1,......M.....E9a7....A.Z+.)VJ.....'.8 /..'o.%f$.\....s...\..~.L{.._..$.=B.^....JH..f....]..,...Dz %.L..P..(,..(O..x.... .H$..^.....)R+/,J).=.+]...N...e&...3...#x....B.)T.x!|}.`K..N..R.....b."..7...3e}W....;.L.uF.....[..c...m.:.>.%a.a.N...n.m...#_M.!...Y........(.(.H..2.j%&.Ix..YY.c"..8....kpC.MP)..f..~....*..............!...jI....k=.p...%PL%...>.%C.......%..mo..k.J

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334923056622400_BD966DD2-7850-423A-B1D8-7882CE1A6D15.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):199596
                                                        Entropy (8bit):7.999137142972128
                                                        Encrypted:true
                                                        SSDEEP:3072:zp+TcDSEt1WH1bJSG4KHC0iSg4698De8npbsMq5NwlJIBBcfR/xV:j5t2954Ki0S4y8i8pIq+BBcJj
                                                        MD5:B80782E20CA3094152C48DC197E364F1
                                                        SHA1:F41D3007208D6748C93C63867864ED1842800592
                                                        SHA-256:3D8F9111546F5772627234ABA9AFCC917297E8B0B6C3BD1FF6048DE1BC2DD7F9
                                                        SHA-512:87E1B623824234E4421D51AAED91EECCA1F5C5CC769BED828AAFF2032FABAF88EB650D78E1E6C1DF8719ED7FC2F0C9112CE37594A1E133129C1CF52F21FABB4D
                                                        Malicious:true
                                                        Preview:-...W.F.'.`...$(}.O...3..u...q\>.R^:.-B5.@,yoD..Q..lw.....b.[...~.:.t8&.El..2.....<B!b...M...u.}..)..4pM....g....R......F.y.r.D...)..._.60h:i.H.{#k..Q9.....|.).*...O[.}/..&.It..kbp....X....N#j....": ."....Y....5.i...S....NI...m={.\.K.F.tU.s..y.V.d.H.p.<#..."..5.*...5....}.(..!...D...\P....j.L..q\.c..t>.F ..Do.. ..a.U\..^7..Z:....+l..s...H.DT;./...U.[n(S....w.......ygS{.%.....^jST {..nn5..4]^.^..iO=t.{{..|.i.lff}.U...P..v.p...{.d[.......77...bny.6.u..qX.1.U..g..Y..p.9M..+r0.R5)..6U.[S.....wJ0a..L......{.).d!....K..px]..A..a...".c.Z\#..L...".!.......C...`.jK....Z..n..#.@.B.!n].FVpi..D_.D$.D..@.>\..Rd.........E.@....g.;X=. .h.V...uG...D.=..m(...."=.Q.W...q...:8.-@....m.-+C.8.v..t....O....e...._............ %joFl..#.1...iL..7.pb=...2|tcg.T..\g.I.j.b]..O.NP...c.jf..S..*...<...g_...=..:...*.l9.#wB...u..(.B.J."..R..ox......;....CI".,x.. .1.........m^....S[.S.O[-j..}..!.Mz6..r...k.."...y.C.B.L..g...F...........nXWr.!.......]..++..s..:CwI....

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417072488237400_C12D9B44-3468-47BC-9418-BF0A674A2B2F.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):226655
                                                        Entropy (8bit):7.999208634244429
                                                        Encrypted:true
                                                        SSDEEP:6144:VjB7qjQiV5ZgAJKnTRonu5D8HigLu3jbPy:B5g5CAJKnou5IHI3jbPy
                                                        MD5:670B5C3C5AE68DB09E7D24C68932A9BB
                                                        SHA1:6911254D6075CDB1553E7873A998D623E8844536
                                                        SHA-256:51EF3142C98FA728DE5A7C24B59BB8C2D43411E0AE269293A3F5DE8DD8501AE9
                                                        SHA-512:8FEA705FD60B59D518DC81310641CCA1BDC08A9D61BDEAFC9EC512BA6E62F962A8D2E15D01C75BEAE3469B1810FDAF1BC19D9D484E62BB98D093FB5D740AEAD0
                                                        Malicious:true
                                                        Preview:.!...w....BKj...ELZ...0..w...hX..w.l4ZD....0O.....m..&..-WR.F..|..W.z?...tU=...m.}4.H....yR..F...@.x......8....$.V.%...+[..gCU.so.Ze@.,.I...0P....e.jM.....`Q....=.f.....D..t......... ....w..y.6u.......O..z...`.H...l.G .X.D...*.r.S.;Zy......&.FI..,....i....|r...*i)9W".......-.....c...b!1...X...8....f......B.......P.Io...........[..lx....7.B..........X.&W.y.M.....<.....OI.<1ZlY.U.i.s..o.q..U....'S.DE...x...p./.u..#.=...M...0.*.....M.8=...W.=.b..R..z.Hx...w<h...$.....v].....!%..M.M.*vZ...C...A.g|..S=.;.....!.r.K?D..jK=e....<..d.i....R4....)S....,..-i..J.U;/..M..-"--h.C.6.7-*..v JB>.S.B<p.6S..",.O.".50.M\).....(......P.....&.F...%.7^v..Z..#.3..E..#.t.;..r.l...73....D.Jbm....q..l.)zS....t ..t.}HP...c.}....k.L.>.o..3|dQz:W.x.@...H..1...+`pw..eY y.{.._!._.OS.Q...=.Q.Y........N.`6..I;{....:{k.....]..YQ..h......r..h..Eu.....n..t.....6.8.<.(...|.4a...=..{......$"..e.a.}..o...'..q..R...d..v.BWl....\.7n]........v..W.7m..,...{.K.W...|..$....f.<...

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417101742322600_290EFEE9-C25A-4857-9F32-D7E6D51B7C09.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Secret Key
                                                        Category:dropped
                                                        Size (bytes):193385
                                                        Entropy (8bit):7.9990172598314
                                                        Encrypted:true
                                                        SSDEEP:3072:rMZztN5OEr1ZPgF6fCrACcwolSS4Gtrsyi1CmT137vX+22KOfsU6W1QAKnHQFtNY:rEdO+KAcAyaP4GtsyoZD2KOUxWqVwj/e
                                                        MD5:EF8C282EA8353FCBF053245F20E4DF54
                                                        SHA1:14FC2BFA92EC9AE5CEA5A1BD61BE66278710F594
                                                        SHA-256:54B392E13690234223E10B6B2953AED10BD0332E303287296C1319EF9705E25D
                                                        SHA-512:1DAD501AFAEEEC92EA2D473EBBF8B0C2B051DCB931A37D90A9EE2A28F88D9DA328D1A8AC2135F246792F969B7A4A0629AC2D88837B73E514C926FA20BEC942D8
                                                        Malicious:true
                                                        Preview:..vh.PX.R.......F..y.l.v.4..u.(...S....b.KE......2.......V.^......)..^.;.h..[.v.P....p.....M.....T:.S^...:..'..h...`..N.+E..R......{..(.k`..R.........|r...zq...C..bh....(.).b~_ +.w.%...c{....<.+...X..h.J.M.L}..yBe.`...2.......Dh..'....yo..|.UF....^.h.9.T...^..J........%p..^. ....(W.R8t....\..97..nJ.....t..W.K..t.F...o.y..,.y\M...s.iw.z...9..H...P...7...........?Xs...*...y&\.$).X.j[......^F@9....yx4.D.L.=;x.`.N.dV.&M.wx...Ce....R.g.....P-....a;.sa...l.L......d.. ...a.....|...cx0...)h....|.p.H....e.....~yD..j.%..p..^y...e.L......s.k.A.Scv...Y.=..[..t.[.h....C./..\.|.T..*k.S..1.....R...E..T..Ce....D..4..P.pS`...Z.B.gs....Us..q.\......I....y_i..Q0..H....75._.I^.q1......h.||../.F'..,....I...W.@.. .Uy>...s........f.1.Qa.0..3..W/A......._L..F.Ki..x......$_...'....C.Pg....A..<.g.Y.U+..A.^6W..r.../..w...w..m.f....W.4-.....y........c/%;w.8z.....m.Z...>...h..&$..L...7+#.[.........D..,e.[.B.^i.2.o........X....{o[D1.....M2.O...6e'y...A....iZj

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417118050662300_8475A8C9-2447-4BC4-8E46-350AA0582B94.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):171759
                                                        Entropy (8bit):7.998767937992455
                                                        Encrypted:true
                                                        SSDEEP:3072:f5roGbMYx/Ev33qkgEiFfSZOTYPPUdHzlMDgROlY9zPMsGQawC:fCvQS3qkgEilYEhguOi9zNFPC
                                                        MD5:232CE9A985BE6B194C33E636F706B419
                                                        SHA1:D49D32566C857811B7911FDCC5148FD48A3D570A
                                                        SHA-256:C5FE59B5706855D5291F2A5CFBF8FC48F7561D89B282BFFB3A6179691502CFCD
                                                        SHA-512:A1C3672436B0E28D5F0030C03CB7A297FDA3AA49C14CB83DEAA974B7A5CF2ECB8865831806A2D38A19DCEBED2D2CDE4FD8633D228C4BB332B8FCDA5BC058E55A
                                                        Malicious:true
                                                        Preview:.98.....|.kq)RW. ..>....d.;....[b....W|.......j....s.)..Xy.v.j..wf._..*....q.Ie.......&.v..5r).=...h..6...p.,C.g\.$B..H.`..[.F.].`.H#.....y...X...3.{.......Z..h.....w.....rnf.E..M.u.._.=k..e.)p.C.~la.[i...9..A.d........-...c~*)...b..B..x'.m%...d..M..1K..2,....p9...$...F.\".z....U9'J..v..rT.Nm.........j...........$..O..*`.....H.....1.....@b.......f...C...D.[1..c.G.V....N&....+..C..:....3..~...(5...S..4)..#,.b....!..W..D.q.*.r..\U.?t.......n..@.vm.3.X^..`."..~..y..o2..=9h..pSG...(.}.$._,v..t.#.!K-^.2...q.....9.)L.j......&.Co....O....q@G.>..j:6*.~...W..o.f.i..s.....c.y-.......S.e...HcvW/.........[E......ed..n..mD..H.R...g....(.hvy......\.g.V[.....>....Q.p:.;.IT,.R&{k..6..;.o..<4..'\..m...P..Ww.....?.[:~......-7.{.q{g......i/.8[.Z&...f.1.3..d.G..~0..AAS.EHNM>I...u.o...#.........A0...."...C:...:.@0_..M9.#..uq.4_..*....I.~.8.\..&..0......h.)..{N..~.....c..H.kh.f`.-|........+..46......|*sjH.....q.......M.^...q.?......a...!.{...&#VH.. 9.b....r....i8

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App_1696413198165042300_AA3FCB9C-CF1A-4407-8A94-A7D6C220021F.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):150120
                                                        Entropy (8bit):7.99873801459022
                                                        Encrypted:true
                                                        SSDEEP:3072:avqCl5kSi4Qz7gGNmZTjuDlLz1TaiXcxxYQKV9tLmsX1oI/gfL:YHkSxQzkRIpzAQcxxYXV9taUofL
                                                        MD5:AE30E2D5CF3BA74FB47C8EF956A7A929
                                                        SHA1:52D033380C6B0FCC1DAFCD3603F6FEE1377585A6
                                                        SHA-256:E3D0B4FDB1D9C6334B3C6CC0D5717C9F3825F7233042CAA5807EEAC0B33B3DA3
                                                        SHA-512:0DC5DE2C11F89827734CE726FDD68BEFA0D53E03AB8FA3F68CE43D34E9E6C2883E5C27C1E3218BF0C5B3541B3347535033FDE6169B787B9BF642B3A396684973
                                                        Malicious:true
                                                        Preview:G.#...MD.JT.lF..................Tm..Z.8.D;.J8...k?L..L..A4}.9.s. .w...G.*..-n....V...d..+..G..W..w.......R.."..;.|:.s-.<.....5v.OJ.K....s...b...T...W..d.......ueU...O..[.me... @...0..wT.wK.2..G.\S......u..1...yS..2.p:.3...S.....R-mw..i}.).Z.2.+..>.&xxy....."..g.&1..X....3*..}I.G>O.......]...2H##...;.v+.F.u..Y^).J..".>..O..>J.A.o6[....b...^5<.*........c.|1_..C\....d../o.C?....#...[F........l5...'../C.......D..........##..<...4...=.'q..qze...~M.+...1z..=...}Zi...6.n!A..hFn.]o.q.%b^|I.@..B....7H6.V1}.\..L.X...+_....%..ye...8$u2c.....$..!z...qd........|QU%..*.GG.+....&..`.w.Ur..|..oM.......S=i..r...q...)p>.h.T|U.X.gP..1V_..a.FZ..2.b...e..`.ap.[.....q..l1..@.1_.eM.a..#Pb..*.;.{..=.02v."..5.T. . q.Z..&H.].b.:...l..}f'...T}.._Sc.~.!...2bG.xu./.+I.;+.4....jw.$...;..2.]...E.I7...".8........P3'Kw&Q.3+.....R;.M.f.Q.....Vt.....a\..%<,..7..g.os....8x7v....);...:.%....i.....D ..-f"..i9.RC..6..P*).k.q...1...45.M,-.6.....x...;.~h......+.K.....f.........*..w.

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\ONENOTE\App1729920445649056100_AE9852A9-9E8F-4980-88FE-71C30F24479F.log

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20971520
                                                        Entropy (8bit):0.011778425346316079
                                                        Encrypted:false
                                                        SSDEEP:384:qhT8vDLKnOudgN474ih4x4/4p4NB64+hV41pt4Q1:qhT8v3QOudgWEiyigqNB/Dy
                                                        MD5:8880BDDBDC8B53A11FEC5E74E56D7186
                                                        SHA1:CE9F35BA18DAE4A5B569250828B08AE5CB8B6EE6
                                                        SHA-256:F9B9E15AA90D1FDCB8348B2084AEBA4179512ABDBC77D84B89BD08E4B67F62DD
                                                        SHA-512:E85893B4152457D1A36FCBC2C402699ECCDE457F84627729D8C45B2F9B875D6CFED42DA78216FDDCE985E7049E175FFC9AEC396AB2C4E28716307A15CE1A0F8D
                                                        Malicious:false
                                                        Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/26/2024 05:27:26.021.ONENOTE (0x13E0).0x928.Microsoft OneNote.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":20,"Time":"2024-10-26T05:27:26.021Z","Contract":"Office.System.Activity","Activity.CV":"qVKYro+egEmI/nHDDyRHnw.6.1","Activity.Duration":444,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Activity.Result.Code":-2147024890,"Activity.Result.Type":"HRESULT","Activity.Result.Tag":528307459}...10/26/2024 05:27:26.037.ONENOTE (0x13E0).0x928.Microsoft OneNote.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.ProcessIdleQueueJob","Flags":33777014401990913,"InternalSequenceNumber":22,"Time":"2024-10-26T05:27:26.037Z","Contract":"Office.System.Activity","Activity.CV":"qVKYro+egEmI/nHDDyRHnw.6","Activity.Duration":10295,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Data.Fai

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\ONENOTE\App1729920445650063200_AE9852A9-9E8F-4980-88FE-71C30F24479F.log

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20971520
                                                        Entropy (8bit):0.0
                                                        Encrypted:false
                                                        SSDEEP:3::
                                                        MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                        SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                        SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                        SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\Low\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\Symbols\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):8547570
                                                        Entropy (8bit):5.64837822941503
                                                        Encrypted:false
                                                        SSDEEP:49152:e67FcvK/nD0kLfCgj91OPKW0ANge+q80Ibxh0T4tI6lIfKi5YJjJIBWtcdhkRPKg:eGoInD0kuGWF1qd/HIBWSdhkNKNi
                                                        MD5:F1D0A1468345CD6588B67CDA69A17919
                                                        SHA1:1494FB719B3B56F720110AD82A4AFFF986B39F00
                                                        SHA-256:BCD34397ECA313DE56D35F6BB939F0B0C80596293A23BB703624B1CCA290F8A5
                                                        SHA-512:22A8686119F92DA27F96D4041674E34708F2ED553B05EE76D68C2782D8D3394DEC18ED0F2E91410E9B61C618A40873F48370ABAB31CEFB5F151B91A16B7FA960
                                                        Malicious:false
                                                        Preview:........%.3..P..`^.}.M..%..<.o..2H.Y#.4F".4X)b..CQ.......S..~.o.8.........Rr...M..-.p.].k.....:.N:M.JD.K..?.*K..^...R..c.g|...o.,...1.l..8.C.f>..y..j=....(g..s.\.+.x....6&..A{.+....U.4..>.s..FM5O_TL...1X.a.m.^r:.|....\{t..2Eyu....K..}.<.6?.....%....=Z=!.:J.P............Mv...G.....5/.j.0V...&..S..x/.LI-.Vh..`...Hpq.*......T ..a.N...j.-...Y.gF...JR{..q-...."......x...t.L .r.....>?...j.e.g...n1q....*.F}.'$..ZUy....&O~8(v.....,Yz.Z....9..o@.{.h....@.......^..C.S7\W.....&,@y..@..Y%.....i.g.f.....pA....u..$\0..a.+..[,)!4..6DR.........{....w......E....%......,>R.klT.D..P.8O....>,.a.[..o[I....t..F....~..Bp.?.*...+..?.X/.,...ZC......L...V...E.../.v.\.2.iN...(".U.!T&eX..t.....pU)oz.4..z<ZQ=..z.6....t..Y^^C...~egG..Y.f..Y..tBQ..oD..09...Q.ju....b...S....~.@^...3).....0..t....KQM...O....q.......=f7r......../..A.....-..=A.~d.....n:=..;..8...`..L..d...IY{...3.K.w.l...7...@.]>.|/...|X..^..=T..VY&.P....u...t.........B.%.6[...?&.....O...........1.

                                                        C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):1192178
                                                        Entropy (8bit):6.673537303712763
                                                        Encrypted:false
                                                        SSDEEP:12288:enQP3h60hKAX59KFxQwZW6aqo2YNq3u5aPeu831bAmrvFtnV6mxJo2cvXtt:en03h7Mm2G5qo2YMQD5PnV6Xtt
                                                        MD5:5814DC0050AE92C74DAF37D006EBB237
                                                        SHA1:7C6B4D5662867BB563FBCCE33CA18A9DC8722569
                                                        SHA-256:AFD53AAEF60E97F80BAE47F96D5FED0AD783125FCBE39B106C4510399D038BFA
                                                        SHA-512:37B4F5F2FD0928C5A7608D95DBB6ACA38A10164C69AC43BA76F76181920158436F97E88FAE9F79E57471880222C081699FAE60F7A267001746D0D1EDEAA9C17C
                                                        Malicious:false
                                                        Preview:.0.F!.......T[FL.....5.....t...}......w.pX...|G....&B.....7..-\k..&....."F...As......!#......)|..T.3..D.7.p....E........g;x..c.A%...z....B.....t.........@...n..0..-.^.....^..UQ......F..g..4......D......8FQ.-.....}Dcz4.q....'.w....."r..JN.h.-.|..qW3H:..M.$P5....r..|$..[L..):5g.8..$ro..6...^(.>..`.IH5..#.W.p..Wc..83p...#....O.##C.S.....n VJ8.....^...x..u.P)}....y.#...W..h.S..T8..x4n+...e....')+...~.X..>.?$C!.?.[4J...-.....CF.+.K$:B;I....R.>...!..j....'..15.p..WF@..',...Ew...N..u+e...W...9.U.N>g+.u.v..F..........I`.)..Ei......=Y%.V...&.....TU..+;.j.\.9f.....o...1.e:..}..<....}.~..g..^..pJ.......i.F.............c.q..3.....*......o..T..[M.4K..G..3...f..5h#.........O*-..>s..m.].`.(......o. ............rY.X.C......R...2...=.&..F. .o]4...J...I.........Ay.r...o.o?.........e....-PE$@4....[H.C1.;.pi.....=.....ZI.:{Sk...d.oo"J.%...F5'q...RX@{.[.%. .2.....$$O.Vc.....F.A=c.34n_....=.)......l..G..~....|.p..Vv.....;.i^.._.W>....".F|.q....B.....1g7*.P....

                                                        C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-04 13-00-50-743.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):16812
                                                        Entropy (8bit):7.988325154365826
                                                        Encrypted:false
                                                        SSDEEP:384:4/AIquvzUmXRNYSKfeB8tcCerJMxXNDOtz26F:4/Az0+SKfftcv29D4F
                                                        MD5:EA34AFE194378765BBA362483EEB1CE2
                                                        SHA1:F7987D3DAFD121B373B82FD566DDF87726F1A04D
                                                        SHA-256:5AFFC53DA06BFB6FC3FC8CF45CF9E8B3F87EA32FEE911434D518A38CEB1CFBD0
                                                        SHA-512:D7E6526C0135124D07A13249C18D13B0CA03B51030558F6954EBD6D2030B3ADAB9700FE339035F57864F8584DB3E2A225A9B86997AB4722038D8ED6EB4AB150E
                                                        Malicious:false
                                                        Preview:..RA........~.._E..."Uq.];..K. ..n.p..D.......4.)u/..?.X...Y.....,K3..*EOO...(.0.4.:.......\kF..B..z...l..I..F...'l.. ha4.z...;..#+.#...e..5..x..SK......7G.......TFL4.Z....;..i....$b2..l...x..Jr....k5TM.5f...:..........s)..NP....Q.~B..!...!..W.X8...i:.M.&Xy.3.K0....g.h..2....j..dN..<.XW....}ym...q....".ID..4.P.l(.....%.=S...;......E(...m.p=O.!.L.7.#...X.R...z...-.#..C<.Bl..._6....t.'.hz.O..g.. .h....xZ.M...H.-.M..r.._.u....qA..v.....+.(..P.Kn.....!..0.b<..p..d`..X....ml...Sy.\.p.U..g.GD.W..#f......m.E..:....vSc....i....yo..Bk......?.*.X8.+SK......b...G...'..4.G....ZQ...]...C..#x#c.;.........Y..6O.......1....t.........6.wb.V.(...Y..[.q.U......[7beYp.hc....7'B..;8..l.j.j..\OnQ.if.../.%......?}v$i.{..BO=C..I7..x=..</....$...gC.5Y..Gu)x..3Y...h...#{..K...T....4.....!E....a..'..t.^;.b.^..7.0......^............6;...... ..l.q....hqV..V.f..m.\G.S3F1.U..=.9b.3...YH..2c...gR.j..p..,.[1.j.7F.1...T.s#.&P......Vv.!..j..^&.....g.'.o..<'.P2g...{.;

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-04 13-01-22-078.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):16806
                                                        Entropy (8bit):7.988924063198631
                                                        Encrypted:false
                                                        SSDEEP:384:NGVXOcEtHZ+rUoJ3axX3RWOCpwZi8mz2mJLJ8F:NGwcEt5+rUowd3RWOCqI8mqmJF8F
                                                        MD5:E07DC0611636F98968CB275726DA7F8C
                                                        SHA1:9FF1ADB62098D30B3AB1A2A73737C3F5C8546B81
                                                        SHA-256:3D5DE7C0A7BF18080C86E0E5C2C74CE01255AF729395E9EFCB862860BDF62C44
                                                        SHA-512:8698752F09A9D1B87603CBA607A1E41FEBB94B0AB5B945182EAE535DC32DEE8ECB2A1FD2E9DE3C819630A3D7707A88A0907474E660B0E2A8852520306524DCD8
                                                        Malicious:false
                                                        Preview:.$2......p.0...m.og...g..\.h .._.E.W7..b.?.C.g.W.R..."q-..CH ...x....j.Ax...+&......J...S....i..zH%i......F..v"_.L...$$... %m./Bb..q.i..Y.... ...|...1..(...f.+..d]g.....Dv.jk.......i..\;.)....s..Z<.....!...w..".\.`....F........)=.R.3*.^.H.o.m..A;rP.YiJ:...$D..>..p....+zqY.F....I..SL.@.E.7PL..G.sP~R(. ...,..$.'...).L0@..5T.?j.q^..\7a..>...K...r...-...."T9..k...0.\........}:.s...m....E.f.Vq.z.....U...W..}A.0Wlv4.\.....SM.Qj.x..Uf..+7.D{i?../...F).....@:rl....f.T7.[%X.\.....IO1gYS.;..W..}b.@:.V.10..,..1P/Z...uZ..(.}.{..z3>(....,..K4{.q........Va(bE..+z.y.%hn.X....$......H.D.@!.^o..L.@..c5H..+.l_......2.R.|.~./.Ra...;h....sL.Z.V.c[.T....Z.Qg...7(.JL.."..uE.O......|.z.C.q!.e.S....w/.......w1...-a......B./..E}..~...!.....=..aS.Tg...W..|Z.rp.(y..S|#4....r.+....Q...Kv..wG..l.$..p..^......E.c.....Kd.[.f._dk..>1.Q./.AG.im.f......w5DyzR)..LSP.j......v5 9..RF....)............jnv.@+.E.E..{.....h.,~....S....i..........zhy.4..Ms.Y35..;5.....~..W.:

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):16881
                                                        Entropy (8bit):7.989753266912756
                                                        Encrypted:false
                                                        SSDEEP:384:28Zbmjg6Ri237SmGibfsA/BYQ3bNkYFKqYSlb+BXNrt5FpkDp/kmN0zCF:ft6Ri2WmNsAJZpkYw9S0BX9zmsM02F
                                                        MD5:2C287ACDE8DC5BF2FC6EDDABE4E2228F
                                                        SHA1:E7E7A5EEC13D3B55F42D732426463B3F57B45011
                                                        SHA-256:BB3BA01FEDC5DB14533FCF5DAC5CBF04A9001060027F7163579502B08DCAB73A
                                                        SHA-512:D76CB55CFEDB3EC60756707BFB270956AD15564634334F000ECC6F5648A5120DB2713BB4EEA5CD75A05E4D2FAB821B340390ABF8ECC9551FCB16DF2390693C04
                                                        Malicious:false
                                                        Preview:.`.).._.Bm..-...%&...<.S...0..C....}y. ..U....(.L.uR......3..=...X.w.........\.Z..y..|...Bh,.T.c_-[..Rko..FF..2.7F9......-.)..Kc.l....u.|..K.pF.P...(.yy."*..%.sS......(...E@....1.L...+.Y...c..&...xg\.p.*3....+...K#...oo.p..1W]......3......a.....<.k..a]Ui.|.9...G.E...}4....9..!.8u$."A.u=;#9.YS...Tf.n^.t:}..]l.]......Dm_eIj..S..*..\.....+>p.J.J.2.`...N....]...6.E@..0..3$T...DQ...|h.X.s..C.X...W.....;xS..vR..r..`7.....@..1._U>..{..F.._A.|...[.]...X.>..gZx..P..........hL\t.h..r.L.O..p.2....s...K..c=.D......b.M..mF...H...{.).Oo...~..=W.G+o.o.A..f.G^}...K.)>...5.{..r#D...d.`./..*Y*.+8....\..~.AlR(.XN...B...O...[;F`A4.W.....c..Gg."Y..../..$...w.QP..h...i.Q.8.8.Jz?~TT~)rn.0o.{......U....|.A.iB.. ....%........Z.I..s.F...x!D......{....B....P4..J..[.....\.v.N.4.....,...#j.b........T.....O.tm.B.'.....#.L%...Z.-3../k.7.l.,.M..2.<k$.".lN....iU..k...h1..+....up.@..&XsU-........)....9m.i.(.....:.o.2..R.@%..l>.l...<uc.lW<O.......c]...a.T.ET.Oa.S....&..&}.M.b...k

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):24119
                                                        Entropy (8bit):7.992545519890924
                                                        Encrypted:true
                                                        SSDEEP:384:X27yusU/GI+Wr7umRDrafXqeFIm4rsxYTeejTvC6a0oHTHVZXd5Zv3zPJgqNF:XBTWGuqmlQhiUBMTvCrrbBzRgqNF
                                                        MD5:8BE34330CC00189097F4D7D7C85F3B18
                                                        SHA1:EAA2254CF0464C1F5BF4C24211411622B7607058
                                                        SHA-256:93C0C3B58334BB9DF624B40B7630A8D68FAC874F120862C499DDD299107EF1F1
                                                        SHA-512:F572EF0AF6B247E430388464A8F77B78A00DF6601A3132B44900D0A9299997CEFA8465435DB4DA146C27579EE40E6CEB16B1B5985C8B8909397987EA3ED19917
                                                        Malicious:true
                                                        Preview:.:.....).........&.......l.vM2[..Y.[...u.U.Cl.y.2B.8..h..U?..\.[.:......X.2..............]...o...z.r........&.8.[v.3....#..`k. ......../..W....$."....l.....#'A..{..3...u..{QnhA....L9w.:...o..C.;b.hc....J-....w.1.F.D|:@P....y... ;*6..s.D.J.!....v.:...Xf...A...l.'.[:3..R^.y...X...s..t[4O.......Me.S...../Q 7.u3A...q.g{/M....>....70..2P....r5..L=.`...6......ENLt!..k.T..U.8....s.5&.k. .z......T..v.O.R.aP.@....!t...S.h"..r.H.c.*...-4=....@.Zm/..2.36.|B..n.um..~..b.jW.C.CVP....*..}..{.%rg..n.C..........~l.....&*..;Q.[......nQ......>..8{..IH...y..`..h.Q.9.1.l..P.PNZ..O.EQ.-)...........av..Y.........!...Hr.B.]....D.......R.N...Y...6......x.....M..F.Lc.....x5... #...Pg.*.....T.A..`...rI...P..ts..$.|.Tp...DFm.7.....i...+.wR..[.9.S-UzP...j..?*u.j...rz..i..0...Gk.7.....&.olc6.3.C1$.................l.c.].B.X...Vlk0.....9G&S..-..O..T......$..-=.V..E.=S.n..V~..0k/3..Nf.7...K..L=.b....)&..l..H....3..'e0...B~OIz.QL`\)S"...;..iM.~W.X.1.....

                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\mozilla-temp-files\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Local\Temp\wct3D66.tmp.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1601102
                                                        Entropy (8bit):7.987584762533616
                                                        Encrypted:false
                                                        SSDEEP:24576:ieekRzCDqCzF5wEYmNUGCCg83udcWXDYajPF2410wuRpGfFki94qSe/wsNfzUv:ieV0DlYXegQu3TPZ2psFkiSqwoz2
                                                        MD5:E09E621845F02B5D9DFFE5C16FFAA5E2
                                                        SHA1:B1E12AFBB55F0DAC22F5B63421539F8D28DC272C
                                                        SHA-256:ABAFB77AC28C30477AF4D9C3682E42F01DC60D019ACD1579A10DEC4FC6FCA1C6
                                                        SHA-512:6240482279938E56345BBC194F7CAD6AB9B74FB4A4F4763E345D8EE7DDC2DEE763EF0B03BB16043941D88E9A244AB1D98B5CB901365BF5AF27E76352019CF1DE
                                                        Malicious:false
                                                        Preview:.S. .....M..lbH.o.!u.0k.d...1T..d.(..t..-..&o.."..C....c`.X1.i\...e<{..v.1.x..&L^.I+l...........f_..B..Jc.H..}...BKM5.UG.v..h.3Y...<zX..:.7u..].^...#Q.bW.......H..u.QT}......)V......|.*..gMB.".Gut....t.)..qe.G..Y.@...k.-.I.....Za..8I=u....@.E......is/Q...]5y.l.(..wI.efu..`O(.l...8..$...R.....H..... .8....Nx.$:...Hn...W..z..^J.N...[......Snk%..rX....G.... s.._..@..fq....c..\1...q..]W9...wY.y..s....[MCe..}|.am...Y..}...|..!......[.!%...4..>.LWG......6.y ..~p.3K..@.N..p2.K.>..\.'..*L..+....].......L.b....3+.d. .[..$.D...s.Gp.........HGM.b...&?...(x....^=.J.....m3..=...%.J....F.g.5.l...[...!Q....".v............nL....(5@f:8./.rA;.....`i8..7Y .s.,Db...m.&"....?........+..d......(....%/.. e..'...].%Q...Z..0....k.#Ud}"/._$....'x0a(.0]..0Ak.@i..z.r.X..F.\.>...g..f...(....3..rD1...P.\# x.m3..xXm.k...E..k..@..j/;.6.T.&.>p...........d...`.h...d.F.....F4..,..N:...\..3.V..WIx'V.GR?...BP.`..o.....<...Tx...caxp..+a.....6......k.M.6..+%.V;Q.#v.F}oCX.

                                                        C:\Users\user\AppData\Local\Temp\wctEA40.tmp.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):74446
                                                        Entropy (8bit):7.997429742662631
                                                        Encrypted:true
                                                        SSDEEP:1536:rFOIQr6BhNnuLw+qKlZgNGEBbzQwwU/rovAsj+rzFutF:r8mNnow2ZgNGSQw9oj+NA
                                                        MD5:762F6AA5B0187976AB40CF547BF08124
                                                        SHA1:AC01A5C4542AC74DD5E1D15654490D5507C91191
                                                        SHA-256:777F0445ED849A89FC34BAB22629D6EA81A61845CCB1460DDB05E90B8F04CA2E
                                                        SHA-512:F890EF1323092153F71D1CAAA8FC6F47FD89B6EB842A0E52EEB542243A96665E1A7FC994A2CD7218585D033DBBE2C001E728975ABB6CEFECC02CCF8F4D458FCB
                                                        Malicious:true
                                                        Preview:r..d........J..A...2.K;..p..1..E..F.=.#..*c!...J@X*..)"......."....MM..........f.+".~.......[.*^3]h^c.cp9IB" b&.:.T5?......(e(.t.#..?...G..2*.K...?.`U....P.3.*...d..Q.....w.3B..b.........Y...1..../X}".K#..4.. <.Cf8.0.t...a..U<......{.z..;.........M.c`.,J(.~...uu..F}9..b...]RY.vKj U..|N._.....m.......Xz.1.B..7N... C.o.M....`..oq.,>..`.z......\7.J8K.6...E.Rq....z.g..G.qQ}(L..mJ...;.._.h..M.Z....0.(.7,.B..Ix.<.J..F>\.i;...`.#.U_...`F..D.X#...gt...."o;...+.....T.GK..W(..3&\.Q...*.q...7...2..I{.ri...0.Z.>f...%.ju.......d.d.`..E.F..{.+....?.<t.z.(...(d.`...._9+..iD....>.....o.S....P5..!....;1..P.../.;.o.Se.]T.L6.d.?..%.....?7..n9{.wW..-:h...K....K..B..P.......mNP3g.W..A.E;..\..Snl........dP......-.|}....d....x..o.Z.......F..o..AU.'.v....,&.TH..M........).T......q.-.q...Es...3.a.iW..&t...5!@.E..,vx..\.5c.p.......x.Mm..r.....`..X+,....F.|.o...q5Fp.etu.d...E`....G32...t..W1......K....]]..O.Kk.`.x....0..0....."}.W*.....~.(...W.7.e'.gQ.w../..o.Ki.s.......@.m.j..

                                                        C:\Users\user\AppData\Local\Temp\wctF86A.tmp.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):42164840
                                                        Entropy (8bit):7.951924918576688
                                                        Encrypted:false
                                                        SSDEEP:786432:PQNeYDxxMPJy7LQ4NDVdrZy9otg5gGOdjFSNu4GGluUNj56I/G:PQcWxxMPmNRdkB5gGUjMu4pNjLu
                                                        MD5:202D86A33108418069B238E43CF4229B
                                                        SHA1:5EF4BD4B83147E80165C087693F0C54A5DD867B3
                                                        SHA-256:24CF568B978A8D21B1EA3E162468DCFE551BB0AF7C90879EC30618E5D765E852
                                                        SHA-512:99252934F9729135C2C3C0F4238D344679294E2631BCA0536DAE40257122EA205E0D9A283148F8D8E260567F67FF4EB5F1F69AB41451D3F00BDB8E7CE957D2A9
                                                        Malicious:false
                                                        Preview:..\& .w..jQ.`."...y~1...C<.!M..Cp...W....._...q....D.V.?p|QcM..a.@.l....G...+...1..gP.[..XP..s.."..'{..m.5uIT.zI)w]U...6......*.p[:..{c.....=..r.?>.*.....O@.#..}.C.......v..)5.p..].%8......f...]."+...9euh...._<;Q5_.!..O.._..M.E.f#.o....;.J......i....K.2J.'.NR...k.B..h5./...:..LS..;.v..S~U.`.Z..W....l...N(......l..<V.w^)..%kD..g.....Y,U..Tj.z$K./..I.gI.d.vc..x....%.VH......8..2...X....Oi..R.@.cyT..\n...&&....[k..N.Q...vM..Y?.niKtR.~.....J.e(..n..Q.|.4C<A.W.*F.s.S%n..w6..] :.B.be..@&m`n+...@.!M..-...o.p.`.xi(`U(1R..$.]9(...82...\...2&...5.h.d\..qR.\.>.xJ...>.ZB.p.C.T.8/.X$.O9,......,.jKX..^..g...&.....u]o...v....5....m..Y..f.....'.}..m...n.......ws6.....%l .'..h....%.r...H.p.]........C~9.Fw).W.,.T...)]%.vI..m.G.)h...;.}.I.G..7.r.KpMl0....d..9..&u...@.A...O.o...K.C7K/...x;....Q.j....3]..)..j.....o\.=Qn....n.ZV6.V.#i....2t.3./..2S..-..I..n..\..;..y...o#...eGD.....A..{.OT.4...j.]y<.n;.GR..].....Am....xb...5...1<..S+./.Z..X....u.\3....X

                                                        C:\Users\user\AppData\Local\Temp\wmsetup.log.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):938
                                                        Entropy (8bit):7.798831097702224
                                                        Encrypted:false
                                                        SSDEEP:24:uKECU/sG42ui4Qz9B350sZNO9OMk1Z7f6bxPlS:iyQL+s6C7feQ
                                                        MD5:8BF3B93447D5287AF8016777F19D1976
                                                        SHA1:EB62868AB72EF1263912F247F9046C0755D18CDF
                                                        SHA-256:9E7C4036C9BB5C52234247494035E13421105F2BB2B5C917E0280F4F96674BF2
                                                        SHA-512:E028D3CBFDB1788FA351B6EAF86B9205CD216C0C230A0B6FE680A90164E59A1C0542FE0F1AC7746521EFA4572F61FC90DF0D4924FBE2B2EAB9959917034BEA80
                                                        Malicious:false
                                                        Preview:.e..*.(d|,.@=U3t....2]4,..#..d...d....C...=.\...340~.R.xa<1..RJ....'x25...7.K.....:......e.....L&.c..-..)#^>.5.....=z|u...]M,w......Ke.........T&.gC0.R..+.i$...Hx.(.u]>n...ny..icl......).......z..V.wm[............w.d..:.:Z......P..W...->...."...8.Y..*B:..>.\.e+.].......gg.\..p..g.....o_.P....K...E....(}Z.c,%.jI.....7A.zO9.[.g.f.=../.A:Z....~.....z&...p.'..V,]...(8........t@.K..<.I...LrU{.lP.........Ev..'@.* A.^..p.,..Y.2.:....I..:s....^a.....y...P...l/+j.y..._...t..?N.h?|.j......|&,.$.h.@.^-.....H....bk5.....65.<.M........"m..).X.&.6..V..T.??../..:.t..UE.....|....y..LP.n.ugJ.n..Z.US.i....@..|m.]0................."...<Fv}UC....'d$......f..X...^.">.h..p...&cE...g.RZ.W.....N...n.0....,e."._...~[r..>p...Y....E.Dw..W..e. n,.......p]T...S...Y..'..~...S.k....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Local\Temp\{00F7909C-36AE-42DE-953D-757D1DB00B7C}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12824
                                                        Entropy (8bit):7.974776104184905
                                                        Encrypted:false
                                                        SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                        MD5:2628353534C5AD86CBFE57B6616D46DD
                                                        SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                        SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                        SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                        C:\Users\user\AppData\Local\Temp\{02662522-698F-45B5-959E-0EC7B36298AD}.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):6076
                                                        Entropy (8bit):7.969167615336855
                                                        Encrypted:false
                                                        SSDEEP:96:AbnE7s94ksprmA6xmzSxZurAwh62jyYqJk2H7E8lNG58YMNyLiOU1CphMmSjjc2C:Ab6s94kkSA6xmqZuR/+FE8lNGK1+iKpx
                                                        MD5:761CD3FB9D7AC4F0F4694AAB6EABB70B
                                                        SHA1:93E9C6AEF86EE0ADF82BFFD5849394BA30056160
                                                        SHA-256:FA05947926CEC9D6F83D2887707EE3C334B092BF8CC8A593172292C1B8514DE2
                                                        SHA-512:43D32A9B8E5EEB7E595422A3D2F9F6756AA05938C3657954A2AD270A5DA5CBAD41D7CA148CE4607264F60F502887EDF9A56572692A79C38AA93D3491E0B18EDB
                                                        Malicious:false
                                                        Preview:.0I(...M....-.I.g........~.f.r.............H..]/].\......x..R......%.H.....&....[....gy.:."..hA.....B...h.a...m.g{.e.3...e..) ...e.f..X=..!.?=.cVdh.?L...+.....^.1....E.G.8D.R.0..H..V....AD.D..sYSX..{.#W....V2.6.~...p.;~|9./.M.........5/.:......;.,.......W..G_.[.....j.$,.h.3.j.Bu-.D.y5> .....9.b..U.u..}..*.174..O..k.y.Xd.o3..tA....?$.... ..P...g. ...r.H."C..9......k...|.C.1h.>..Z:72.......Tn.:......>.#.$..".g.^.'p..V....?.K.Y....a....Sc....A..O...K..wz......2@4!{..X...!....of...2./].m~eGM.C.L.I..a...O..2.$.H<...;.]......+...hf..{0..8..<..`=<;.......S>.J.....O./t.:.H5..\.44.....\w.......O.3...{.....]j../.d>...o]#....it4.`I<./.X8:..N\..p..,.4.g.z.`.{.*c.^.....#.......gF..$.:......).....19...M.<q..j.a.m.e*..r.....$.}...3T.y.....KU...M<..<A.5...Yr...T.M?.h"F0......4..m...._..7..HR?.Y.`..3.....o=C/l.$.p6.....@FS?G..}.........Z....5>.v...Y....f.itCa...%....VC..p/.....=L...+...I+....{..6.....&>96i.V2E3b..X,F.X...YO....I...3g...{O....

                                                        C:\Users\user\AppData\Local\Temp\{04E225CE-C02D-49FD-8981-7C472E26B96D}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12824
                                                        Entropy (8bit):7.974776104184905
                                                        Encrypted:false
                                                        SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                        MD5:2628353534C5AD86CBFE57B6616D46DD
                                                        SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                        SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                        SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                        C:\Users\user\AppData\Local\Temp\{05DF8F26-DD99-4E76-B40E-106290086E25}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                        Category:dropped
                                                        Size (bytes):36740
                                                        Entropy (8bit):7.48266872907324
                                                        Encrypted:false
                                                        SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                        MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                        SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                        SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                        SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).

                                                        C:\Users\user\AppData\Local\Temp\{0D2347D3-5855-498D-AAAA-FDDA50F142C4}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):53259
                                                        Entropy (8bit):7.651662052139301
                                                        Encrypted:false
                                                        SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                        MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                        SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                        SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                        SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                        C:\Users\user\AppData\Local\Temp\{1176A1C6-FBAC-44CD-9B82-BF9C783EDFB6}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                        Category:dropped
                                                        Size (bytes):65998
                                                        Entropy (8bit):7.671031449942883
                                                        Encrypted:false
                                                        SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                        MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                        SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                        SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                        SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.

                                                        C:\Users\user\AppData\Local\Temp\{129E1563-30C4-45D8-98A0-0F6C493728E7}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):55804
                                                        Entropy (8bit):7.433623355028275
                                                        Encrypted:false
                                                        SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                        MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                        SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                        SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                        SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                        C:\Users\user\AppData\Local\Temp\{139BFC28-947F-45CC-9DE4-AB0FCAEF6E9F}.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):6077
                                                        Entropy (8bit):7.973125081144682
                                                        Encrypted:false
                                                        SSDEEP:96:IfsDUvrlwCQnNcJ/BTkXxbZOUJZmqt1YzeRQin2567isaKm27daF1WyFYRWQnLFX:QswvaRn+TTkh1FJZrYzMH77iX6OU9RWu
                                                        MD5:4909822D5134194AF3B5C0515053A039
                                                        SHA1:633E288D201D00DF06211831E484F4952CDA650F
                                                        SHA-256:9E8EE80DEA4BBC113317304492F4E04DC98B326ADD475E74D46EAF88B6E08CB7
                                                        SHA-512:7C8A1E05037AC138FD13EAF7E42DE64BC831BD50A411B2A0D13D34CA5CF7460BC5D907057D7EEE96ACDC9DEFE8B193ED99978F2CF8CBA1B8600AD91D9D82970F
                                                        Malicious:false
                                                        Preview:5..h.1.... ..zzw'...@.....$X].qi'..?..).......gI....tb{..w.u..r..h..Vy.....I..h{....'Zg....H...j.#.\.|...>.....~..<.(.T~.F-B&..,0.a.tl.r.d..S....LL.2,........I.*..~|.i.....DC-7x...G.....:|!&...y.bY....kw;;..vN...2.0V.......[{3...7.t...J.I!J)[...'.=..>+G T...+oAMi..Q....]X..k...g.U.D{.1.X.....O>.?.....(....c..4^.@..h.,..j%)N..!`...._t.!.(...Tv...[..O.*U.+ .7....b..I4.X...y...j.$]y.u...x._..y...P%.... [.p..7=u..4g o..`0....Gl...{....r..~gIM.!.....A...F.~...p..JKe...e.....i$1..z.......n......h...+~;.....]....o.N.......(..-..]..9...4.B..ck(Z...b....).346........9.......c..#}2m..@+e..J...8.a.(OVs..sm.t.B.h.c+.}..].{..Q.5k..<.oM.... R.<A....3ceI-W^N.w.z...s7N.)..;q-..M.~x.8..u*../#^".F.....r..\...\..Q.........QY......i.#a...K4.....oT._a}n.a..B......T..........H...m6j.....$.C..J..S.......a.|B.W.......M.E.....#..JU.|.\P.K.....Y.$:..Z.`.....b.!s\...&...O....h..)*...D(.6..X].C...V........j....Q.N....-0.......&.f.~..bwG...f.p.?$..3........)..=

                                                        C:\Users\user\AppData\Local\Temp\{17555EEA-D787-4D22-A748-93E5A536483E}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                        Category:dropped
                                                        Size (bytes):242903
                                                        Entropy (8bit):7.944495275553473
                                                        Encrypted:false
                                                        SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                        MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                        SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                        SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                        SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r

                                                        C:\Users\user\AppData\Local\Temp\{1C24B0B8-E859-4D2E-9C5A-A9AF7ED40B4B}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                        Category:dropped
                                                        Size (bytes):24268
                                                        Entropy (8bit):6.946124661664625
                                                        Encrypted:false
                                                        SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                        MD5:3CD906D179F59DDFA112510C7E996351
                                                        SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                        SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                        SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                        C:\Users\user\AppData\Local\Temp\{20DFF0D3-A03B-4185-8653-CF1A4E8774F7}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):109698
                                                        Entropy (8bit):7.954100577911302
                                                        Encrypted:false
                                                        SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                        MD5:8D804A60E86627383BED6280ED62F1CF
                                                        SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                        SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                        SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.

                                                        C:\Users\user\AppData\Local\Temp\{251B1BFF-B0A0-457D-89E9-D7F367FF5EE8}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                        Category:dropped
                                                        Size (bytes):2695
                                                        Entropy (8bit):7.434963358385164
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                        MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                        SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                        SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                        SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.

                                                        C:\Users\user\AppData\Local\Temp\{27888DC9-3B9D-4E9B-B5C9-73757FF18E5F}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):79656
                                                        Entropy (8bit):7.966459570826366
                                                        Encrypted:false
                                                        SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                        MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                        SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                        SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                        SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P

                                                        C:\Users\user\AppData\Local\Temp\{2937AEF9-F9BC-4006-AFF9-D04062B9266F}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):10056
                                                        Entropy (8bit):7.956064700093514
                                                        Encrypted:false
                                                        SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                        MD5:E1B57A8851177DD25DC05B50B904656A
                                                        SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                        SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                        SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-

                                                        C:\Users\user\AppData\Local\Temp\{29D85146-8F33-418E-9CB9-9BBABEB27360}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):25622
                                                        Entropy (8bit):7.058784902089801
                                                        Encrypted:false
                                                        SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                        MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                        SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                        SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                        SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                        C:\Users\user\AppData\Local\Temp\{2B9B0FFA-B629-4B1F-8158-8939E7592189}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):14177
                                                        Entropy (8bit):5.705782002886174
                                                        Encrypted:false
                                                        SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                        MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                        SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                        SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                        SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                        C:\Users\user\AppData\Local\Temp\{2CC324D3-4226-4DC4-8B86-C307F78E3BB3}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):515
                                                        Entropy (8bit):6.740133870626016
                                                        Encrypted:false
                                                        SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                        MD5:E96BE30D892A5412CF262FEE652921CA
                                                        SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                        SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                        SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.

                                                        C:\Users\user\AppData\Local\Temp\{2D06D598-BFFA-4665-B453-F1BCBED50422}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):4410
                                                        Entropy (8bit):7.857636973514526
                                                        Encrypted:false
                                                        SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                        MD5:2494381A1ACDC83843B912CFCDE5643B
                                                        SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                        SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                        SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.

                                                        C:\Users\user\AppData\Local\Temp\{2F1A57D0-AEF4-4750-971A-4B01AC86FAE1}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):1569
                                                        Entropy (8bit):7.583832946136897
                                                        Encrypted:false
                                                        SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                        MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                        SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                        SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                        SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...

                                                        C:\Users\user\AppData\Local\Temp\{300091C9-114C-43DE-9BFD-E5E2B3E86166}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                        Category:dropped
                                                        Size (bytes):3361
                                                        Entropy (8bit):7.619405839796034
                                                        Encrypted:false
                                                        SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                        MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                        SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                        SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                        SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.

                                                        C:\Users\user\AppData\Local\Temp\{340E551F-6881-4BC4-A440-67D4D9631A30}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):86187
                                                        Entropy (8bit):7.951356272886186
                                                        Encrypted:false
                                                        SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                        MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                        SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                        SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                        SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._

                                                        C:\Users\user\AppData\Local\Temp\{367F9E1B-645F-4FFF-9C4C-F895E8A611BD}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):11043
                                                        Entropy (8bit):7.96811228801767
                                                        Encrypted:false
                                                        SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                        MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                        SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                        SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                        SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                        Malicious:false
                                                        Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)

                                                        C:\Users\user\AppData\Local\Temp\{37ADCF02-90E8-48CA-9C87-805141B72049}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                        Category:dropped
                                                        Size (bytes):140755
                                                        Entropy (8bit):7.9013245181576695
                                                        Encrypted:false
                                                        SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                        MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                        SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                        SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                        SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.

                                                        C:\Users\user\AppData\Local\Temp\{39E4B34C-9C13-44A0-B8B3-7F1893D52B26}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):15740
                                                        Entropy (8bit):6.0674556182683945
                                                        Encrypted:false
                                                        SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                        MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                        SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                        SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                        SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                        C:\Users\user\AppData\Local\Temp\{3A8BFC09-766D-4764-98DC-CEB4BACACEA6}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):136726
                                                        Entropy (8bit):7.973487854173386
                                                        Encrypted:false
                                                        SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                        MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                        SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                        SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                        SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@

                                                        C:\Users\user\AppData\Local\Temp\{3B29B46B-A692-48BE-B171-BDD3C4A7CE61}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):25622
                                                        Entropy (8bit):7.058784902089801
                                                        Encrypted:false
                                                        SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                        MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                        SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                        SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                        SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                        C:\Users\user\AppData\Local\Temp\{3C737208-1AE1-412F-A027-50E1DBB1D536}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):32656
                                                        Entropy (8bit):3.9517299510231485
                                                        Encrypted:false
                                                        SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                        MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                        SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                        SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                        SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                        Malicious:false
                                                        Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                        C:\Users\user\AppData\Local\Temp\{3EA46DD0-9A0B-4E9A-AE76-31CD179E0BFD}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                        Category:dropped
                                                        Size (bytes):52912
                                                        Entropy (8bit):7.679147474806877
                                                        Encrypted:false
                                                        SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                        MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                        SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                        SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                        SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..

                                                        C:\Users\user\AppData\Local\Temp\{45AEFB37-523B-4A10-AA78-9A412DB4892A}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                        Category:dropped
                                                        Size (bytes):70028
                                                        Entropy (8bit):7.742089280742944
                                                        Encrypted:false
                                                        SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                        MD5:EC7811912ACA47F6AEB912469761D70D
                                                        SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                        SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                        SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).

                                                        C:\Users\user\AppData\Local\Temp\{46E361F1-B159-4D5B-9596-28F1A415461F}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):5136
                                                        Entropy (8bit):7.622045262603241
                                                        Encrypted:false
                                                        SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                        MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                        SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                        SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                        SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\{4A1756C0-19FF-4D7A-8E3B-D02BCC233712}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):40035
                                                        Entropy (8bit):7.360144465307449
                                                        Encrypted:false
                                                        SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                        MD5:B1DDD365D87605F96D72042CB56572F6
                                                        SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                        SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                        SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.

                                                        C:\Users\user\AppData\Local\Temp\{4CF2717B-41CB-41C8-A122-90F6EA496938}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):39010
                                                        Entropy (8bit):7.362726513389497
                                                        Encrypted:false
                                                        SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                        MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                        SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                        SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                        SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                        C:\Users\user\AppData\Local\Temp\{554D933D-4845-4799-A941-02C31F056162}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                        Category:dropped
                                                        Size (bytes):4819
                                                        Entropy (8bit):7.874649683222419
                                                        Encrypted:false
                                                        SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                        MD5:5D6C1F361BC04403555BE945E28E53FC
                                                        SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                        SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                        SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.

                                                        C:\Users\user\AppData\Local\Temp\{5871238D-BEB9-464A-931F-701C8F0FFB10}.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):6078
                                                        Entropy (8bit):7.968870000891559
                                                        Encrypted:false
                                                        SSDEEP:96:UlJP2gfWgTC/Vs/UuqVqnRlfNgiSb7O9oBsdpuzSRkg58oZ0fREpjIcnfeQ:w2ItTxTqAnRlfN0O9oBs/ugk0Z0fOLF
                                                        MD5:CEF4BF2E7BDE8B3A8DB95509A8750C18
                                                        SHA1:65D2ADF5130A3FBC0C59C6B829FF1D3836ED8C69
                                                        SHA-256:FEF9920BCED26BB8F890AFB9A7B19B9DD074389593903EC62285F5AB625E30B4
                                                        SHA-512:7A4148CD0CFF54DBFEE524BFC6882354A5C50915AD00D7F187E265A8963E6978417163703BE550008A5B0D36BE30F3E03E020D4B06551F41D3573D8FCE42FD5F
                                                        Malicious:false
                                                        Preview:.".R..".~..#g{.")t2........w.......U.z|.>2pb....47%|.....Z.#..+C.!t.0=.+..ew.....H.cV.]..y..E....T..tD..G.`..O.s.i=K.o.......'..[axI.aZ8.cic.......g..l..MW..i8.bhYO.u....f..PGf\E.....RD.B;T.z3.I.-D.^,#.:M#.2...._...GJP...C,..l<_..|..@.bN....Z.,....:.Tn..O......n.7....x.m..<......@3......R.2#KtS.....{O......QI.n.z.v....fP.ik...........t].W'..}.....-6...(P..V_."T,.P'=.F.E95>.i..2.....5..... .4&`.,.AR.Q...<..5.O55...N..ul...RsNm:&.*...A.../.l#.E.+._.....@_?.8.......@..$....^.}. R.DJH.rB.....{.Q..%.6?.6..2..y.|3.'...<.]...v...-.7..B.@+......cd".q...B.y.o2..p..b...M.|.{.........w.H....i.n.7r...&..e.GP.q4.8..&.=...A.e!=4V$B.pLF...f..O82....$/....t#p...z.bd...|.y...%USE.*...<.2....<.......1....v...j.....@osc>..".Sa..Y..{w.T..%.[Cx<.R..g..Wk..%.).:..+..F...2.]*..w.~..5..c.......Hv.E[R...+.{/#.1...u\0p.../....pn.y......-eTE:~.a.f.R;NO99.gA.#..~..g.Y........8A....._....J.....P.."N....3......M@..\..O....t...3.T+_.]a....dC....|.....,(.C.3.&kt...Q.}...

                                                        C:\Users\user\AppData\Local\Temp\{5A89B62F-FBF3-4086-BC0B-4B81FF7B29AC}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                        Category:dropped
                                                        Size (bytes):59832
                                                        Entropy (8bit):7.308211468398169
                                                        Encrypted:false
                                                        SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                        MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                        SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                        SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                        SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                        C:\Users\user\AppData\Local\Temp\{5F969F84-5F34-4AF8-8D36-D6D6A1668750}.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):6072
                                                        Entropy (8bit):7.972764511836205
                                                        Encrypted:false
                                                        SSDEEP:96:dq610zRQau0o1MFtmFvBrcxacafKyaw2wReTkkmn9p2n6owUTyp/IRFOZWl2teQ:dqBKa9o1MHm1dVcoKvFmxXnrCSIHOTtF
                                                        MD5:9049D71FF036CF4EFBD9C7C0A80E9295
                                                        SHA1:E3B498FB5CF8E9498CD113D6AC239354D110C07A
                                                        SHA-256:F4A2FD8E6E9DBFB4BEBB237EAA1D2799FAE2619E2154E56986172A3EC1A70BFC
                                                        SHA-512:DDFB1A89C2852EF86C44CCA5A4D904F99B661F34E13D560D7702E919C29ADA290E04C78E36EBD4A709D61B1911125105FB31FE1A8F3E2E7FB70221C4BF39EC29
                                                        Malicious:false
                                                        Preview:..eCw...U....5.z...2.Y.p@f.o..)Y......^...}..5.w/.V.r.vVT...mZb...4f...............&.7|;.....<....r....I....6C....K..G.....z.....Y8s#..]......!..jm.O.......7.i.U..\O.y....~....X.......TH.#}.1......>....N?...f2.j... %...xsI.......(cr..]e.....?{.(..Wc.....a^.....me..[..Q..m.,....'Dc..q.....v....}y.}.o.\.T......F.....-*..g~...+z..!.J.[........9..2..P.sF...l6..........P.(...........n....5CG...S.).^.....R.Uy.FD.....r...qa.{..l.[f...O.,3Y..VL.k5.jo..:6.Z\.2........h<.by...e..>..i...u.z.Z%.[B&...._=..YK..I..5.SG%x...Qv..%Z...A?8..P.B.|.I.4.UG.2l...a.AeT..++...."...g.....(j..E...Z......T....scKd I''...G..>w.Q.#e.F....&\.].[s;Qj{...-H...x..RA..!Mo.N..N.Z....Y...Pa.....B.u.2..$c.-.WH........iw..T.]....r.1..@.As..M2...N....aJ.t....o..L..L....p.A^./fj..N.n5.G....)..,h....k...8..(n.`. ...[.[p.>..Jo..t.g..._v....QhU..%S.2..X[D.....,0r.ab.1...3j.......S...\.U.r2.j.G../R&.I...&.#4...x..M.FR.U.....T....m ....f..Sa........T[.......H..)...6..(.J.}.9..K

                                                        C:\Users\user\AppData\Local\Temp\{5FDB6493-D269-44CA-9819-79B639D621A7}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):67991
                                                        Entropy (8bit):7.870481231782746
                                                        Encrypted:false
                                                        SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                        MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                        SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                        SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                        SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.

                                                        C:\Users\user\AppData\Local\Temp\{65E68552-D263-44AF-9B35-0BF656084DDA}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                        Category:dropped
                                                        Size (bytes):2268
                                                        Entropy (8bit):7.384274251000273
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                        MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                        SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                        SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                        SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v

                                                        C:\Users\user\AppData\Local\Temp\{66B87DEE-14DB-4260-BF3E-A4B7357BA677}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                        Category:dropped
                                                        Size (bytes):22203
                                                        Entropy (8bit):6.977175130747846
                                                        Encrypted:false
                                                        SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                        MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                        SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                        SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                        SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                        C:\Users\user\AppData\Local\Temp\{67E9422D-198A-4561-8E9E-19FCD5C8ECFB}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):347
                                                        Entropy (8bit):6.85024426015615
                                                        Encrypted:false
                                                        SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                        MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                        SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                        SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                        SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.

                                                        C:\Users\user\AppData\Local\Temp\{6D7544C5-33B5-4565-B35C-48E7EE5F47C1}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                        Category:dropped
                                                        Size (bytes):12654
                                                        Entropy (8bit):7.745439197485533
                                                        Encrypted:false
                                                        SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                        MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                        SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                        SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                        SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep

                                                        C:\Users\user\AppData\Local\Temp\{6DEFB54A-BCCF-4BCF-8501-C38E58EBF9ED}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):1547
                                                        Entropy (8bit):6.4194805172468286
                                                        Encrypted:false
                                                        SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                        MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                        SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                        SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                        SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .

                                                        C:\Users\user\AppData\Local\Temp\{6F6CE515-BC56-4005-9680-47B400AA15D4}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):40884
                                                        Entropy (8bit):7.545929039957292
                                                        Encrypted:false
                                                        SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                        MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                        SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                        SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                        SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                        C:\Users\user\AppData\Local\Temp\{70083709-ED67-4AD2-9B2B-9C66F6B01ECA}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):33032
                                                        Entropy (8bit):2.941351060644542
                                                        Encrypted:false
                                                        SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                        MD5:ACF4A9F470281F475EA45E113E9FB009
                                                        SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                        SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                        SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                        Malicious:false
                                                        Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?

                                                        C:\Users\user\AppData\Local\Temp\{72B2CE4C-8908-458C-8D08-BC45CBD639AB}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):65589
                                                        Entropy (8bit):7.960181939300061
                                                        Encrypted:false
                                                        SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                        MD5:8B48DA9F89264D14B83FF9969F869577
                                                        SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                        SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                        SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.

                                                        C:\Users\user\AppData\Local\Temp\{78030068-F79E-4F7D-A73C-754228D0356F}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                        Category:dropped
                                                        Size (bytes):22203
                                                        Entropy (8bit):6.977175130747846
                                                        Encrypted:false
                                                        SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                        MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                        SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                        SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                        SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                        C:\Users\user\AppData\Local\Temp\{7DBD80C2-773C-4B2C-97C2-4AA866E07BC7}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                        Category:dropped
                                                        Size (bytes):24268
                                                        Entropy (8bit):6.946124661664625
                                                        Encrypted:false
                                                        SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                        MD5:3CD906D179F59DDFA112510C7E996351
                                                        SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                        SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                        SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                        C:\Users\user\AppData\Local\Temp\{811963DF-A201-4C20-BE6C-2500BD8AAA8C}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12180
                                                        Entropy (8bit):5.318266117301791
                                                        Encrypted:false
                                                        SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                        MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                        SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                        SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                        SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                        Malicious:false
                                                        Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%

                                                        C:\Users\user\AppData\Local\Temp\{8281D11D-AE10-46DD-B7E0-F1969D623257}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):32656
                                                        Entropy (8bit):3.9517299510231485
                                                        Encrypted:false
                                                        SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                        MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                        SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                        SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                        SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                        Malicious:false
                                                        Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                        C:\Users\user\AppData\Local\Temp\{8347F72D-77D5-4531-A9F3-3DE7DC8DC8E2}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                        Category:dropped
                                                        Size (bytes):1873
                                                        Entropy (8bit):7.534961703340853
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                        MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                        SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                        SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                        SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-

                                                        C:\Users\user\AppData\Local\Temp\{8AA733BD-75C6-41E6-BB85-57B20C624C0F}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                        Category:dropped
                                                        Size (bytes):3009
                                                        Entropy (8bit):7.493528353751471
                                                        Encrypted:false
                                                        SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                        MD5:D9BD80D40B458EDB2A318F639561579A
                                                        SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                        SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                        SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....

                                                        C:\Users\user\AppData\Local\Temp\{9D84A236-CB39-45C3-A3EC-C7FD1686CE8C}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                        Category:dropped
                                                        Size (bytes):84097
                                                        Entropy (8bit):7.78862495530604
                                                        Encrypted:false
                                                        SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                        MD5:37EED97290E8ECB46A576C84F0810568
                                                        SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                        SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                        SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .

                                                        C:\Users\user\AppData\Local\Temp\{A21E30C7-CD00-4E23-9558-EFDA61332664}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                        Category:dropped
                                                        Size (bytes):129887
                                                        Entropy (8bit):7.8877849553452695
                                                        Encrypted:false
                                                        SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                        MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                        SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                        SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                        SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN

                                                        C:\Users\user\AppData\Local\Temp\{A239D576-15DB-412C-A77C-AB8DC2B83901}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):39010
                                                        Entropy (8bit):7.362726513389497
                                                        Encrypted:false
                                                        SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                        MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                        SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                        SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                        SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                        C:\Users\user\AppData\Local\Temp\{A33B07D7-E1B6-48D7-83CE-607BC93A4EDD}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):2104
                                                        Entropy (8bit):7.252780160030615
                                                        Encrypted:false
                                                        SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                        MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                        SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                        SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                        SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....

                                                        C:\Users\user\AppData\Local\Temp\{A510E7DB-48C5-4990-9F9E-E36A34645426}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                        Category:dropped
                                                        Size (bytes):3555
                                                        Entropy (8bit):7.686253071499049
                                                        Encrypted:false
                                                        SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                        MD5:8A5444524F467A45A5A10245F89C855A
                                                        SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                        SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                        SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m

                                                        C:\Users\user\AppData\Local\Temp\{A9068A28-DE83-4225-AB1B-8BA9A8CC1121}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):12824
                                                        Entropy (8bit):7.974776104184905
                                                        Encrypted:false
                                                        SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                        MD5:2628353534C5AD86CBFE57B6616D46DD
                                                        SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                        SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                        SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                        Malicious:false
                                                        Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                        C:\Users\user\AppData\Local\Temp\{A9D210A4-FE8A-4C64-9C4E-2087011AFB02}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):179460
                                                        Entropy (8bit):7.979020171518325
                                                        Encrypted:false
                                                        SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                        MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                        SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                        SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                        SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.

                                                        C:\Users\user\AppData\Local\Temp\{B07FF8DD-724F-4807-A5C2-998B357214A6}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                        Category:dropped
                                                        Size (bytes):29187
                                                        Entropy (8bit):7.971308326749753
                                                        Encrypted:false
                                                        SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                        MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                        SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                        SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                        SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;

                                                        C:\Users\user\AppData\Local\Temp\{B112109A-0945-4257-88B0-EF745F6A7A85}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):11197
                                                        Entropy (8bit):7.975073010774664
                                                        Encrypted:false
                                                        SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                        MD5:DDC3CC30794277500EFE4BC6667EC123
                                                        SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                        SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                        SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b

                                                        C:\Users\user\AppData\Local\Temp\{B27AF2B8-5C47-4B22-B48B-289433794E7B}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                        Category:dropped
                                                        Size (bytes):32656
                                                        Entropy (8bit):3.9517299510231485
                                                        Encrypted:false
                                                        SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                        MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                        SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                        SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                        SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                        Malicious:false
                                                        Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                        C:\Users\user\AppData\Local\Temp\{B2D8DA2B-38CF-4475-8837-1716AE0C60F1}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):2033
                                                        Entropy (8bit):6.8741208714657
                                                        Encrypted:false
                                                        SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                        MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                        SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                        SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                        SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z

                                                        C:\Users\user\AppData\Local\Temp\{B428EC84-0A79-4A55-BEEA-EE223032B26E}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                        Category:dropped
                                                        Size (bytes):27862
                                                        Entropy (8bit):7.238903610770013
                                                        Encrypted:false
                                                        SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                        MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                        SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                        SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                        SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                        C:\Users\user\AppData\Local\Temp\{B69DB4DB-BB5C-4345-99DF-4A61CDA9FB29}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):40884
                                                        Entropy (8bit):7.545929039957292
                                                        Encrypted:false
                                                        SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                        MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                        SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                        SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                        SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                        C:\Users\user\AppData\Local\Temp\{B9A70756-7F19-4721-B52C-775807135970}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):34299
                                                        Entropy (8bit):7.247541176493898
                                                        Encrypted:false
                                                        SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                        MD5:E9C52A7381075E4EBC59296F96C79399
                                                        SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                        SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                        SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...

                                                        C:\Users\user\AppData\Local\Temp\{BA25ED98-22C6-45FF-AF80-25B442515D3B}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                        Category:dropped
                                                        Size (bytes):2266
                                                        Entropy (8bit):5.563021222358941
                                                        Encrypted:false
                                                        SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                        MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                        SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                        SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                        SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G

                                                        C:\Users\user\AppData\Local\Temp\{BA2D1D32-EA88-4862-991E-23BAF0D53F96}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):52945
                                                        Entropy (8bit):7.6490972666456765
                                                        Encrypted:false
                                                        SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                        MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                        SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                        SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                        SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                        C:\Users\user\AppData\Local\Temp\{BE3E713F-5E63-402C-8C01-EB2B4623698B}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                        Category:dropped
                                                        Size (bytes):3428
                                                        Entropy (8bit):7.766473352510893
                                                        Encrypted:false
                                                        SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                        MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                        SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                        SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                        SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.

                                                        C:\Users\user\AppData\Local\Temp\{C3CFFC92-8266-4752-B9FC-61D6BFA74240}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                        Category:dropped
                                                        Size (bytes):2898
                                                        Entropy (8bit):7.551512280854713
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                        MD5:7C7D9922101488124D2E4666709198AC
                                                        SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                        SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                        SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H

                                                        C:\Users\user\AppData\Local\Temp\{C5653280-81B4-4EB0-A6AB-519F57B879C0}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):41893
                                                        Entropy (8bit):7.52654558351485
                                                        Encrypted:false
                                                        SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                        MD5:F25427EFECFEE786D5A9F630726DD140
                                                        SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                        SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                        SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                        C:\Users\user\AppData\Local\Temp\{C87DB444-FF1C-4219-8F65-A08843663B95}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):60924
                                                        Entropy (8bit):7.758472758205366
                                                        Encrypted:false
                                                        SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                        MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                        SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                        SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                        SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................

                                                        C:\Users\user\AppData\Local\Temp\{CF449BD9-AAB5-4F95-8962-5DC2956F4C9D}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):19920
                                                        Entropy (8bit):7.987696084459766
                                                        Encrypted:false
                                                        SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                        MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                        SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                        SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                        SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..

                                                        C:\Users\user\AppData\Local\Temp\{D0B983C8-AD18-47BB-AD7F-332237AC78B3}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                        Category:dropped
                                                        Size (bytes):784
                                                        Entropy (8bit):6.962539208465222
                                                        Encrypted:false
                                                        SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                        MD5:14105A831FE32590E52C2E2E41879624
                                                        SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                        SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                        SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................

                                                        C:\Users\user\AppData\Local\Temp\{D2377890-9176-45C2-AA68-974C01D6AC13}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):977
                                                        Entropy (8bit):7.231269197132181
                                                        Encrypted:false
                                                        SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                        MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                        SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                        SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                        SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.

                                                        C:\Users\user\AppData\Local\Temp\{D35D375F-B16E-4F11-B312-FC966BD8D79C}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                        Category:dropped
                                                        Size (bytes):64118
                                                        Entropy (8bit):7.742974333356952
                                                        Encrypted:false
                                                        SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                        MD5:864EEA0336F8628AE4A1ED46D4406807
                                                        SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                        SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                        SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v

                                                        C:\Users\user\AppData\Local\Temp\{D76008B8-3C1B-45A6-B4A8-0B50C7B0CB4A}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):647
                                                        Entropy (8bit):6.854433034679255
                                                        Encrypted:false
                                                        SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                        MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                        SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                        SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                        SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.

                                                        C:\Users\user\AppData\Local\Temp\{D9E473E2-653B-4FB4-B38F-D9636DE2254B}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                        Category:dropped
                                                        Size (bytes):59832
                                                        Entropy (8bit):7.308211468398169
                                                        Encrypted:false
                                                        SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                        MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                        SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                        SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                        SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                        C:\Users\user\AppData\Local\Temp\{DED2407C-8BC7-4445-BB33-9D56608D872E}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):55804
                                                        Entropy (8bit):7.433623355028275
                                                        Encrypted:false
                                                        SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                        MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                        SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                        SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                        SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                        C:\Users\user\AppData\Local\Temp\{E049DDDB-499D-46A3-A9F0-3343F967B2D0}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):59707
                                                        Entropy (8bit):7.858445368171059
                                                        Encrypted:false
                                                        SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                        MD5:47ADB0DF6FDA756920225A099B722322
                                                        SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                        SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                        SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.

                                                        C:\Users\user\AppData\Local\Temp\{E2A6ACC0-6E92-40AA-8026-0824922E5FBE}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):84941
                                                        Entropy (8bit):7.966881945560921
                                                        Encrypted:false
                                                        SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                        MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                        SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                        SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                        SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t

                                                        C:\Users\user\AppData\Local\Temp\{E2BB0903-C126-47DE-A6E3-8E217AC14A02}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                        Category:dropped
                                                        Size (bytes):68633
                                                        Entropy (8bit):7.709776384921022
                                                        Encrypted:false
                                                        SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                        MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                        SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                        SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                        SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                        C:\Users\user\AppData\Local\Temp\{E4184D9B-DE7E-4A72-A9BF-7663805899BB}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):47294
                                                        Entropy (8bit):7.497888607667405
                                                        Encrypted:false
                                                        SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                        MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                        SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                        SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                        SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....

                                                        C:\Users\user\AppData\Local\Temp\{E982B334-82B1-4B1D-9484-C3090576F531}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                        Category:dropped
                                                        Size (bytes):68633
                                                        Entropy (8bit):7.709776384921022
                                                        Encrypted:false
                                                        SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                        MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                        SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                        SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                        SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                        C:\Users\user\AppData\Local\Temp\{EBAB2686-9D7B-42C9-A89B-54016439E0B6}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):52945
                                                        Entropy (8bit):7.6490972666456765
                                                        Encrypted:false
                                                        SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                        MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                        SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                        SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                        SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                        C:\Users\user\AppData\Local\Temp\{EC7FB443-BF89-4E86-A9BE-7B6110B34626}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):41893
                                                        Entropy (8bit):7.52654558351485
                                                        Encrypted:false
                                                        SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                        MD5:F25427EFECFEE786D5A9F630726DD140
                                                        SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                        SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                        SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                        C:\Users\user\AppData\Local\Temp\{ED6AFB1D-468B-47F9-8399-AA9223854E12}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                        Category:dropped
                                                        Size (bytes):27862
                                                        Entropy (8bit):7.238903610770013
                                                        Encrypted:false
                                                        SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                        MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                        SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                        SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                        SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                        C:\Users\user\AppData\Local\Temp\{F00895AD-20C9-4E91-8B62-F1EE9E492757}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):95763
                                                        Entropy (8bit):7.931689087616878
                                                        Encrypted:false
                                                        SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                        MD5:177DD42CA99CAA2CCBF2974221680334
                                                        SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                        SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                        SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.

                                                        C:\Users\user\AppData\Local\Temp\{F1D1AB73-4939-4965-850B-416C36882217}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):53259
                                                        Entropy (8bit):7.651662052139301
                                                        Encrypted:false
                                                        SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                        MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                        SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                        SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                        SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                        C:\Users\user\AppData\Local\Temp\{F3D80F58-4B21-40AF-8828-1753CD926647}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):827
                                                        Entropy (8bit):7.23139555596658
                                                        Encrypted:false
                                                        SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                        MD5:3E675D61F588462FB452342B14BCF9C0
                                                        SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                        SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                        SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.

                                                        C:\Users\user\AppData\Local\Temp\{F4378CF8-B18E-4790-B5FB-ADB2AD5570C9}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):15740
                                                        Entropy (8bit):6.0674556182683945
                                                        Encrypted:false
                                                        SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                        MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                        SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                        SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                        SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                        C:\Users\user\AppData\Local\Temp\{F4B29680-E065-43E4-A523-7A544007FCEB}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                        Category:dropped
                                                        Size (bytes):14177
                                                        Entropy (8bit):5.705782002886174
                                                        Encrypted:false
                                                        SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                        MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                        SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                        SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                        SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                        Malicious:false
                                                        Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                        C:\Users\user\AppData\Local\Temp\{F5FB9468-1713-4BA9-BB19-6C93B1DD2F70}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):99293
                                                        Entropy (8bit):7.9690121496708555
                                                        Encrypted:false
                                                        SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                        MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                        SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                        SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                        SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                        Malicious:false
                                                        Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..

                                                        C:\Users\user\AppData\Local\Temp\{F5FDDEE8-88CF-4681-8F4A-D6E863C2ABB7}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                        Category:dropped
                                                        Size (bytes):1717
                                                        Entropy (8bit):7.154087739587035
                                                        Encrypted:false
                                                        SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                        MD5:943371B39CA847674998535110462220
                                                        SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                        SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                        SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                        Malicious:false
                                                        Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.

                                                        C:\Users\user\AppData\Local\Temp\{F84DD0BB-815C-4D4E-BA52-4813AA93AF44}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                        Category:dropped
                                                        Size (bytes):5465
                                                        Entropy (8bit):7.79401348966645
                                                        Encrypted:false
                                                        SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                        MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                        SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                        SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                        SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w

                                                        C:\Users\user\AppData\Local\Temp\{FF964046-741F-4FC8-94A7-F007A809F2A5}

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                        Category:dropped
                                                        Size (bytes):11040
                                                        Entropy (8bit):7.929583162638891
                                                        Encrypted:false
                                                        SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                        MD5:02775A1E41CF53AC771D820003903913
                                                        SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                        SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                        SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                        Malicious:false
                                                        Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):256
                                                        Entropy (8bit):7.15108081042011
                                                        Encrypted:false
                                                        SSDEEP:6:uzk0OIdDEivHmlrTJMf61aBDE6txWw+DdP9l49aUSnW:ik0OIdDEi6rTCf61a+6KxPlu6nW
                                                        MD5:3664A06A0D3DC26CF438DCB2BC879890
                                                        SHA1:AD7E6B7D3CEB1406CCE8F342C43833DBF6161CB6
                                                        SHA-256:5E76719E6E2DC1E69E793F4D5DC00F8D30574B0D0BAA76642D0B27D39338B40E
                                                        SHA-512:EC8061AC8C6ED754AE867CA9E98BB0B0B86ACC54BC5A70FFE84AC0002DE11A956EAF699E1ADBC55A553C0BCE59BE71F42DD60E8BA3B9F36657424B794FBE014F
                                                        Malicious:false
                                                        Preview:.f...(../.......3&.....&.E.."g.Va...x.9.^{L...m.0..../........9...Y..:h.....v..z.z+.p.....E......4.....<.}..r=R..6d....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):266
                                                        Entropy (8bit):7.229763732347289
                                                        Encrypted:false
                                                        SSDEEP:6:PFmian8GKIvw2RsmUKbBFGdWEqKjf61aBDE6txWw+DdP9l49aUSnW:P1an8GKEwqsGeUELjf61a+6KxPlu6nW
                                                        MD5:B539138C5EB1AE24885E23C919A7B6B9
                                                        SHA1:0BFD88C57B2D53AB39893CFC839A971E11CA41BC
                                                        SHA-256:BFAA01A0F3585DE1EEF271875EDE8B43A91DCD71CD3D2B26F569D7DCEDAF0069
                                                        SHA-512:8C74181229992C2A15853FD072978C5A800475CC545343743D868DF14DDF727C3B61AA5374F83B2898C511D644F8949C890153054274567A05F85C444F98141A
                                                        Malicious:false
                                                        Preview:.V.o.a.C.P.K.......Ti.R...&.E..5g.Vt....^.-2N...n.b..../f.".\..1..Ww-..&T......\u....vE.....\?...U.-ay.N*c..83.+...I..vM.Y.l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):67083
                                                        Entropy (8bit):7.996918120231756
                                                        Encrypted:true
                                                        SSDEEP:1536:RloQVpgh4+JtJ3pYkxiFt9L+tL8Wi0kvovHyuuF:RBVOPJ3pYsiL5+tL8J0DvH/g
                                                        MD5:D9154F822133606AD393BBCC9267EBCB
                                                        SHA1:163FE63E2EFE95A8D04CFE2B3C523DA4E3D78216
                                                        SHA-256:981916E6B2C6E0BCCD21401ED79ADBDDB0E371BB4CE16CCE715219D5173C698B
                                                        SHA-512:2220975349F21FB5E7D327FE444C26C9AF37A0F2C0C7001B3F7B6A71E29729BFDEBBB7E4CF6E0CEBEAA87ADD05C4C84D9B8CFE626FBAC737D109F67F3A3B895A
                                                        Malicious:true
                                                        Preview:.D......K.US.@.v...>...q.Ks.nA.7h.c...T..*......tE.....U..O.....fKR..L....s..Ep.....*...OL+.,\../.;m.u..~./..l.....E.F.F2K.#..ZP[..I.."..V.......th...Wi.>..Z...v...$..2.<.*..#...5...3q..K....:....N.yX$.....yh...z.Q...e.I.v.B#...m..0...eKG@...=.H..*.-..yc...(B..,.9...H....T...cI....Y..... ..$..b1.}.JT..f=.>...Y.....K.......-...4.....@/....C..&f...*h..R ......../7..b0.X.GA..A...a.=.}.....n+..4D...Z....<.r....qM.....9Q...j.......Jm.J.PV.....p.^...e8L.As.Hb....c..#......).h.d..8Ai../-,t0....DP=..+...9....o..Y.._(;.{.O0......r....~}\...R...,.|...Os..&."......Q.ll.~..6.W.k...<.......dt..5.....#.+w..zu$/4...F.&... .X`e._.Q.d..M........Y..ka.fR...5.p...Kw..6...=.......0D.[..P...tc.]..7.oe.".j.....+...y.......`..i.....2t.{./.`........MEZ.@.>.9...@..@.'k.'...C.3a*..EL.k.)....@.gv[.....a.r.(4.....WjX.....By....ck.B.. o...P.TC..j....".$.i...T.QP.G..G+..AIc.o..M.....).I......IL.Uq..R..e.=.e.....`..-x.R...i1.a.......$....*....x.i8...-....X.....M.*.".I...

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1017
                                                        Entropy (8bit):7.826486764917359
                                                        Encrypted:false
                                                        SSDEEP:24:qSw30aLEWjBFjIsq2dLRrT0owFGOCQR9f6bxPlS:qSjOEwzIQlP0DFGOV9feQ
                                                        MD5:86784B62692DE765237FB308553CD7F1
                                                        SHA1:941CED86CA02136BFC4786BCD139044C00F810CB
                                                        SHA-256:E624F7DDC7502304728D088BEBF1A91DB30D9EB5D7FBE62891EDF17C6F20A404
                                                        SHA-512:107F09A32EABE869B11C0B4622A41D0A2F3BB75E36C0DFDE6D97861FE3B2837728257D3E4C67170CBD481A267AD7A092C32E1A8D6480665956D422C08B847CD4
                                                        Malicious:false
                                                        Preview:Lcg.WF.o.K..&.......|}.Yl7?l..<..}.B).C.Xnl...3.~.W...g.H}M..A_.w;!1...2...I...:.. 5...R.X0U......)y.....d..Q..p"B.....P.1.1_....g.~:./..Qgjyvt...,...NH2......JM.a..0...v..d.w.4aY..d.o...i?(....{k'h...]..:."jsJ5....Z!...BM....G.z..}.V..f...).8....I}....~...\.*.2.:b..!...:|..8i.J....... .+r...E../...l.~.J.....S....r.&.Bo.X......IS..AX..l....@......A1M..(.Y.|.9...y...L>..MY.I.).....%7+-ajw/F..D..mF..n..5.....C.z..6..@....I.AU...1-fY...ySR.{...u.Z..u~....n>.!d.`F.R.".}Q....L....C..4.60...t..p....hgl6..#..[.S;; ..]UAgG!.......:...=...b.RL.9WYZ.;..}*]E.......4..$.h\.]..|N.@.W..~.p../-.jC(.@...[vF.2Er_..0E.;.Yg...(..,.U......D..cD,..^.+.7.F.+6..g..`.!..W....N..t `...k.\5"Q...MU.grF..m........4...K....?5.S.l...&"io.w.\......i. .K.....fO.....v.p/....|1?.\[%..V./..:.U.......r.h.`Zr.pFVN~f...ZV<^.....-\...b..&.5..).`...Z..!X......+F......b.A....]3X<......?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....q

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10483
                                                        Entropy (8bit):7.984358258357158
                                                        Encrypted:false
                                                        SSDEEP:192:NYnsepbB8jBvTl4SYATW8ORA0l5SEeLJRyArNsFfZ5xxDlF:NYnsW69vT69BA0l5SEetTqfZ5PpF
                                                        MD5:0CF6FA9935BEBF485DC71B879C4BBB7C
                                                        SHA1:06DB58A4725E1BA96808AC2A5A6C7EF97FCCBAD9
                                                        SHA-256:4A188441B89278FBE06C3434995FED73C18385071D32855C97AC6EA2ABC4A3A5
                                                        SHA-512:B3A609B7295421DC4672BEA78F0FE540A513CA0B06BA5969359280D0401304F3C4D2B7AB2A4F39E57D7E5827BF8428BF90C95D2A109FDCBB8A25C570780F73EC
                                                        Malicious:false
                                                        Preview:.&...a#.....5i..jR\.f(...._"...t....h.f...U..0}.r@EY7..a...tUCpb|.;.......bzW.G......Y......;.r.+,.>.U.H..}...T.v...>.{).%...`.y$.:3H....w..R}.c9.K........PA.\.jz@v.^j..vh.}..S.+16....ssL.t.{e.z....So 2?K..x.N3....TX.[....m........|fQ..g...-....>m.g...HYZ.{qQ.3.:.M..`A..:..G.ug.y...!..O...q..Ok.o.z.K..r.c\;..2Y.Q.........&.8.b.;_..BJsv.k..... ...1*\..^...%.5L"..U.=.r!..(....f..x.......aa.S...&..ha.v*.T.Bj...E......1.Y..t...i......g..%.6.c; ....r<lx.)...ZEf..,....% x/y....Q...%.....@0..2...qqh...h..k~.UI..u.t?$zP..o....!..fc..K.I....m.P..(h.*Y")Zj...<]....jx.g<.BS.#...T...#...c. ..y...hfb.......`._..O..e..a...vn.?Q...b..[..}=.W.u%...P'..(.Wtn!h..l...M.z5.t.KGC.....^......x5_..IF.>.....|.......2...a..i..G`/....t......$D=..NP{...)Q...p.D..@3.....z...0[....E......hM.}...4\.@..b.....k..U..+..T.Gx.I|..Y...J.UHeRB.R.s..SF.k........5......\........K3.li..C.}/ .....m....'`......q.....77........Ys.r..~M....=...\5.@.R...U...../.....O.(..*9{...j%."2....'HF1.M.

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):24396
                                                        Entropy (8bit):7.992631949578067
                                                        Encrypted:true
                                                        SSDEEP:384:pBnXlog4XKSHAJKlGVMsgrQDy4ZlgvzcJrhDKbMei018HUF:pBXheDEKlGOs4QDbZibcJF0kkcUF
                                                        MD5:40948E4F9920FFA61D2289559FA1DE60
                                                        SHA1:C40A3B36D471B25F4C947259614C725141485395
                                                        SHA-256:99A66CE81D481B6AC869181A3D27A4CA16EBA7CDB487EFBBD1B62B6C1D161712
                                                        SHA-512:C2E139BE21527F43790B9DE9F05A5AE9563D8690255B27B16FE9B3814E60EEE915D33D535C77495376CECEDC141A70463E956487527AE5BC08167862569D6C5B
                                                        Malicious:true
                                                        Preview:"r..p....u.38...n>....e...YO......).qB.OI....K|f]ek........mL|.a.qT....q.e.r..U0.7 .F.*.....o..X..6..x\-;...3.......m<....=}n.E]..i.........v.%..b....^..k..m>N.._S.u.A.MNW..W.K0&.;.7.-..-|.4....?`..OW..................~.8..g.U....._&(..c..X.HJ0A(Z%.4.......C)r5..........o.u..].t...q.1>G>e.....8..0...V.Nd....?........f/L...b....OY...X..#..TT......Cx^p.D#Y..9..(5.`+.mk7.$D..6..y..v..._..4..8....S.p.O.\.-q.A.Z_p..}..3Uf..;...,v.IB.{.V..*3.....".".....K.....M..o$...8..~.&.7...2...$.I.....y`.r.UW.bb.By.\..].<o...|%P..........u..z....h...,....V.n.).z\....@.)...t..V...........3.3......{..(..n..GS.J..}E.^N.....$.\U.....:C.!R[.......oR..{...].]^L.2.PH...wl@.A....OY.........W#1l.......`%V#eJ.Ki.;.K...@..C..N~.;..V...N..{...8.D...@...h...2tcU.'0;..2...B ....U&r4...%K........1...mrY....l..EW..>.....g.q.X.Y\^..d8.X.}.....:E..4j.`.Z.:... U....K.3D ..e^n......[..f....u..$......].h......=....dd-...V...........P!.(..f.av..u^..@.X.`A:.N..*.M.n..

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):509
                                                        Entropy (8bit):7.57317119726732
                                                        Encrypted:false
                                                        SSDEEP:12:A4pir59Rd1yN98rHusmBfYFqpeO/0gJny6f61a+6KxPlu6nW:firxdwjuGfYFqN9f6bxPlS
                                                        MD5:237F6081AF94F906335C14AFA47F4D63
                                                        SHA1:07BCAABE0ECE1324A2E01122D58F046C313DE13A
                                                        SHA-256:FD69DFBA73A807A0422DD1CD18FCEF207B10C114BE3A15DEC11167D0147D17F5
                                                        SHA-512:B4AEA5C9402881E5908F2DDDB80D9296468E1CB210DD56F96A95E1C6058A3E45FE78A02D31B80413376D69978E1D22B4B53B20335B5865FF9FAF731E5C931033
                                                        Malicious:false
                                                        Preview:..M:.h..1l....hf}.?,.nt}y:./.E....O..t_....=...'.m..VB...~&L.@a.PiN5......6..A5I...5q,..lf.+.t..'.*."...Hv3.B...!........ut13....nV6..m-(...O.....J...a.....~m...`..q..}J.+g..G..^f..i..G....$.{....].T.5.8.F.7?...=. .... .....a......A...;.E2........S.....&OE...^.^K{.v.+.M.K[a.E..n.0..../e."._..2.6.../....M..H:6r.....?.].......s.a.RoT..).AU...2.`a.A[..!B....o....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):14703
                                                        Entropy (8bit):7.986719122363176
                                                        Encrypted:false
                                                        SSDEEP:384:T6Bh0ilYi+KDYnUZErWi/mmEAioO1SEe9T7gxVF:T6BCLlUZ+umXUIvGF
                                                        MD5:7E28179EED5676E8A061C247D06246D4
                                                        SHA1:B9EDE90E6080A652402522A95AE8BBD02237B058
                                                        SHA-256:795225A16CFA82F1DEC8F0F311838F6E5176CFBA941EC4A2A4E77C59AF6EA6BC
                                                        SHA-512:EA1D5C0C6228400A3151ADA724CF0EF234187B96BC6343379EE51C65D6B5FFC3E2C0AB17F7F6D31AB5C838FDCFC3741E0FAE6D974E592223C78D0BDCCC11294A
                                                        Malicious:false
                                                        Preview:...).Q..;o.....b...:.>o/n.w.....5..\......O.d..M...w.2..v..?.oplh.;.Gy;]T.{..b..0......0.C..A....:r0.e.e....K....9.X.A...8q..S....$.......-f.&..?....X_..Q.oK0....F.C.U...$.S%@%............*..\......`h..{kZ...|q.>...5b.=.$.../.w....R .g...rZ...,)Tn.EA.#....@......'...1z(...(V.....=r\..9...G...z|.:].^.^a....w..n.:...0..@|.:......!......G....Z.{..#...A&~..f...@y.fQ.5....}mNB.E..i....".}!..,,.1'.m......?........a.<..Zu.P.{...%..t...\+..`8S..*...<.Y72p=G.'.l`..b..RO9.y.nU..x..8[..D...M..z.A......X..Y.%`.^:...Z..a....m....w.W/.7..S.3.Jl.....3i.`..".[[...G....c...e4..s.e..M.....*.QCZ.....n".(..& b.GK.Hz..X2c.t....e8.<!sVX.E..$ .<...../.^...p..Ht.4Q.A5;~.........I...S..:;..m.:..F..>:GV%X.....Z.`.x..r5.=.....2.."h..g.~..+.rl.c.q..{.....t..[/.|....K..q/.h.EG.$..+.X..S...e....,."/..fDc..Z..,.~+.y.j...."J.n.,......5..^6R+h.Zr.%k.."T&-....dF.....Q.... .. . ..`.!.'.?.E.^1.+o...l6..-.....w....:.......0.{.\=$...ow.....g./.._......o...Ox.!D...w`..

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):274
                                                        Entropy (8bit):7.234279197922557
                                                        Encrypted:false
                                                        SSDEEP:6:xRa8QYsm9gCt/hY6o7AGQwgqv5KoJMf61aBDE6txWw+DdP9l49aUSnW:ZVsogWboZ7v5K2Mf61a+6KxPlu6nW
                                                        MD5:54DEA0E9438453A9C0264A3CCF83F3D2
                                                        SHA1:284E31C4E3F5036EB634491ED3B48A2D52DD39B0
                                                        SHA-256:2EA1578E381460E86AC247537D6C5CCF7FCF783E4E9742CD6B177964A387371C
                                                        SHA-512:8E75375D0445581EF22523261500882063085CA7941D48817282DD595A6453DBCAC9006502E4045DFE1E0D81CD03852B967CF85092864163BE80D7CFAF176F4C
                                                        Malicious:false
                                                        Preview:vMy............d.v..pm..6..._....H...&TE...g..t....;.^?L....n.0..../f."...h....HFZ..Z.#.nBq..0O.c.E...&..ES.V.i.k..lJ..S.x9.Ap....2.e..h....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):296
                                                        Entropy (8bit):7.3286851544204685
                                                        Encrypted:false
                                                        SSDEEP:6:E+NAKrAE/N4Qv80m21C3JX6P+f61aBDE6txWw+DdP9l49aUSnW:EaAyC0dCZ62f61a+6KxPlu6nW
                                                        MD5:63EC40AC832E9CD40447B2A0C7B82060
                                                        SHA1:0582DD97A09C7730A45FC891FB054724C51DA186
                                                        SHA-256:B39B65D5577A5FB558CD08C27405A046E6CFC1EA198363D0D6C24CEC4CA253B6
                                                        SHA-512:C43720F0930D7C67F72420E2BBD03D708BA368FC05D62787B3654A57E5AA7A0BA7CDF5921120CD193B6FC22F8D0B647AB0EC39A9EE16437DE8F1614EC0B17E28
                                                        Malicious:false
                                                        Preview:@.0.f...*.G...;.9\~.......i1G....t.tVA............8...&WE...g./.....X.(2N...n.b..../f.".\..1..)!.4p#..`.L..`...HBi.U...u.yx......%.k.)jj.MK.......>.......l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\CRLogs\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Flash Player\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Headlights\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Linguistics\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\LogTransport2\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\RTTransfer\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Sonar\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4456
                                                        Entropy (8bit):0.44145676805217604
                                                        Encrypted:false
                                                        SSDEEP:6:zJr8TYyfhcD1RRXUn/cX7LUojCKlwq+J+/KRujslll:zJr8TYyfmJ/U/cX7LUojCKeFw/6/l
                                                        MD5:44C25880ECB4C84F0511FAE2E4D5DFF7
                                                        SHA1:991EBF94CA55296D8AF5CBA3EBED816AC91A1629
                                                        SHA-256:873992F9349475C480B86E624C6BB30CF8DE87F57BEB7BEB9A8EDE6D3D3EF2E4
                                                        SHA-512:5DEEF11104AEF799EF3D10EF5717164181EDE9D793518BD1EA62AB40B82BA61E21B60FC8AA38F57F6716C44EAC092B4B111A79725A9959676E66F5203CC2FB8F
                                                        Malicious:false
                                                        Preview:.%c....L..=../\G.^...AE...4..(................?.....I.......*...*...*...*...........................................................................................h...........................h................n'RX..M..............l..*...G.9.22................................. :.. :.. :.. :................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Roaming\Mozilla\Extensions\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20230927232528.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):267
                                                        Entropy (8bit):7.195404476717509
                                                        Encrypted:false
                                                        SSDEEP:6:6OaCC1e9C4Y5IN1FqulZsO7q/6f61aBDE6txWw+DdP9l49aUSnW:P9+inFqulZ3g6f61a+6KxPlu6nW
                                                        MD5:A9E2E9CC5BE2A32DEAA74B1ACDC2F50F
                                                        SHA1:AAD563F17C0412E9DF32EC090B18E03C5358CFFA
                                                        SHA-256:D3BF8DD951E853A99EE432315C29AC46794DE0FFCA5EA8097ADBDE620123A6EE
                                                        SHA-512:5C1F516095B65DDE4A61F233FB849985AFB55D42D1ADB29A0CA0F5DD410FAA1DAEA499DAB710DB1D8B660466F9C33D8620EC94E350FA0BEDD7302543F9A29842
                                                        Malicious:false
                                                        Preview:..hMp#ugi....&cE...g.'....\.l%|..i.W........!.._..1.d.|l..,R..,..w").._.${..B...V.;..RL.c...J.h>....mR...+....J.). 8y.E..!....{....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\SiteSecurityServiceState.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):785
                                                        Entropy (8bit):7.722165929897412
                                                        Encrypted:false
                                                        SSDEEP:24:kRSDBDuPtHTJN8tPZKotphyYPGEf6bxPlS:kRiuPtUK63yYPGEfeQ
                                                        MD5:EB18DFC71E4D34B2ADF0C0855278B470
                                                        SHA1:AC492F26D3701B4E4C10AE7FB570FA7FA822DA76
                                                        SHA-256:3FD1C3A4C789BA84B9F17969EB55F3554DF775BBB7537A2BE2FB1AFF977B4F34
                                                        SHA-512:384A6A67037932560846C06746B9CB02F99EF364F1CC4112FCF4EE91F1B4EB9B5E8BBDA72D8FE6F3D78496949B0575A52F208AFD443F1BAE8B7790E0A44CAD37
                                                        Malicious:true
                                                        Preview:..O....U{V...@..vO.l.....`.{7...Q...k.!......r.!m..\:... ...2#.j.AXM....Ed[.IL...c.w...i.H...!...........1..j.kBQM,.C..#.{.^W.....Mx...H...BD..+.u...HA..eu..N....&mOK..)t,7....P....~........EL....$.'..W...2m.).N..z-..<..."..]...L..N9.y)I.SS...Y. c...H+C. ...`..:.....yP$.>...n.v.L|.......O.w%.^.T.d..N.F`..?:pq.A.$.j...2.i).+..=RnY.....K5R.3............Q..M..bR.._..S..?.tI& ZL9.P...&[.1...`8..}...kg..)L\.B.#..T.....S.=..T....6.5u...\.yF]........e...p..h..G'...O .V..%*........N...{.).55.8d[....IKX...........&dE.....9...;._.(4...0.......|&g..._..1.6.|o../Q......*...:..].K.Nz.O.....~Q....&....].y.O.r.i.;..q9..O..\.<x....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\Telemetry.FailedProfileLocks.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):266
                                                        Entropy (8bit):7.2036185502330685
                                                        Encrypted:false
                                                        SSDEEP:6:XwZfRNk+9/LdC6K3+PLkMnUstjyjf61aBDE6txWw+DdP9l49aUSnW:XsR5Z3i+PgMnzyjf61a+6KxPlu6nW
                                                        MD5:D00E174A649687EBBCF9061C8ED1CE19
                                                        SHA1:0CB8F424B4CCC391FAD571ECC4157AD0232D78EA
                                                        SHA-256:CE2AE14B4B286D814BAA2D3A8009BAF21A93C7F7817522C5A9E31FB100BF9B31
                                                        SHA-512:BD135A8DFBF93C59C7C160BBADE4334FB73574D11F3AB50426435B46CF1B2B9AC15FD97B645E6306717D617A5DA95CCA970FE51736CC05330A3BEAECE7A19ABF
                                                        Malicious:true
                                                        Preview:....&|mc...(>...>.X.7?t.....DV+...6..I.,..m.?.l(./R..,..g......c...3..h/..z.38_.8..'X.....<.b...{..}G.Nz....H. ....=..|......?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):5676
                                                        Entropy (8bit):7.965892322932113
                                                        Encrypted:false
                                                        SSDEEP:96:LRfcRPwnGoX7hq1RiRBx7bMWl2Y900v7DTDaLqQEnLIqweQ:LRURInGLEx7bMWwy0Y/OmQEnLIqwF
                                                        MD5:2ED745263040B0009FA2268AFF215CF3
                                                        SHA1:99F8908C4DCE78FB9A87D5F4C43878C6867AF771
                                                        SHA-256:5748C256AE0EAB7942ED984B65C9FFB8B4CBD721D6AF61858A5E475E983F343B
                                                        SHA-512:3FB907D575C6BEC6D66DBCAE4410B9409B11D4ECD1EB3D8832647FE6D2208E4FE59F91C539CD0072948C3B92D87AD1A6BF0171453F511C0CE9A1C55C2D1A32FA
                                                        Malicious:true
                                                        Preview:-..Yfk....B.x.....SV....p..X.^.%.L......J+...5.r1...-....f..PU...~....'h.@....O.u%gdi...H.........^..\..u.4..K..0.1..\.l..@.FJd.=..y....DH..J"R...AHX.h@.C..R.Z...,.....&.Zg..`.#v{)v.._:...'>^.u.eRFE...Q>`..I.......'r..[.e..I.{$....`!r.v..|..c1....}O{..w.4=.(..D.=#8@.P..).....hUv,s.x.3D./Xh]....0V.:.]0GlT.e....c...]A..Q...$.J.k...a.....".7..v-..a..u....;...3=.D.f7`]c.V.....f..Q:fM....*i..B.}Fv.8..VU.B..)/b..J..l.@..................25.*f.UN....p.c.9.....$K-.."..Y..o.i.^.;%.:&_2..Y....b(.. .b..%..?yH.J|.Gq.....c......9...h:....N...D\.0Y}.e..).s...).+.I..0.rv.7..&.Vh....L..TR.q..M...E..a&Ds...>.yl..y......h{...&..bO..b.._.NL...".G....[..c._@.._W~.$...A.........`.n.X........m....^]..@I.U.JS...#:..9R@.1%....(q...@w..?H^;....V-/-........=(}....Ve~s.G+.X.....BA|.T..!pw..k...5...l..j....>........o..}i..._}.....J../....gx..D..7....+.-.E:.....D...b*3..z.y...U.{.......D.S^.......J.!Z...i..!.ilC.C.g......}6S...3...E..}..rd.X..J.0.|.....X..3.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):260
                                                        Entropy (8bit):7.1258380051697285
                                                        Encrypted:false
                                                        SSDEEP:6:1yfg1MZ+tKvrwKgvZ7f61aBDE6txWw+DdP9l49aUSnW:16ZtZYZ7f61a+6KxPlu6nW
                                                        MD5:BF8808501A5BB2B9A90EE93BA3E1EAE5
                                                        SHA1:A3B94E0FF49355BECDE32DC87D1F150EBA1D0E72
                                                        SHA-256:13756D5B9C5AF88FD0F7EAF65183286AADF9C60AA4C34BEC55FDC8F341A05620
                                                        SHA-512:8A627055A3779489F8F53E09501CA3C4662F88F79AE82F3C4F6054A29CD882FBC8400E1F029EB9D3BCD75ABAB9F426578CB9E4714FD74F2989550A88D525C554
                                                        Malicious:true
                                                        Preview:p..........r.Ws.............d.h..t/...zk9.^)L...n.3..../e.kf....Ep.n".v./".U...5'c?..t..'..#..s`............3..=.{..e..f....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):229611
                                                        Entropy (8bit):7.999197997044754
                                                        Encrypted:true
                                                        SSDEEP:6144:KBi8R6uW7PrfRqf0bWuYvd+I4pY94cz7TYneT4YnnetBvtneV/:c9+7jfDb0oppm/yeT4YnnktnI/
                                                        MD5:941B3DBF9DA9F035BD5AB1A73164BBB8
                                                        SHA1:45951F71BC0BBFC2619E5B756991A4E46DBD4ABE
                                                        SHA-256:12EEA314B5A34DD7988CF07063CC2733833CD0B3124BC3D8B3F4265D33D0C3BD
                                                        SHA-512:C373665076F87D597251C688BE546CF5D9B10C537C44B45ABB1A018C1078B9B3CED78DDBFD423CD33912AC382E7795E89C3843C69F68B7102156EBAA31C3A86B
                                                        Malicious:true
                                                        Preview:...L........6..T...h...q.}.B#..4...g.3...m~.2...%pn....xsi..L.c...Rw.TL+.T?.Yq/5&l..x..e...#.U.....U..k.....S.Zs./..v..<.........A.v*1..h.........p..z......9....X...w.a`.a.|,(..<.K\W...:..$U...mR.egV0X&.4mTw...../.%t..a..+r\.P|h..D;...R.O,...=q.......`.....Za3...).|..M....../oF.5P.J...=....A...dI..A.....q....\*P....r.a..B6...4....M7..`.C..........._Du.U..X.|.2...Q...B.1...,.P....z..Z...........m.;@3..mP/.....p..lk.._(1.U...s.~w...C....@'.!..aX....W..gC...&.).f.....M..>.7|......el..l....UKTH.T.9.Lw.... .W>..w..[...w...M...Cb...X...nct..Xh.,...O..P.<.e....;...v.....e.U....0`.6.......f....chD ..H.0...Y.t..|[..F5..|.....5.w...y{......J.........rd....N..@l...@..1.$.#L....e..>.G...h#........b..r..W..8.K..@%I .k...u.aH..c......1.h+.O....O1.^Z+.....*..&..j!.M{.=b...p.....le..-3...G(S..p-..x.^.....-.....'......F.Wh.O....k........{..X..V.wP...O....!x..(>...Y..o....O.`,oX.-.=#.t`2.D.c...N..*...L...A./}..H......uU..=...b..?.....g.....*...b..

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):262394
                                                        Entropy (8bit):7.999370596503298
                                                        Encrypted:true
                                                        SSDEEP:6144:TF1sxCVGPbsVDpsyYyOuyKSPZtqNzLIJnHSD0g7Vxp8ZKX7U6:DsQVGARprYyOuyK6ZtqR8UDlVxp8Uw6
                                                        MD5:5915043DCE839E60AE7D7D564DD34D90
                                                        SHA1:3803534A7BAB500045FB6373FB4AC6F54D55C588
                                                        SHA-256:A5DE016B4776004166F17B94E49CCD442C4400728708C5B34C3AB233AE869637
                                                        SHA-512:D9F1D2F521A83C69A359E8BC5E9D2D403C6655A20BC0EF40EBBEA8530D879E2D969A3034A6A8743FB3720CA74E1D1CF10EEC2ABD2921B6616FF27B5C2F8E42FC
                                                        Malicious:true
                                                        Preview:..P.U...W.E...8.....S....Kj..2._d...gH.E..\..y..f.t(Ee..K.7..S...<k'kv|...=.)....wY.Ql..tK].=..........s.[...O.B...V..S..Yw.=C........|1.....$....&...!.....+d.....~..L......q!..........]...Br.....^Za..s........ate._...!....6..pg......7s.MX....?L.....5.k}.J...M.........F.z\..H9K..U.....Of.Ou.....,.r"....H...x4..>....e..-..?.....E.&3.F.H.....=.@U< ...#[.WF..rn#.=...%v.....c.(.T."p.RJ.>..F.K&d.y..5h....n@.z..._0......|K/V]Td..u.~...JA-.(...O..Z...1..2...]..2...".....p.9.3...<..0..J.c.*..H..y.q...j4OO.#FbV.Oe..8.-r....9JQ9<W.7..c}!..Y.tO.O.e......z...L...3.JP.1..V..)..i...]...{~`[.....E.w./..^].......n.4..&...@....&..T...e...b......C....wF.u._2v..'O0E;,..B....}.E\....3.#[..!.9$...+.....[k..CU.W..~..._.GvV....,...6..Y.5.O...@v.........Q...G.S..`..b.....]..48.w......b......z..<*.sJ.l.N|o... ..`.....Pk.......;.[.3gD..G.(V.s.....qg]....T.s.FU...DhT..9..N..rVS*..3....#....>..'..Q...P.7........5Z.....{.xWk.Z.....-.....,..C8M.{}k.d..'.@...c.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33016
                                                        Entropy (8bit):7.995047883610571
                                                        Encrypted:true
                                                        SSDEEP:768:09I5BTbGEFl76Vcwh7Qm+k0cd5PQvjp2/iCHd44ORHZF:092BTbGQ2C27KkjQ8/Dd499ZF
                                                        MD5:6DF7D8F3A8AC9B4FB86C808DB554D520
                                                        SHA1:D1322E8D4273BAF85B8AE9B95D2780EA19F7674F
                                                        SHA-256:60A502D13FCE6C50349D24443C3EDF6D29D3F9D4F4A23E64A18B4A6ADE0C8684
                                                        SHA-512:D9B3D7BF6EA5482422161AA5CA2461AF191CABB3BB35532A34684C59870415FE7724D63422BC24B27A2FA51DA7752601E4654198C99BAE4C437259F4D68DF9C8
                                                        Malicious:true
                                                        Preview:...1+...4..'.mE.-.{I.F....z.._..nn. ..td4.......N.i...{..*.5_.1.yp.b..).~.A.mm./<.j|{.(q.Zj..I..q..Y_va...`........j...k.lw...B.m.h...C....k{..^f..(.]~...... Z....j+......a...RgL..L...;..W.a.Z.TJ 9f...>6.q6..'....h...*r8..0.....'h..Q..&w|s.U..]..I...G. .}.....4R.p^\....;.5..E....^#....y\........A*..J..6..<t.e|..}.+!..U..O.z.E.lx).ytK~.e.E........l..0.p...l+...v....f.....~@.4`.>.(...g^...T2b.L2?.x..'.(R.......%-.(AR."z..C...Mb..&...4...H.A[.P.6.@&.W...B...]...TPN....*..J.....F..<..T.1.p.'x.aU.}........N.......l.el...w...e..(.rd:.V........W..W.s.G......cj.!.....w..1.{]'#R...z...&.L=..."....j{ 8..`N.q....."F.........-.%.o.>...d".\.3G\...\R...n.R.y..n..7.-_eV...O..&/q.7z......j|.6c..l$.|..&.R.u..S.:..)J..U$.Qs.!...rS...j...An.2.&-.K...X..t......y.on o6.q.....Z.n1Q....l....y....E.....^n.Z.)....e..d;.T..9..N..eX....)v.....V.*.=.g.)...9#....EzX.~.....x.d.n..Y........q.V!...<m...Yv....O...y...}0#...x..<f..tfxA.|.{...Q..-qn,.....{,..9.I.P..]%E\f...=

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):98545
                                                        Entropy (8bit):7.998077142445474
                                                        Encrypted:true
                                                        SSDEEP:3072:/SJC0FGPIx0b9HGU70ePbat05FkwpwDapsGdZcG:/z0FGai9HGU70ePCYGmpSG
                                                        MD5:2BE88F24CC9FC56BABC09273FD2C8112
                                                        SHA1:38F778256C4A120E8621D014F5A70C52B8C11153
                                                        SHA-256:66E0232A832240D91A93572388D9DE731480685A0F830490F1598BB45F37282E
                                                        SHA-512:BD0233FBA94D02B4D3E95DA8EEA28149613074C0F6E8BC401C1E818B75305CDF50DC7034A2DFC18A90572C9F7C7CEBBD8D4282D78A1BC5EBE02DB4B5E261DFE5
                                                        Malicious:true
                                                        Preview:..k%x...).......&.`.=s2DH....%....1I..L..V.a.r~.pi...O@N7f.....i\.uk.hQ9r.H..>......b........>..'b.~..3......R.A!.N....Ba..@...N...H..I?3....g.......=,,..g`.S..=.]..?..1....{4..(..=X..N.1.:I..".y`..F..xg++.4n.QI.O..........E?!.:x....o)..u.........P.........2.wvj}.$.h..;e..1.........A..i....>.....z7.GI.....)..j.....L..72M..v..0....J..Q....u.....Z..6..kw`$.J.....c}[. ...O....W~..=q....@..... .....1.l....\.E"Q}s.07..!..?..w:G.KY...r.D..;.....l ....} .I..."...P..;JR..0..0hD.7d... 7V..ae...q(.....Z..0.ib.=....~.>{.u.Y.3.......z....8....n...:h......A.A......F>N.F...d...P...[....W.Qc.*.O_q'{...n..M..p.s..Z.$.......}..`]}<..,:...u.l.w.=.....J...7....LH^.(.$.'..%9^}..h1.J1.=.).).....R...t....a...]8.S...!8V\.h.....q1.O...!.K....{.........^.l.>l....x..g..Q'u..#..7....5w....&K.=.....3.k..m....G."J2...&>0........../....".1.}...R....'....Qe;O.-+ ..tb....v...5..(..s...}.(...i....e.A.".u.........x...T....YOLqn_..aT....D....a..q..Q....q.wB...J

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829702.cde8135c-88c3-4c34-8670-7ef017742548.new-profile.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4091
                                                        Entropy (8bit):7.955534979929891
                                                        Encrypted:false
                                                        SSDEEP:96:YFuy+3x+ZlTe5qwOOseRP61yBrPsaFo7zZaswp3wkN+S/S/piDHVeQ:Y0y+3xi4OOsobBrPF6ZE/Ndq/MVF
                                                        MD5:C62B7612D8AB04729B49EFA3CB08C827
                                                        SHA1:13A1E53FDA3638A71BE80D568B70F1DD1C1A5234
                                                        SHA-256:AA2F616A8E9BAEB6F4DFDE98F2D9A050E99C6A3E102348FBD501204C028F1042
                                                        SHA-512:8E396A4D9A97FE58C24E9F408D5C740806F0542B76D90D88C21011726A254B814D1A83CEBD78F4F775653286D0079E8E84762ED6F3167DCC08F745B97AB3B468
                                                        Malicious:true
                                                        Preview:.?..Z..))#.$,...0.Udlg..'33.a..ET..:.n.*X.i.NxD..m.'s.0....H@..T.L..*V.s..H7...n.....T....."..M.!L>.&"a.o.(Uz.W......{..|N....;.............|...&.[....I...Bk.ywW.......g.Dj.h.=..9.632.0.=6..F|o@....^m._....:..K......@s.........q..jM.s~..ga.)......R.(..|.N..A.XPO.J..&#v..$.."..x...\S....[,.K.x...>.i.x9>W.i./...D....0.%..=PWMA.|..^.|..L7...dS.Z..`...a.\.m...A..KAz.;.k....W..mPO...{...|.s.../..7WbB..%.!.7...K![...........m..$uAY>.?q..tty.BNFxG......b9..J.bh..........$n.!.lb..j.J..........F.5...#.:....%~\m....g.x......C..z.v......1.Z..u.(l.Q..1.E..>(5H.).P....T&dB.Ru..5...a..*p....^.]o...6..g...K..W.$.T~Ro.6..=~b..U.V..(....J...,:........y+..OEC89..e.C..x......)C.....u.eu.b(..........G.i.H.t8.!=...h.. 7u%...I..p5.H$.....j.......{.....!..EWj........|...z[..o..nC.e..oM.......G;....".....z...M.<.`...S.t..^..d.`z..i4.:..I.)._.o...Y...Vu8L.[..j...++.....T.UDO..mS..J...z0......\.J.......x..Y.......6..6..).5..(...!D..C...!qH....Z...`{....a.S

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829737.9f7a5e7a-2be0-4ff7-b132-b1f6e59a8e58.event.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4441
                                                        Entropy (8bit):7.95770595024232
                                                        Encrypted:false
                                                        SSDEEP:96:4bNUpw/XjUAGIQv3Iko0X6PC44TZbV01lVG4DAeQ:gqpwfjvQf3X6qJZbClVXcF
                                                        MD5:238ED2FC9E92A222432C39B573C94BEF
                                                        SHA1:A218ED63862630590C87AC8F044DC37187AB5378
                                                        SHA-256:214FD75DEA141459C97F5E24E5D36CD2D40DB4F333E1F98EBAE1FE017990C5E9
                                                        SHA-512:CAB22E0B03BBD114CCF81855DE2656816B898DB93984266579D76918A4BA3E77E143989356472D258CAD494A5C276130A3306C194BF4608C723096ED39661919
                                                        Malicious:true
                                                        Preview:S...N...B..C.(...*.=,@7.]ez.''.8.B..m.. .2...6?....9....K.%b. 8...g..,....4.O...Z.Y).~.rY...k`.:(Y+EJ.......m.Lk9......f....mm...pq\A.....}..7T..x.b.e..j....If..t,1l.4)..x.Q-..../=....1.t+.K...,...2...ts~.p...'.R.Y...k:...[$...o.........x.l.n......M!..](...O]......q.G..F.G.q]>:.s.x8..gQ..O=........E..7.....K.B_.cm.^...|i.q>%;......Pi....S..r..(...X...l..(..L!....).......!K.C#.n....&D -.. ....-LP.=d.=..).P....+vf^&..>F..A4-.^..e.Z....X@3.(.wp.............+.D'..2...t ..p...|.\:'...\..<......fu..<.....-..{.........8.+U..=EGp...j?...o..j.....=.%2...w&.............>........Ck)..8.......(%..2.h.../|..".(..:.J3../]......kux.(H...4D.QT....t.a,"...M.>m%.M"..5..).Ja..4"*.. ..K..'}.^YCj..d...c....(..s.......P......~;..+.o...-b.....S.....\..V....J..hpz.....-}...z............k...i...5.{L.k.,....+Qi.l.l.M.C...I_..f.,.)1.....\G....S...?.G0i.....J.B..-.f.......zH..T.#FK4..<.6....T.3.M.-}.Qhvd.o.6!<....Bo......{$r.....[.^D.._d..C."..`..d.Ygq%...Or}.f-

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829744.7278f154-e8f4-4235-84c5-c5c1c6af0084.main.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):18586
                                                        Entropy (8bit):7.990790354696658
                                                        Encrypted:true
                                                        SSDEEP:384:1QY1wbYj+rZCSKo9pTIUsYJJ1nDuijTxqjfNVK9nc/F:y0wbYcCU91I1EDnxqjCZOF
                                                        MD5:329EE715D71216A73861C8471446BE55
                                                        SHA1:C99F0658D4A83D7E6F815683B9942942A5CE88F5
                                                        SHA-256:4F2AD8B6CC8650C6CC08C56E2C81CDE6B799764128CEF4D2CB3D3BF18699F75E
                                                        SHA-512:C6EB64DB14F287F8516BE52892F564A80E63F350632969F7686A88DD690ECA9715C1B522DEB5F104BFA0AE6C0078FBDB3930866E6E9613C6E8A8ABBBE9401DCA
                                                        Malicious:true
                                                        Preview:<`.d4....@.......+D%a..L%...s....3. A/l-..c@B..+.G.#".R{E.C4.../.P....c..&-f.P^.c=_.LBI$9og(J.:4...E.9,i......L ..~...1.<.Mq}...p.po...V...Dh.C...........O..r...:9.+1.&gqp.~~\......Y.J..I.+....8w'.)..0B....am....F2.:6.{.j...G..4.P..kP..Y...04..`...>.m=..?[.6..;.:/.#..V....5....[.r.....L&e.......r/v...u..s-o%......&.2...E....g/....a....Wb....g.Y.s..p]k....A_.*.M&.+..e.......~.rO.;&..B..Y.+...xF.K.."..+........^.:g..."".QIr..6/>...E...*|..5]S2....Qpi.K".">..0.a.*....g...........c...o.$...a.?...&Qk..5.\....;A.z..1U}B.(.\0.n..P..t.Go......:..zEa_.22.l.,\U.6..Z..h...{R8p9J..).Z..S.qW...Jt.C^...q...E.:.@?+(.k.=dL........Es.T....5.a.......t..M...t.{....^I..P...1....Y?...}.,.r..8.e;.."....:..\..k....x..3.I.....V..R..R.vQ........m.r..p....4!c...1...@...m..g.S;V!.M.F..H...../..~..."Vp5.3.....9.........).8=..+..w8..{."...Zb.N...g.+....U)8...Ye....L+MD..y....%..t...B."..........s.r`.7.rj..n7.."..HV.bO.."jl..>.@n.....Yp..b..*=S.^%.=YK.7.C.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829746.67aa4432-87f8-463e-b422-f6679add9971.first-shutdown.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):18597
                                                        Entropy (8bit):7.991157749529318
                                                        Encrypted:true
                                                        SSDEEP:384:DejRugNXr2KOjv9IpmpPZY+IcEnB+AA8NCrjU9/laUXHY1OFQMSAwyF:yjEgNX9NpQPzjEnB+58NkjbUr8AbF
                                                        MD5:A55C9BE8B2BFAC09365AD2FF9B78FB46
                                                        SHA1:C22B59C87CBDFA8D0ADFF8495CDB098BDFE68EDA
                                                        SHA-256:45EADFD038522BADDD8E9EAA7C9CA1F6F76EB3C8B8A18BDE068692A7F1BB88EF
                                                        SHA-512:BDB4EDC3E6F1932BC58E70ED6165E39F2EB95E90C87969A1814849CFADAB0BF143A0DF5AA53FD54C4D18C4E6E264AD2352C673469951FFAE047A90A1FA753906
                                                        Malicious:true
                                                        Preview:ng..T...@>4t6..{r..5.....G4i..6..........k..L.E.~\u.......W..........}J.F{.z..[.(g......s.G.\a.D..8..ji.i.....ks......6....z.} ..<.p.M&.....x....P....3V..S...#H......b..cd.iM.|.....i...Y@....Y..$...w.-9..L.I.....Mm7..`.].c6I.<....t.N..$v8.j..S.A..$.i..q.i7.h.u.i.$..p...H......4..?r....w..D.....]Y\....*......x.8HP..!.........(p.1......Jc.3]......`C...!...../TE...E.s.Du.E...*.......1.Y.P..W|.s.U....b...D.-.T67t...hu.t..%Q.lBaM.....OM.L.n...............y.I....U.6ap....b.t. ..2..vs0...0.H+,.>.,.2...|..g.]....^.q.F.=....mb.|..=. ..L4.........s...N.aw.G.._......b...n~ei.6c.]x...a+....f......P..M?.K.Z.....4..n.....j..]...w.K.....].._./........S)....?.C......*.....koz.....w..uXv.3Z...jSX....1+.P.....TZ.$.../I..s.8m...Qd.k.=...Qm.....cW.-._.9..J.x....i&..0.....<.'..K....?....q.....z5.....q].8....M2.^....Fj..+.....Qj.@q..n.N..O..9...`.J.. CP......9BXk8.Du.}>..J.[a.6........B..8s.#..:Z.+b;..s.u.J.<_+ME.6.}Fd.2.[..g....]j. .<..F...

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834580.6fc53411-ad83-4cf6-a5f6-905f0f3f52e8.health.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):746
                                                        Entropy (8bit):7.7465148354712365
                                                        Encrypted:false
                                                        SSDEEP:12:oRYqYiUuab53QrtgUUsY/rq3tqoEoJczWHCA09pg2kVfdHUDurZmZrVP+yjf61av:oWqyuab53QSUUsVd8ECBA+pW0DumVmyR
                                                        MD5:163E4721E5347FA801547373541858AC
                                                        SHA1:C8351E08192B1C297BAD40C877EE94A63123602C
                                                        SHA-256:A0CAA975B1519245F9BE78087B7A38EDAF152A6B9A5B9359E869D16D6932DB2B
                                                        SHA-512:8184EFA9B44A1EECFB0EF989EA11FCB922313CDC6B3FDB71A1ABE8CCEF87E02CD6AF0F794595F8F4FF245A03DFC929DC6C872ED647AA7196B138665C92BD06AB
                                                        Malicious:true
                                                        Preview:.G.r.E..{^.-&....N..rv.....37......\C..<f...-..Wj~...0.....ruj.Z..O:N.L..t.N....P............U...?P.H.j..,......?...S....X........]._..........p.FU".+..N.....S..&t.;!s]._.D.*.w@......U..2..D..*A..?".l.2"......CO...s..;.99..}.....};.......#.~].....ib.%L....i.h...j=... ..A...]^.....1$......u.u-....k6...X.`...u.9cJ.N......G.i.Cj.X..+.q.....!w...s.,54j.d.Q.n...K....0=J.\T%....w.....V3...l...qMhH..s~..#Z.....0YQ.I........&)oc.d..S.{.+.H...8./].._...v.tqA...u..%.....).#....4.:.......<.d}..^...C8o...s...]..H.....S.y..d6.}..^-.Z?":Tn.9w..2..}f.n0...R_3.2..m..1bx..z.U #/.N.Z.j.6..K......?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834606.011115ff-9301-40fc-805e-ba07b7fdfce4.event.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4445
                                                        Entropy (8bit):7.965805566810346
                                                        Encrypted:false
                                                        SSDEEP:96:LN6413SOE12WAZ76iexq7wvpOQmQgfmOxlUcZf9xVeQ:LDiO7BZ7WkY7mffGcZljF
                                                        MD5:5B5876525489A6D52F581A4EC6F53A53
                                                        SHA1:4CE81E0F6048F9C2260325EC99F8879C511A6E1B
                                                        SHA-256:15FFE9357F8E6CCD447D512DE4C12FF53C1328B71A12AE323AD7AB9C46735983
                                                        SHA-512:AEFBFB722E6DDA9E7A0010E319B9D07C6BD9F020F3338C9577F07A6DE4DE1FFF3EC63378A55BCA22D854AF9109F99AE218EFC075D35326727732DF649ACF19BE
                                                        Malicious:true
                                                        Preview:..?4mPU.Cx7............,.i..uuk.........2.^.#...X..$.v+.<..4...Ds..;F....b...n..*Q.W......s4....$.....`3DR..U....Vg.....\..7.a...*..V.M+cGkw.]S&0...y.w..8..../i.3.......;a!p...n..[..40.....!.X.m..9.O.../Zrh.vJ.n..x"....i......%.-.Y;....Y...M9n~%.....U........].M.......%BX9....T..O;.......d15....7K.<g]E.A......^.........d..w.:..Slg......F..Eg'.........e'...{'5e..W..>....(.d%....{....|.]I'Y..ut.$)[L..d...J.X.K-`n.`.C.....(...b..n..-......5:..........D0^L..+............G....G..q..3..A............[4.l..?.A0.......JI.f.I.:....O....T.Wy5.._~...]u.k...D5aP.tq9.e$.....T.s.I,.fW..d._.YF.d..*4.j......._..:.6....q...q7..3|".2....Q.apG..1.{Se.......g+..@.<..c#.I..$.....=B.:E....!.... .i.j.[...W..?.._..@;%`.z.....r...*6...rd.#(L/.....o.cN..v..f........u.o.'..........J?..4.....G'..h...:K&..6d...(.........,......4V+..........20|....+..zuY..D.jC..IuX.W.A...G....ty.0...._.0..e.../..x..Ir;N.,RO2...\.R...U4..`..mQZ{..X.L.....(..TFj..O....Y.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834608.65054280-9d54-477d-a3ea-afcb1f88e001.health.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):745
                                                        Entropy (8bit):7.738063574695709
                                                        Encrypted:false
                                                        SSDEEP:12:lYFM16fjC7LtlEGpzhGGCzEm53hJrKg1UjbTVZKgjuwsC1OkLiDQQ78f61a+6Kx4:lYFM18klN4X53D0jbTV0gjvn1dm8f6bW
                                                        MD5:0AC240D1914A62089FF7779FB4A58CD3
                                                        SHA1:12C7068C8CD1F344F33660E061E0F65B9BEB129D
                                                        SHA-256:7805012C6C74E162F8EB756E8378BE8A4E8B110316A297AD590B910CE5085352
                                                        SHA-512:278F08FBFCB7B9BBD61606E88C76B4CE09E9868BDBB0DE029162DF4AA9E3B6526DBC1044A87FD6F284EE48927E246AC839B3D83E3EC5E3103C8AC700DFC86ABC
                                                        Malicious:true
                                                        Preview:.gt.7.P.....).6.]..Kf..0R=.I...$Jx.mS..T...X..og.C...o?K...\Y......S|........0..]...V......*?...4.]..&..Ee..r........`..v....v...Gk..q.....gX..v .x..........{.9.a\...z.!.U..y.O.pr[....[eza..GX..b.9.c..F.^p..R...... #...=*..f....2....+........8&...s.....o....u..El\".b?...#I.B..}=...K....*......-...-..J....?.. ....V..M...........m.Q..../.g..f@.J....)..0q...........6.1.}...n.....L0..N-*.qt.4fK.....o}...7-....D...D..J....&)oc.d..S.#...V0(.K.i...C.e..nv&R..dJ.TH:...i._0.......W.w.4o....w}.......8._...9..]..H.....S.y..d6...!RFf.{g."..KEhl.b...m)Z.A.........A5.'(.On.hnE.......7.....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834620.c7889da7-33f0-4599-8452-58d47c58437b.main.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):15376
                                                        Entropy (8bit):7.988457790926466
                                                        Encrypted:false
                                                        SSDEEP:384:aDfnQMuMnNBrQr0uS2l8zStRsI9W0tgPPSEUJPF:a7n7vcV8QRd9WqgXSBxF
                                                        MD5:0EF5054B4D783A030B2ABBA152122B48
                                                        SHA1:3FD0A22EF222F54286C47CE5DC8A47B3AE47E992
                                                        SHA-256:1AD16FF98325298010C33A826B6A818D759E564B1C60852D905217F99730EAA2
                                                        SHA-512:73F74098D8BBAA5354FC0C967CB650C6B12930A8EBA40975289F7BB55F5139289E7DC2D37892680D96C3F06619F00EE5FDCB62ADE08E2B79E72693B685D11ED0
                                                        Malicious:true
                                                        Preview:.r{y.w.....^!..D..6.#K..(.N^...QI...D.ydb.>O6.......Dk.^a0.._.u2...l.:.....U."|..%9{2..h..7P3.,;...&"....P.rN....[.b...>?\.... ....X......H.%..r...S3..^AA.>..{.9......}6S..-!.......m...RAw5<.DC......OA.>.PC$k..@.'."3.#./2.(Mi...Y.x.I_....Sg..Tv.A.m..*....8.WH.. ......H..ur....<.v.2..~.].7.....R.q.XvNL.u..d....-..$...L.....c....*.....u.*.M.o..W.+......M..>..1.I....0.~/.....9..[c0>....`-J+...j.....Z.*..1....Fw..[..K_.W......F...y.!N9.t7rV..?h..K... ...Z\....N[4...$..?...M<.X..|3,RfZ.STa*T.....d..U........bZ...S...Gx"....a.N.B...# |W,<...h4..[..q,.^....@1._..aj..y.<.....X....A.eEP..0.....I..(..m...mt.;.".YB?....o...V$.m@.y..g..e1..?.7..}.x....]....h......9...V.Fvt.....P..ZsF..t.~.A.R..fW.).N..(..../._..S"..Hl.....(S&.I.=....-........6.`..Ot.?.Q......3...:...E.0q...5......#.=.[qY...f-..QA...@...NA*:0U..g=.......Nj....M...q....:..v....P....r......N...K.....i,.hH..3..D.m.:..e[X.5...;.#.7.-......T...[.9L..eR_. I.N...]...^s............ .0

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857833.45e26519-596d-41a5-b290-e547b44111fd.health.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):749
                                                        Entropy (8bit):7.731221683701066
                                                        Encrypted:false
                                                        SSDEEP:12:xHR8576FebSVfhMgyHY45zBkXtEhn3mOYvBJ2SrJy3WQmCz1AB+t8qCf61a+6Kx4:xx84kUfhzy4kNO9pZwStwW9A1AaXCf6C
                                                        MD5:AB1CF904A229B0F450C651F149C899BA
                                                        SHA1:EE160EA84A1DD79C4C627CED4E937C06BF001979
                                                        SHA-256:42BC4E60822EF60F211AD10677025FF41C783DC74D42EEC1B0658716E3A51333
                                                        SHA-512:15502E8579BB16C66772BEF147486F77372052E386868EA40AA079240BCBD792CD36E4DD1DC9B46DF6C3D9B450EA5DFD72947FE099FBDED6B0CCB590A9EFA4D8
                                                        Malicious:true
                                                        Preview:..G...I>5..@.......:J.....R..F..qf.`y......o....C...uZ..X...g.yk...F0..=.:.b...$...k.......Y...aB....H.>,...2.....M......+..9%.}.<.!...9........>B...M.j..$.d.H.)(.....9W%....+TLF......Bt.....E.=b..4...Q~.j.. ..x....).n.....-P...._.p...N.}...!...@.K...^}~Cj........,.8...G.-.X.*..PJ*~,......:..p........I.m=..B.k...\......w...G.u/-C.....|..{..]..O"e:W..@....[.).....-C...3.g...x.Z...b)..s"..j}...g[.3.W.wB.qg.[....." .0y8+......&)oc.d..F.....t.?.CY)..._.}...<KV...>..%.s.P\...s.N:....e...5o........E...Y9W..g.j...........P.y..d6.J.#.........t.g.w$....r{.`.1.V.\..=...b.r........I.......U&......?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857860.81ddb4cc-1d49-45f2-961f-e24ea6db2be5.health.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):748
                                                        Entropy (8bit):7.698906177488852
                                                        Encrypted:false
                                                        SSDEEP:12:kFWGPHZYMJ1af67MEmQYiZB9tgzsmE7dl9HQLv41Kov8emouJCmM//GA/bkf61av:VG/ya3FmQYuBnml4Zvkc//GA/bkf6bx4
                                                        MD5:6A97171BF8BC123245808658F15A7209
                                                        SHA1:60E663639E7BF789D844FDC3C17220E64CA69E87
                                                        SHA-256:F28C336AEB1F1116297B45C333D0DE0B7ACD4BE136468591F8A377A3D7EC49D2
                                                        SHA-512:FD956316E3D77FFF57EA5C07CD01E4F257FC18184915FFE86CFD10910C7860E302D2B5BF9C649DBCC2F96BAB31F153799FEDB1EF9B856A87F5BE2B54902BFDD6
                                                        Malicious:true
                                                        Preview:}.=.N.....}....A6]..^..;@ ..O.E..i7..2.<....[.b....)Wn....7...%......]...j PS.K.E.dAB.V..Ni......O.~.......(/..%.O...%..V.7...=..F....d..k).gB......S.s.:`I./..{.....Hy..:P...........8.......).P.W{.f'H...Q..b..O.u...+.j...d....^l...f..Q.J.......U.Sm...q9.k...VB.y/1.WGHx4....\-.U.....S1V<.....o..T...Q......j.qW..N...$.....\...5......C...........#6.....)V.*>Al.{...V.Wb.Xm....\?ct..i.....9...=.{..w?9..,...L:...H:V...5$....&)oc.d..F.....X...O.+....Z.S.:.@.B/......{.Mu..Js.U.M.....z.k...#....XE...}9}..g.Z...........P.y..d6..a.....d......m.}.7...U8.^.:.8>8.!....6.f.'...b...=%.?4.'V...|.....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857860.a73949a2-5a70-4025-8008-88156c16bb4a.event.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4447
                                                        Entropy (8bit):7.9602221024211985
                                                        Encrypted:false
                                                        SSDEEP:96:xH7ZZRERx0x6qVZAYT7oBGfWqnMisZeo9AFM3yEG56RMC/FxwXi277VJhteQ:xzR0Ck947sZLaey6RMMFuS2P3htF
                                                        MD5:6657536F7BC4BE7E67B26E5258D52EDE
                                                        SHA1:C2F3129DCE3AF4D1E580B6BD4B504D210134B901
                                                        SHA-256:DDCBD21BCFAC65187CD3B6B26498FD41E70DEC5C31BF022066AF4F5E2D067A3F
                                                        SHA-512:9EB96FBADE87DD6FFB5760EA1CCE001E045215493FA38A0EFB0578C05A8EF406E2B744B870A92635E9F85B21C5F9D08999734319DBC7889995DC922E0EFE1CED
                                                        Malicious:true
                                                        Preview:K...H.Eg.s.:O.?..q.{7..:..%n..M...J[C..hW&D..m..{..W.K3......Lmb....^..N#...%N....K. h..W..Y~......i.i$...+...a[EW..o8...<...& .*...IM..@.1..q6Sr#..R....`;.$~...),.a.Jsq.U..`VFW...D...SRj."o?Q..>....}.X.u.jL.`........F...@.F.M.m7Y.....h..5......jNt......Q..,.R..{...vY.rFD$X..d..K...h...y.kO...[..#..j....+....=..........D....!.q...e.U`...~..@Hmw.+.....R.[D..8.*.N...p..k.J."........fy...#...~N.9..&.6./O......4..._pX.%.X*.74.......@...]..Qn...G.."!g=.w.A.Ve.b.G*;......^....f.sfI.xkQ.H}LOC$..$.l......A.d_Ho.^....M=.F...u.J....(....P.4....v.....GS..u.Aq..;\...^.K..Y....#:....._...?....D...%....^0H?h.1.A.0..U...0..%.$-..-..v....o..7..6....%.....n/......`...&.b&.e1E..?.C.qv.2mM..Gi..u..*....(..5.@K/.c..q1..jb8.."..aJ..Mt."..&\.>...,...!......B...0.......D.......IW.G....oNYg...>..^......S.E....+.c.....=.=.4.h..c...ww.%....*..x-..Z.t ....M..8.(&.t.....u.....G1).9V.F.~1....[..U.%...N.....YDl>Z..5O.+t73.15v.O7.*...$W.......o^2.v.....d....X:..O.&.....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857869.95af30ae-acac-4802-b983-233d7fd3cf34.main.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):14323
                                                        Entropy (8bit):7.986516535117579
                                                        Encrypted:false
                                                        SSDEEP:384:sHVHtzbu0lMI52cWeGT2uYFN6eErw8X5BborF:sHVHtzb35S6ZN/EBXjEF
                                                        MD5:2CCA4A5F3ADE3A1DC99B530678E94E38
                                                        SHA1:83606FE1331D120FD38A0A318A4B9A58EF30E8F7
                                                        SHA-256:343DBE4157BBFAFA9D53F86F2F759B133FC56EF50BB6725141FA56E72D799AFC
                                                        SHA-512:B4A2C574995DCA4ED57C44805369CD8207355981857EE5B6F4ACE3AB9527FD38B1C75C7ABE6FAC5AF4880B7F7E3F6E56227D3D46B14D8580E2572F45942427C5
                                                        Malicious:true
                                                        Preview:.OD.~.='...b..oV.I.9...h...F...........J.....F^.i.;#@$qvF.^.B!.f..[_Z....RX...H...J{...T40....D.f.K.n..n.%......G)#.R*qcZ~..Z..l.]...J....:`nS....."|O.^.....A*M...T....F.G3D........UpM...G...q..nP....r..]1..'..G..G....Z.n..G.p.d.,............8.}..Aa..02..-...l^..,%.G5..8...]pTz.-.....d....AHQ.#...<..........AUp......j..(A....A.`.K.&.P......./...'.......7...=.S..S$..8.U.(..%...!....[...J....=.$wox.J..,.(.O....2.;R...* .....$.M.D.f-~!M.$Gj!p..r....T......p....0s.....Nh.`..._}.....Tq..T.Yy.G,..q.Xl%ev..E.e.<.u..-..d.HP9.99."..........<m.|]<..x..+.-..||S.}.h..6...mK....G..y.Q2.&Y.9......^.....e.w..:.z................I.w._.#'a..nh.............oT.[_.|..........#.....IG......{v..".6.......c......5<..?......Xz.2G.....|@.C....7I...@...}..r<3....>..'.........s...eF..u.y>..*...|...z!....F0Z.|..%..J........Xu]F........fF..Y......p.p7H....).\[..B^.j....>.f.J.e..p.=.XT.....ctO.t_2..lY.....)$C.1..T.$.e.QU.G..0....5....Jo!F.&....&m.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\background-update.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):700
                                                        Entropy (8bit):7.737058315953627
                                                        Encrypted:false
                                                        SSDEEP:12:uE6e1RW2Ykch0o8gh5LMnb5uJc8/dqf3DKUWXbif61a+6KxPlu6nW:OeSqcio8G5LMbwJ3/w7Lqmf6bxPlS
                                                        MD5:4FB16A27B13A18E06772BD2F1F5195A5
                                                        SHA1:CBEB88443EFBD49139DE666D317CB75B4344E9E8
                                                        SHA-256:802EA8980845182DF807B1E47337601551BD71CB813EC0655C82023FEF9D3156
                                                        SHA-512:C3C3827BD8A8A0A62C142998507847FC9FC5D93B0CA3BA5955652B76F2C484CB36C947F64C34B60FE08EB0A3AEA60D82ECD2D678C600CB05EB75288871C12E84
                                                        Malicious:true
                                                        Preview:..` .#d..T. @bu.... .p).......;..S...iO...9..^!.8I.%@Q..$r{H..aY.iA.'.$.U.p~5..?.SS.."........V../.8......M{[.Jm...s...r#..}`.LS~.XN.\.s...-.=.....b.t..dW..+...Z..My.H*^....4.k...1x..xZ..*.B....X.pU6..F.C.....'..c....X.:md..|..J...d...1.....j.O..7..P..nj.\/ [....!I......&J...X.c...;Ao\.&......g)6.......d.5.p.b..V..o..|+.e.{Z.k..>.Q.=.....k.I.........)...o#!.>.%P2.x..PG...C..u8.3w.'.....e...i.. ...e.....W...]..W..)a.;...&sE...g.MZ.W.....8<L..V.@2r.../eK"._..2.6..l..r...B.<.qN...l..9..#..3.LY6k.'....UIZ.M.Oq....>W8...%h.Q..s....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\events.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):755
                                                        Entropy (8bit):7.7568896967470256
                                                        Encrypted:false
                                                        SSDEEP:12:ICKnc6T4tbkiG5/w1kbHNDj5Jt3hIheXAT0XiT+jua0pY9m56lkpdlFf61a+6Kx4:AfT4tb9mwObNP5t9XAT0XyTpYI5M8f6C
                                                        MD5:C9729AF4B225E4EB719991EF8C9ED430
                                                        SHA1:188713AED45F5311FF737C1196F69335D48D9F37
                                                        SHA-256:F62F4E07641216EF699B0320A9DDA1F9E489C9799F4787920199A719890DBAA1
                                                        SHA-512:E03E767A4E47469E11FEDBA4B6773C15E7662F6F5B46CFA55AE1D5FBD9D636E9C88A25994DD89D15983DF1B3BE4DA18E36304C109739A215F1834B7C7DA43A2C
                                                        Malicious:true
                                                        Preview:..8D...hi..q1..S.661}........2BI..~..0.g..~bE.RAhx2.5B........d.....K.(K..!.*....%......n..m.....g.....Eo.M:.x.....Q%.:*..g.F.hY.,iI.........F.U^...E.....$.>.'..?...S3.m{A...........>l.,...9N54..f.ie........y.1 Yc"+O....qm<|..t...{...b}.'.^..........,.4....*...G.2 r..v0..H..3c&@..)..d.r{.. ..a...../x.:.........sg........r..SK.O.?l*Q.......b.1..V..Yb....K..x1O.....%.m..Xo..o4.[eeZ.J.=VM.db.N.5....Q...P.y.".j.[IV&..U(/....V.... ]I...."...-.pY...s.n..9...s..4}...D{..,.$.I.K1...Nt\..N.nK.u...".p$...'.......l ....x.9.^)L...m.0.......%..=.8.8HJj...^/......k...G!D`.|...(.Mxz........V...`....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\05d02ac8-b2f1-4670-8541-db8ec2bbf427.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1950
                                                        Entropy (8bit):7.8993561450604
                                                        Encrypted:false
                                                        SSDEEP:48:r1JOJAbiPMJugcRNtMjkSbzZCpaDlEoYNXExANaz2gcH77feQ:r1JOeWrgcyjkKzZtBYNZwq3eQ
                                                        MD5:CEB0758370334A67CF436C1C2FB4A94D
                                                        SHA1:C506A70B764BD248FBD9C4A59182FC04F0F7DA83
                                                        SHA-256:3FBB9D37E9ECA761222C6589FB2E7C4461444328BD9701A149339D1933BD4EDC
                                                        SHA-512:31F43223E309B9DE9021DC44DE8CD00220A90FD26DBA23FD3EF2DB88311C49F30C6945339500A1B58838FCB37ECA2546D599A904B069A022DB4C6929B31E643D
                                                        Malicious:true
                                                        Preview:...%.sK'g4g..7.9=..%.....{....f...-.Y ...!..e....s.....)...].....<....z...C..x..*...3.M.9..$.uO!.8n.@~.W.'..........Y....}...(n-H...S..1D.7.A~T}V.Hl,.2..#.`...s....d..S...........&.V.VQ;.V.V#...aj%Pj8...I.ja.#g..K.0.Q..B.c.#.x.n...H.5e..........Yo..Lj.l...G....J.5<(0..*..i.....%p....g..^....Y..?KB.E...U...(<..>l.......-..vm&0.....N)....]......H..T.4..\>&7.w...k.u.|.1.T.Y$61.R.8{.F..b[.N.B,..PM..)}.W....)...DFj...Z".k.h..p.....8....[.va&...*$.X.........l..f).v...K.R...V..<.u.G.+.x....C.&...1.2...`.[....m 3B.j.D.....mb).v..C1...!.z...F.uL...#..#?..L.....N....B....:......|..3...x.'@.)#.#.'.......N.,Ab.).a....fPA.m.x.....@#TB|C.hBAH.~...MC.e2.4c.~Q..)M...'........%r..Q.P...,Y.......lJD.....0....D.5.b@9x8..#@p..)yP...b..c......}.l...Kbis..n!.#.J.....m.#.eX.b...~.d.@H..aq..&.=.I..!.......R.x..6]..F.....K.n..JV..~t..8.|@5.....y.....m...(.&NI4^...G.`-.=........P....>y.B'.4...`.B.p.......6...3............#.....)v..&.I.9......4...0....8(..<.7.\

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\12f997af-c065-4562-b9f6-11000bb95c9b.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1579
                                                        Entropy (8bit):7.877629422143501
                                                        Encrypted:false
                                                        SSDEEP:48:0/xA1Wzk9WRt2FLKTw1f/1yZPe1WiL3rwm7feQ:ExAT9WRUZL1H1y81WiTUmbeQ
                                                        MD5:CF687C91B94CF378B75179D1FD338A47
                                                        SHA1:1FDA10C6FBCA023EC13F993766078ED44B181DE2
                                                        SHA-256:F401E9FFCDF9DE138A0DCA3189C85BF71A479D2FAAAC70CF182FD2D1E9455E69
                                                        SHA-512:8427BB3CD20763F719DD135BEA18EAE6C4F54B63B56A5595BC85B77E6084FCB9E34F087806478500F5C0C7614213B7FA489BC2C5B7B7006A2F327EB8DD73B916
                                                        Malicious:true
                                                        Preview:..L.....l.Zx-6.......+.}S........Vzq.1...t.a.'3.......!O&y,.(<.`!..8GT.....#>.J./.+.F..R.N#....'....s..T....>uY...d.-...=.p.."....Dw>*8.I:.......q6.:..(ze6.b......D!.>..@f.tH..*...MT.Q......p9.c...!.-..JK7...x..I;.6+.l..(..8{....7.h...........H.\bw.FYB......[.._d........_.....8.4...;I.A....5F)....".)..d................u....*.S....2A.Im.Z.x./.t...KP1.O.....HO1SI.jY.w...e.....m.s!4..;GB.....i...H...H.r.\.k. .:..v..{.6....I....W.|...W..}]..(_.r..Wt.......Y..b..+.AMz.1%6.D5".F.&./..p.O.u../?...+7[t...e..'.o..b.K./...{p..Z...&.C.......).!p.x.7./..c ~<..t..x...0TC...j~...c..&....\.]9w.=..k&T..bY..'...[K.|.Rc....lOjm4*.dAt0.......k......8....Z...b.y.2.zd\z.a..2.'....c......#..rCRn..\]F.."...p.(RM.I....3v;./.}.\..fF^{...=@.#a.....g...~f.s..8C....$.x.v.b'~h.].U^z.jA.fP.b.*.&..{.H.e..h/.}......._|.......2.......e.U.H._.B...u.].>Y.l..Zi=.J.x...G.1W.8..,.#....Y.A06..wT..B02c.|.......~..E..eM.[.Lb..2.'X...d.|..~,`.....R.3..~.I2....`.*.(.dy...4...c..p|.P_.'

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\1435a377-bbaf-4c9c-8706-0811a779fa3f.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1946
                                                        Entropy (8bit):7.911912163371803
                                                        Encrypted:false
                                                        SSDEEP:48:Qr46WJqiefsb8koAeQ00Ap+VniwnrUSdquABeCuztTQXoWaEfeQ:Spab6y00Ap+VnySdVhNtTwlJeQ
                                                        MD5:E46234E263407A50CAABC8929F12C89F
                                                        SHA1:A8DBFD4B19200F81206C44CC5742B871BF1B52B3
                                                        SHA-256:81D2BA9E72A49AF858CE4060BE364CDB5F67DB3F6C3C48940F2B93AAEBDF6F35
                                                        SHA-512:8C79BA62A3225517A803362BA0226F5B864AB88AD1C6BBA5B13C7C3911546CBEDCD931AEEAC23C5733EA4BE47C4B0EAC8AF825F1173FAD25B2AF3EAC086B7937
                                                        Malicious:true
                                                        Preview:.4..s...p@Z...........R...e..IS=R...\.x.:.@8..8............!w.Y<v?..M<..gm..j.|....I%.....4q.&.(..m..C-..7p.r..1.WQ#.1h~{R.....i1'....BpE..G.....w...m$....6!./......h)..*.at<sOb...H..L..*..@.S..VEV...JG.d'.|....%..^...ry.6.'.7..r....S........QX.bl.=.t.....v8...%.Q.k.T.'+(G9.....[O..n..e....T.o....>>../...N.b..V..:.tg..I........x......!f.M}..[*C.Aw..~.7.N...,.l+...H....!o.C.u>lG.}^y.-&]..`..-~...3....OM.?..w. .-..............{..x4Z..>......y.N..t~.*...........<VfSPcy.e.Fc....<AD.....86..-..+O.0.dQ..'...r..V....zg..;}.?.T........im...<.P...:!L...`..y..'.Up.r.T;..|..r.i.M..FC(...2{......|n....f.k.}.ETx*..ZVZ).l{.G.b....G...Y..V..X.V?..%.w...Oe..,q..u.........'......@.......>.Zc.s9.9.c.#G.s<d....].......>>...".E..7. .5...... ~...(..wHA.(..v.^.l.K...3H.{t...,.....$....".U.[....].....h..D..[E....Z..`kG.A........D.?,....Z....#+..p.......}V.B...y.l.[...P}....W..w^...Oix\..e...H.X\.v{....Z[..Z...C.}....x`.*qQ.X.LYW.Zgm...p.(u..1..yU>~`..tBn.(.?

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\15f01145-7764-450b-9ad5-323693350a9c.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1582
                                                        Entropy (8bit):7.874142293647659
                                                        Encrypted:false
                                                        SSDEEP:48:pmt60VqQNRwHPmjZguk0ZoSApx6o4kjAIKTvfeQ:EQ00TWZgukg2n4OzUHeQ
                                                        MD5:08A6E19F2E6ACA0309CD3D3DFD9E9965
                                                        SHA1:DF67E5E26CBEED61A8D96D406DE3E0B392089EDA
                                                        SHA-256:BC4F1E83F82D172D7FF8BAAD7F2AAF9DCC92E1B89508B0F26968D5B169D0A83E
                                                        SHA-512:58688E51AA55491E54F7C7B468FDD6D1A2C011622F54E8EF826B74496FA167323FF17FB0DCA10B402998F340178AF9FE001556952A55B06F9B9C99E824404B6C
                                                        Malicious:true
                                                        Preview:MC.7..LW.<,..d.TNA*.)...D....Zk...\.....~.\..H$...q.{@..H.B._.....8qh.._..L....R..?h...+21=R.D.u6.u..52.[...L..U......]..jJ.c.L....F......=x.E.....a..y[=.M.RO...P/.2.FK....E.`....VZ..rl..$..w..^X.....1.!..i+.S`.....t..".wX.c:*.`..]..5.R'.GP-.e./..}...JQ..~.6.iS6..+.+k.\\......].~...R.~..<.v468.76.j....!...a..*..pRC..Ex:U...........A...~[.rw..Zh..+.fN....>*,.v{.S...n.0.p...*|..+....H.0..+.U.J.J...bE.+..U....F...V....($.@.......j?.......U.h.O......R.i..O.....FW.=.....?..`.i....]*Eb.....gK...S..,..w..g6...I.d:`........_.s.{.....x...4.j...oc.(..SY.E?E.)/@}s......;..4.z..;..G...f..1...@,.......... .w...e....!.~..6....S....q...E..&z%f......O.A.x.... 7.N.....,..Q.~...|aZ..N...@#.......U.?j."2.h&..g...$`K.T*..*..Q.E!......7"......jAP.t+.j.7.m...U[.....j....D....L.3.!....e-.4.g..*...,6NE......:#..4b.o....W....K.g..Dg.Ke..,...d{...4v.U...w....4.x..../~Q..*..i9..x..L..0..Uuv~.o......4..e....Jmv9. [v....y..*.l..6.....i.....;.8..15..

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\1d5599c8-3f43-42cc-8163-9a43c60a06d1.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1827
                                                        Entropy (8bit):7.888291544637759
                                                        Encrypted:false
                                                        SSDEEP:24:u1Nr7U89y9PTT/sCgJVa6mdC7Rq3AwP8tyDZBC9SFQ77QFqPbo5P7wf6bxPlS:qcImHsjnah+Rq38tuCIFYQomkfeQ
                                                        MD5:31CD1B0A5E2FFFEAECE2BBD483855CF7
                                                        SHA1:E5927431AC20335F70D405BB1ABD86B2F0B9DB47
                                                        SHA-256:32B6432321E674DB1E87BC99BBEE45B3C9DD1C9CE32237BA9CB5EA081AE38BF9
                                                        SHA-512:EE130162E2C2E8E92E8D835A7B69EF72A5FF33DBF31C3084B94F305873C62818B2D367812D2A9D2369053ADF34B10D4B315903C2CD782F0D84207F4DE062D63D
                                                        Malicious:true
                                                        Preview:G...wu......j:.....x..kQ)]........`...$=....|.e.C.P..GG.@A..c.\.u..G....G...#.k..jZ(6......V..jG...t!.}..<.z(.u.#F3...6p-.$.zX.B..C..!.B.....q.S'-q.I.'b.E...E^...Vb..V...f...UZ.>.,..z.c.99....5.an=.....+n.J,-9%...>..ocJj..w...>..;.R.c.Y.G..).;..U.0.<....s.s..OU.......0.3$......W......)...R.....K........v.1..@.-../.I.=.6..^.q.`.v......|S.%sB..3s.....o.A. 0J.,..t.4......8f.<&9..v...DG..D....oI.....osJ.z...2....7...1.....z#.2....Z..`d..s..V .....1....uj.n.}.'..)z...`.d..T..^..s.*_....<{m7.I....=f..a.,.%.7...|..8.r}..WA.....J.8..Z.....(w.~.1...2.>Xk{..Q|3..Tr...G....O...%.rF.H..RQ+...3.n...9/.y.S..1XAr....0.v.d..1}H......K%H*.C3a.=...<..e..v..U.c]v.;./....Ea.O...5KGW%....j.*.V....l.z....Y7pQ....o...t.~...J...z..B_.k.y:........Q....0..8.$..'.-]r.h.+.....".......F...&k.8..gK.:N..:........5..U..'.EL...i..^....o....d.$d../.]..`Z...~`...jRU(..S._J....Oa...^v.Z.y.*.<.tK...(._$..x..[.E..>...K...60......P.u..Y..%SSr.*.....+`.......F...........+.....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\277ffbb3-8e94-4f3f-acac-7a401d130160.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):3833
                                                        Entropy (8bit):7.945999255693561
                                                        Encrypted:false
                                                        SSDEEP:96:10OhVDmNVOpSQhlX+IBWMQJc+tMZjYJvlveQ:39mNVPQXOtMZUJvlvF
                                                        MD5:86FC313C79F392152F3B03B2ED76CA1E
                                                        SHA1:C496EBAB8E0C06C9DDA9044F6E825E2F3598D969
                                                        SHA-256:5EE9D4BF21C1E1B7593C954050FE920B575478505BCC49BDCC40704D36188DE6
                                                        SHA-512:AF4A20286C3B2E72EBDEF867AAA9C7DB2A5D805396ECF4394CFEB4D8056064F694C975F29BC845D5DC640E25DE7D8745452E13FCFE183ABEE3E059F50AE00454
                                                        Malicious:true
                                                        Preview:......{g.yH. I.ew.Y.t?..H...F..\..hV8.=.C...._.@.N(Sf.RT..P.7u.}H.02............".)3.iW+M.B...l..Bg........k7Q..)2..jA..iL..|p.4....n.@-fF.......^........v..}..g..a_=.S...#W....{.<--.~=.H2,.K....?k.C...S.{.z....D.x.)H..VD..~t..bW8../....r....p..^..d......\w6_.^..%|..^.s.$.fk...g..\...#R..i;..tAD....E.FA......A.#pl..O.!.A...Ay<..D.!A..<..7...(...y........|.{.4y..Qd....Z...p.....{,...EK......CG.)?:.jF.m.@.E. |.......LY.9.5..L.....&.,.+.{.%.W._u....,A..3h|IR.z+*....y......c.;._.[.U.....'i.E.....K..Y.......U:......)...OQ1...!j.1`...F..6\.....A.h.4._..~...................ua.&K..W..?Z...l*k1.......E....J3ZB.S.7bT..X1..l. wleW.=kK.{v..-.,`*..v.8.....\`......D.uV......g..K...x.sj....|g.).....\..^."..r...v.A.m..JQ\"..t. .Y.Jj&5.G...s)R.t.z.8..UAi.V....b...N..Q......M.".[S....O....<..Q..t.....yg>kl..J=Y:....D....ML%..l.W.M...s ..w!.;..{..-.D. ....E....U.....c'..[...3]....L.E.'Y.o..=.F.!.j.#.K.g..._....Zj.**..2.....G. .W..'.....^..(...8...........Yv_.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\3a40aaf9-3f8b-43a2-85e8-88e3ffc7666f.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1209
                                                        Entropy (8bit):7.828831262029168
                                                        Encrypted:false
                                                        SSDEEP:24:lBJ3Bah9NF5SdEvJM/g2bfOU/7u+tgQM5pHLUt9+jANvByALzf6bxPlS:Nu9NFRW/g6j1ttM3HLUtcjqw+feQ
                                                        MD5:7678E85910647645E6BB49D0E7E3F579
                                                        SHA1:9EF859C9DE68BB8BB52E7D010F52A088C43D7FDB
                                                        SHA-256:4538F6A3DD81C0334979DC2CDE97F708901F6B68C0842E04BDF95ECC9966B3A4
                                                        SHA-512:5E9658070D0DC607375C8AC47E94E01496C94B87A54840508EFDFE5D017C065CFDA075ADE3409F844AC0EF789585149D9668D9EB367F7DE11E73F2CD3D9777F2
                                                        Malicious:true
                                                        Preview:d..9.......~X=..\...h...z.e..+..-#.e.."OsS.F.g..]".......|..I........GJ......*Z-..................u.).%.N..U.j..5....Yl....+...Z..UQ../-'.w.Uz*%.!.+.=aN.7. ..........l...=)l....dS..@....e..;Rq...x..M....H...........1.bM<..#.o.{........s.@MWt4.s.."..R..5=..".8&{*..N...Iv...=}..z.(.qa..5K.@...E........u..9l.bw..S(E....i...B.R....FN....V...h.C.'.}....;...J g. .H.$8..c$.y. .MmI.zIn.i&....j.>."X35..I..X..^...V...D.%.\1..._.I..5.@.....i...%...c....B.9.xq...j.+(D./.+.r.<b..l`.m.tH..uH.3.M$v.@.D..O`..Q..p..Ol}.7....>...1.BN..q+.+....&... yQ....)2..0{k.j.I.J....7 .G[..=...!.w.>O.....E^.....h._E...7D.Q3P]...I.#.+....8.U......z...T5x........h).l......|..8.....v.bI,..0.w..5*...G..Dm......n....j...E..-......j.0......Qf..%.X...(..z..S..1.~;..]..`x[..mx..[.....>.... ..I1L.@.]>.'...=..8.........C..V.t..Y..+.....< j..S/....h.....m~$.....S..t.Z..Ms.Mq..H._.....tN@.....z.....T..A...<...It..&$EZ$k...{.v....<<0.J.f{..1r..%.1..[.d.h...t...R...,.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\78267ebf-1fb3-4b11-82e9-903e54a2a54e.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Secret Key
                                                        Category:dropped
                                                        Size (bytes):1490
                                                        Entropy (8bit):7.877251171495206
                                                        Encrypted:false
                                                        SSDEEP:24:Y8hx+QNtsHsB8sk4CRR/tJG/WidMkyIm/oGUXZQ4pzzy0jXtfwBjRjiEkYCf6bx4:Fx+Qwi8qCR9tc+YryIm/PU1dtIBdUfeQ
                                                        MD5:263198369D23930CD09D4287E94671DC
                                                        SHA1:E5FE5968E41468D7CADB46BEAEDCE98337D3A8AE
                                                        SHA-256:05F25434AA8F7765AD7D7A584EB8FB19A9F566DDA1DA70D4F4FECBC351261B24
                                                        SHA-512:FC2CD2F78D84AE6EA65B74050C65570112C465FAE0565C3854CDD4F02CC818A1A5CD83AAFBC4267EAC3EBA04108C41101706DDA7528CEAB8D6AD361276964E14
                                                        Malicious:true
                                                        Preview:. .~.JV.....0.+~ F1.....^F>.b.......i..hC..l..'l4..6..N ...b..@Q..3A..I.,.#..mk....+.m.p..hT...>.Q..2....]F.=....h.....B..1.X.] 5..ig....7.:=...]y......)%I...I.......T\....{'.b...@iR....A......X%.8..2..O..\..9v.4...Wd......|....*y.....b.[R...iOO..N...e...@.p..1H......x.t$......xT.....j.......%9st...8..+...x..I....m.S.3Lt.......Q....k.wOpt-4.q6.|U!M.<.0.=-...;.K<.725...[P...UV.Z.>Q......|...bv|.'....5.........O.\.Mv...G.#@.P9..*.Y.3.D.}Od.>...M3Z..X.R..i...asqa..R.nQ.....G.iQWD-.`!...j..S..._..U..b..B..k.L.(+`.....2o..|...:m.J.j....B..........x.7J.1.>.....s0.n...=.......Z.z.`.U..?...O0.o.=.. ...Iw...m.?I..>^!a=[...G...C.h.k....1.....ldo7.lo.).h..PJ....b.gv...u:.s...I.Jq.!V.K..iVR.8.#nX..w#U.;NQ..V.OY$m.4..s......ia.....{.F=..Iz...[N....Vc\[.s..S..=.$.qA.]H....&.M..p2,.2g....?IQ..\...Q.0..36....j..Mg1...s.......S.lt..@6.Y..w?...v.p.......B.J..%....It..p..4Ul.{?l....&$..VS.t..swe.C.bc(..8..c.{'.......tb&..@9e..L.c...s.R..b..L|cQ.Z1..j..

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\7d12ac42-15c3-4db9-abfe-259bc8d249ac.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):3843
                                                        Entropy (8bit):7.953286231261002
                                                        Encrypted:false
                                                        SSDEEP:96:haYqa0XngpnnoTZwcU7OV1JXEymndx8TRAaNo0FOVeQ:Bq16uI7OVHEya8TRAaTmF
                                                        MD5:994B41B7440A91AE5625B0B5ACC4AF54
                                                        SHA1:EBCB5C0C02CCCA82445AF4485955AF77E6190405
                                                        SHA-256:EAE99F48084CEC5260D46D980AE2902D3DA3FBAC5B5B0AAA791D65D2AD3BC373
                                                        SHA-512:6A030DE4EEAD1734A1F53EDD9F5C4C58ADB4BA60427DDB7CF26915BE9EE1AF26C88F1454D41B9D455FCD53AFC6AC8E7CD7B5527BC13A4D91EA7E69687B8C1EAF
                                                        Malicious:true
                                                        Preview:S..NQ..K...0.....j.........H...~.S.A....w..^.....Y..k$.O.....3^.ZVS...@....d..k..._..A{..2..<.x.."....~5J...4@.]q../i}..@E.Il....c...X..k.3.#.A4...b.6..JQ./.io..QQA..)s.....=.qEiZ.o.t..i..m.~p3.e..VG.(......N....(...nr...!..)..6...wSn.6.R........].!.;./.g.zU.....Z.r...}.QU=.<..aS.!T.."..Y...Qa(...Jwkxh..#]o...2a..R@.0..5........._.N...S.u.A.*... .0..a."\1)...)..IX ..jl3e...8&B4._ef.Q...B...J.l......(..%.a.~.s^..u..U...6@?`..R.m.."!.!..Y}.;rFc...tn;e.......*...........8V....j.|..%.3........V.RA.0.O.C...(P]u.v.g.SM.v+....w....#_.?+....O..........M .....#...X......*qn.b.X .GC...N.y...7z.]>T..[.......<V`..}J...)...u6...P*....FOwQ'3..Y....X$w...|...=.p..J.iQ..L^....7.%...^\./.mx...u......=....4W...i.>1-i.[.{.5)..g.i.......V9"....R..9.....LL......vL..v.y.J.X.$...\ .....'._I..&..!......Ci|\.-.......,......r.{".."c.........x....W..n..!..h.W.N..OD1.....3?+.)..u..m..V..4B.I...;%S.h+Sj....6...B.......]I...sI....|(..,p..._^xy.v..\t..4.H.S8.gD..&.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\808127e8-e7ed-4078-b3f3-7f09061a011f.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1580
                                                        Entropy (8bit):7.869552246060125
                                                        Encrypted:false
                                                        SSDEEP:24:fUIuDyxWwoURb6c4cytgJijOYiUgerRSbZLufy31lBnq4L42UCveFf6bxPlS:BxWwoG6716YilerRSlLuaJL5UCOfeQ
                                                        MD5:C5CFBFDFC16A8DB201FCBB5504C8B171
                                                        SHA1:477B304AE60BB0E45650CD826A2ADF003288847B
                                                        SHA-256:93AFC645EE1AAABC8584F1C726AFFF878DA030BA286D4B8DFD1417B90B3CE4F4
                                                        SHA-512:6D61A6F80487683DAF653AA092DE95FE02AD02B958391B9FA94680C498C670D383006C185126313EF79CEBFFF4FF12C0F24ADC3D72102AEA4B0ECC404FCEAC8D
                                                        Malicious:true
                                                        Preview:E.>....w.S.....Q..N.V..s...m....mx.t.5..qh.......I.V0w_....Za.......C.)#N.:.6...,@...pQ..]r.*N.C.y..%..$..-..Ej)._...WE.yi.\}7IY{P.=...._#.a.y.5....W<d.;.9E.+4m...D..}...#..z@V...Y.v........R...%..&....Z.</e....+.I....u..x../.<..a.. ..........9`..s...2.I...{....O.z.WR..)....&.._@..y.bo.;.......(L..8y.e.X.d.H..@A..U....#.:....M..X`.a.N.K.GrN..{...`f.oMQ...e..b)y...S.y.wX'p.+.b..q]..#Z=b]2....<..Px./..._.....@\d......iF~:'...5.# m.J.~5...4........F6..#.u.=c.5........._e.x......eG...p.2.v.R.....'.^e?[..s^.]a}.f.-....fw"..Nc.[@H..Q|..G5...a.<=.{{..b...4.{.C......N.Q .7RJ.R.[.x%.1o..u4.<....X.....-.....b..W...H.(Z~VDi......\]..^....L.a4...RH..>.Q........M......+..@...fR.u5..,.)..P.#=..f.....a..g.3.... .......2...g... ..?..e..4..{..!..?c...=1.3......cUa....'..i.Tg...GV...|...Y_6.......<......%g3.G....2./...}.-..c......}......{J..Hm.....].b.Xi.#...Lf6D..0B...M.%.o..l....U.w..s........#...U.....y...!Z.L...Jt.+.+.+.'".@......(...[G

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\a5d6ec76-765c-4778-afd2-1e05a1554d8e.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1580
                                                        Entropy (8bit):7.887565916139393
                                                        Encrypted:false
                                                        SSDEEP:48:42CVFJuE5e6N8QA28CreArUXtYi+C65cVuifeQ:4tRV5emkCreArQZeQ
                                                        MD5:0109568FD2ADA3F753730A7846D53710
                                                        SHA1:8AD652D25C2994BA83D3BC9A91D137E1B78E1FBB
                                                        SHA-256:3F0A4E1D8A2A9076C4ECEB9B1372506AEF50AA0010E33FA68B92F2D943DAE962
                                                        SHA-512:DC7CB857DA0250DE2D585E8586B60BA9100051362B823867F68553AC278BCA98AE730DDE5E46C9CCD968DE719B30F1151D0210C52101F29B0246ABFC83F45C39
                                                        Malicious:true
                                                        Preview:.mc....]k...!.`H..".!-J...hf..w..}......y.E...2..!.?..].....)...[..m.......X...8....8_.;.......)..R...9oI.....z.1;.....&H......Hu..\...ZT........qb.r.&.}n.'O....S.?....F..L..QpZ.!..>..q......)...I@.e...H....#.Bd..S.dp@S...j.p....B....(.*...e#.3...<....d.E...Z+..Qy.]....^..U.NtL..~...Z..X?*3..&.......07n..;...$..N....d....v..4...avP....._J-.....$'(..j..:.......Zz.}.}.8.......6.X..K..........N*O......rt..,z....b..F.v.C.kF/..{....k.V.`..m...Lb"..#..F.UAh.e..;.2)...i.c.S5.........?..>.."#z.<.Y...q.kx....h......l.c~....p..`<..f..>../{.i0E..e. -...88F.FFE(\....l...5.3...!`4.c+*..w.P.f.A........j..0.`.G..k..`'br.=..j..T.k...YX........a...{.M...V.....~...$..*.........I7kQ.]......uC../h.....k.n.....[...yr;w.h-...^..F.5...P....g3..._T.$.T.C..9.~6r.B{....O...?,J..a.~dcz.y..I..i[..A..t........w..^.....{.2..e.;Rcr%`r.._^.="L.s...O.....T.Q.,.. ......~...........:\?S.L..T#u...t.8.Zk`g.z8.;.z.&..z^*sG.......\i.am....@.......R.w..+..Ts.qn~2h3"pu.......

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\a7174184-f177-48c4-876a-8a51c2ed8fbc.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1828
                                                        Entropy (8bit):7.902891797649309
                                                        Encrypted:false
                                                        SSDEEP:48:dd0hrGtIkZTG2+AncNCmYMNRrgzaaM9eOUxMoq+4JLfeQ:djvZTGH1T2aoOUxMVeQ
                                                        MD5:466474B761CC687E4F60E4A7219575DF
                                                        SHA1:3DE76096F8D4DCE1D587691A48582239EB5E2104
                                                        SHA-256:B17997D470A2741B09795249536B779D92AE80FC7769FD94443BD40EC438FB4F
                                                        SHA-512:A87EAC2F1BAEB5249E4604D873C584D4EE4DDED3BDCB0608B6D0C780ABC2B6CEDEA89648BEDB0D3587EE422D754A5E532E98D8B42EDB35795E6C02E3EA74442F
                                                        Malicious:true
                                                        Preview:hEt..dS..T. J..s.S..g.bs.x.......'..Y....i./PO5..IO..._^(.Z=...#@...mZ...@.....P..NUJ\...?H..!.E.yD.? .9.^.... ~.a..........i.D.S._.c[*..B/.L.,;....WPo.....'P6...%.*....,7M....h.....m...-._....F...<..!;.m..C.........|D.e......|.<.:....>D.1..3".hqI?......s ....`.t_.9."........W*.O..N.w..B..lxL.'..... .E..2.K. .>.~......k...C...q"l..WC.'..M..NI........G..".0C5..r.....k.MJ.x..Oz.d|....O..f......1#*D:.>.....@=!c{."....Hgm.D..............(B...y..>)zJV.Y..lP..-..L..;2T.h%..4...9....<.B..e^.m.~z...d.+..P.t...c..b...u=..7...-...H.;...97...H..rz.n!rv..:.....7.V....M.kq_......+..2/.rH...Y|_.n.BpO/P..-Y...lW..q.0./.\,v..X........1P.=>Z.......N..4.=..;.C.[...]......z....d.....V.......G.K].....)..C3...i#v.........'.=..].......v.F..=....q..3.13..9..Q.L]ci...6N/r..x...L...c......J..o..fJ......7.<..h..._.....X'w.<.+. #.....v#.. .N.r\.k?....SI\.AC..,....?.2%%-].2h.o.!q.A..]*.....A....".~.L.C'...X...uJ.Fd.H.+..&#.b9<3.#7.K{n.fO T.v..[..y.zhEh.....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\session-state.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):407
                                                        Entropy (8bit):7.519709609706701
                                                        Encrypted:false
                                                        SSDEEP:6:YSJK9NNYHgGWfx/PR8/ox36Yn19Yd6Ob8H0K2oh7bgvxof61aBDE6txWw+DdP9lS:/VmxHaBg9Yd/A2Gaof61a+6KxPlu6nW
                                                        MD5:76D8C5E6BAB6EFD5A619E472A0DEE22C
                                                        SHA1:2B7B17A13817465B13E386C062D1FE0EB3E99178
                                                        SHA-256:D286026F8B99A02DE8B4523516F1F6DFC33825552328472060DDCDA0B7C65B71
                                                        SHA-512:EBCA1C0ECD4B67F606F28AF402617F85A39125BBA3A77BBC3076EB72A9E630CFDF1D1944107F4649173FF776441F38AC4255795C877E74A341D7CEDE5EDD7EAF
                                                        Malicious:true
                                                        Preview:,.1.(.7.{....... .'.&..4o....^.A....ij.......j$..J......]:LH..)SDn..+..Z"D...;2W.Zo.f\(I;Z*....9..J_.N.Q.O.|...mn..l`y.6`..h........L.5.u.(.v...c.....'.o.^.4.......0.p.&..~.n.....B/e.".\..1.6.|....u7.O..<ti..~.'4Z..Y...?.-U:.O.`...%.$H9.<....../r;....>...L.p....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\state.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):288
                                                        Entropy (8bit):7.259101977164038
                                                        Encrypted:false
                                                        SSDEEP:6:FKwbUBh16KCGAs4bTVrY5BU5H/vCf61aBDE6txWw+DdP9l49aUSnW:wNEPXs4/u52f6f61a+6KxPlu6nW
                                                        MD5:BC8BD3ED0827C0C0784C7C474EC75425
                                                        SHA1:C25A3D6C60410F4F4994F38E40D433293EC68388
                                                        SHA-256:6330DAC5D8FA78025B068BC7920C9B6AC0313A9068CADBFD45A69322C8DBDC5A
                                                        SHA-512:E859671E4A3BAFF257790CD60C5327C681D0B9D9797CC480C23DDF59D624756FBE1A428D21A390CA41E8AFC6309ED46724727CF64B4C175690175CAE3DEA5BE3
                                                        Malicious:true
                                                        Preview:"%l....:>......J5.0....&...G5.V........6L.j/m..R."z...&qkc.h..0;..v..;.K)L....n.0....,e."~...1..aJ$...d..[..$..;........."...|..F.Ab....7.....*...d.g....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):37072
                                                        Entropy (8bit):7.995065847797232
                                                        Encrypted:true
                                                        SSDEEP:768:NU81VUh+W60btP6pN+GUFCuUMMeNPFRJrnhVWhiyM+5AtY47X+3X9HF:NGHNuNUF9UMMKBhIha1L+9HF
                                                        MD5:B6C143616CCE973C3938C1AAAD25B8AC
                                                        SHA1:46467E58713F3E813978D06223F5594B75C53B86
                                                        SHA-256:32E0845FE4B7A6F485110736FDD7895E9B9FA8482E067D8C1992CA45A77C1666
                                                        SHA-512:BC43ACE4EA7B9D0788B39DFAA013676A402A8204AEE43AAB60261B7F0FE138CDE22E237983C30E7BBBB069329360BB81174D1C8E7690EC97B554D0A04C118E1B
                                                        Malicious:true
                                                        Preview:..`..h_WsMK...K.sM...q.g].....Aw..]_.0..1.V...Q...i~a...*.~..6.n..r..%8...9J.Q.G.+.G...F.$..B.r%...n.. ..X.}$...xC.z....7D.y.m....h..qaH|HO.K....`.._C.i.C...h:,.L....Z.G......i.8.x...H.`........L:t.;.....r.i.f8.h5.y.G1...k....8*.l.oY.._.c..{..e..?..$*.M.e'.......t...d}#..........qr....n..E)....>....-...V7JS....j....v.......M..Q.T2.z.....xV.;....3..#.."Pm_7.....;.."..=...-..l\I.......hq]....dz..H..!..'....B.=u|.i...H".-?..ASi..0/.......*...7iX..&........eSN.'b.M.q.n.....D.........n.X..k..]-...I.....'....Fs<........g.b.?.)Z8......d*v.......#n~pDI......xi-H...w.x9..F..X...7../.).pH.k.Y9.......fP....=....u.....H..{a.naj'..W!.r..XbJ....K..G...g..D7....hm.....4..O6.... _.Q.[....3v.(.....7.R...7..........j.;....N*.....w(vu.'..0pHFD.,.x.P...$U...=..h..{..K..x_..lx?.....=..-.f(...a.....m4....u..&b>../..F..)<[..N.t.3T!k..Z.o...U...kA..P.Hg/..-..$o..iaI....G...g.]..U.B...Z.I............xy!.Y]..Ro.>.". -.e...yNb.(.....O..Zyh...Y...y/OP..

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33020
                                                        Entropy (8bit):7.9947363141190015
                                                        Encrypted:true
                                                        SSDEEP:768:ndV3N0/lGmEx/14yKl2nb/4/05ECi2prqkWBxwN+Anyr2pQChaBF:dVb2lgb/48I2rcxutnwChIF
                                                        MD5:D33ACD89A6635294273052AF0570F099
                                                        SHA1:FDBDE2BF5FDCCEEBB195D136EF0702673812E9F3
                                                        SHA-256:386BD11905BFC0DB7B81A8FBF350F2F91756AC83BAA276C2E372C5BC1FC59BAB
                                                        SHA-512:2A294E21AE7E1B20CCF4B78808A3BE71B53D5D722E4A1C29717D43013B108AF0B9C95CC4FA9BB20264E05FF4A6B92E0CF7E94626642DA4BF543754B091C43CC6
                                                        Malicious:true
                                                        Preview:..../......`..M..U..:..s(...x#X...M5..SE.........]J."G.f%..d..^..8|.;#.1.XS....HE;.<...AUMb!=.Y..G.c&".E...}.Q..(.q....`...''-.|.n;W2..#...u......v...m..N.p.g.}.-...K6He.[.'..J0.Oeo..'+*.{..P.G.yh.l/.O...$.@uB.5.>....."..B.z...j.4.m..z4$.@sSUd.G....k.'...Dx.lF*..]:D%.1%v.+.Q.0..&....L..ii{.0..........R.g............qs...+_PQ...g<yW..K.d...s.-.L[.s*.O#HY.9......**O.|^..V....'....o..z.#_..lg...>.2.n..-........#3.T". .M.".sS.d.9.q..^.U.6.....k..._Y.)!]..k..Y'...T..}...i..hT.Q....9(_..z...H....g.v.xJ*....".^0.R...Y.&..e7..~3.^?..zI.vw..O..|2.~....$a<.EP..7..R.e}...:..*l.. ..(H...n.f)M.6_.b..?...OR.D..l..v......2f.-$..m.}h..^..;L7..& {.T..Z......='.Xi...<.....O..8jFA^......4n..d.K'...!$.^.`..10.L...j.s..X.W.....,]........z..&..k`..&%w.e......A..01.{.i._@."..A n..9..6..M....?."79.X..d7..S..r?.H..v^.!B.E........Ev..*`.8C..(:>.7..J..'..>-...!k.~..X....L..l...^,..'.{...pc.j.ws..U....c./M.)Djm..W.+M.[. &...1.?$.Y..uh.tJ>....R.n........L9.....J^...N

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):5243126
                                                        Entropy (8bit):1.2646283692947407
                                                        Encrypted:false
                                                        SSDEEP:12288:Zlezs/Bufm4sQ69eXtVACsiDHCDWEwkYXsy+FPYF+ClpK:Zlks/BufjsQUe9VNHZNk8b+FPgn/K
                                                        MD5:B1387487DB685975C67CFCF75B66602C
                                                        SHA1:27C10DD8B29B709CF0508F265686E5CB066F8BB0
                                                        SHA-256:7A7B9BBE4AD18C8C603685BF31B95FA4CE95584D228CF274A702F7DB7BB69C5B
                                                        SHA-512:6441C389DC559396C697ABC08D20C9459893007AE0245C0E977B8BDAEF6DDA6FDBAA0E646210FF61BBF86CA65F9A6A53F83531685D874E3FEA9FCC0ABE80FCD2
                                                        Malicious:true
                                                        Preview:.+.r...e....n..{.A-....0.8+..m.....M.(h.g.U.....E...."...,.....Y..cmX....<...T...yK.)&....Zw.SIA.<..i..{5......l~.=..oX.-.].....\:.......$..n.=....l-......FI..k.,n.I....{.cr..R.y........|.N.o.....@...w.C,......v..d..z:g..|&....&.@...QmM.9$C....cN;...j!.[......e....7. ..!..l.ui.!.........yfa.b....j}..n..R......AJ.*l.c...<P..'By0.88.D.o2.p.r?..e. ....u.!.6............&...&El..f[....3...../...3....||...L.|.^....).n...:.Q.u...46.fX.6QV..`\./...;.rDy...X].".....3..I....S.U..:........^.:\.|....m..?....6Yu+..M.p'..yN.%..k...D/PI.Z.15...D....7.8.7../..1....)F..y...\.CM.......-[D..6....\..g.....`.{!#3a..lj..(......!..n......,F_...c..w....$.~.......*dt...x...j6I3.N.H.P<.......)/..-.u.jf.WmS.1....d.!.dN.6.:.0..2~.a..Z...P...j\6.+.^@..K.(B..Y..qlp.Y9.......#K.......:&....p....4....[7....y..h...O.....,T..6...6..qWAH.t....W..B...T`./.W..W.....Q9f5a.YM..[..%.>.I.{> ...A.-.+4I..j.|`........p.Z.?..5.'..Go....BX3.q.8..k.R....~&:.[........N1,._..

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):295145
                                                        Entropy (8bit):7.999352752328926
                                                        Encrypted:true
                                                        SSDEEP:6144:UFkQmypR33Q5lsfKONMPPkoYLLZQ1cJmbCafn3ugWCXhe0v1zaXB:U6By73QjsfTqP2W1c0B3FWq8kQ
                                                        MD5:25D32A2F193574F9CE127DFCA12DE1C5
                                                        SHA1:2D863C50ACCA1364EB2EDB7E8738F7864DE12A3C
                                                        SHA-256:432F759810FC1AC0C6ECBC17D200D93CA5C34FFFFD6E2BE6975F545F03A1E88F
                                                        SHA-512:11CB08942BA76013F20E4F1269E9C5336BD7CE32EBC08458F7A2263EE9E1351CE498D3E208B5027C406211673A6E13F047ED00829956D21F532D2EB19A6F12FC
                                                        Malicious:true
                                                        Preview:t..r.;pPe.7..B.5XD..s...Gr;.%.`.^..i.ZPU.C...{\:......I;w3.s|.........&7Z.;.ZFb).W.W.l.vE.y..q.U..J(E.[....z...'...|....%...]$...)...|.l.........\.[....~/~.t|.;.u"|.jw.s..,..g].0T.8{..(......./....^...I.|.=......&$.m.*g...H.'.....5.f.5=nc.Hrjl.*.V.wS_.Y._.V....N.q..Kt.w.,_.+O.. .....:.H./6..o0Y.U../..#.M..@,0M..H......._..@..3....4!..8J..Zo.._y...j.h.N.42...e.03.......g..l ..4..Q.....\....g_......J..u.)e......U......N.X.....sJ..q.H..)...`..4W.!..R....'%i1.&#Kc...(..uaKEM..C...Gt..!.W.vcBJ....^.S.C9..m!..w...8e..A/.ku.>-..0\....\.u.f.H....]/f`.X2....r.....}.`.<...^...d.}xP.6t..UY.(Hh..!.....&.i...OA......]-B.!../\..a........`rf[......b\^S....(..lk.yp.x?.........2 n7..\.)...5.^~8T..? .w.pXi..eI^...Q*..(..#.?I.m&.dOg?s...9.^Gz.w....)vF.FI...].k....tTadO{$.....%...B..KWh ..V.7q..m..b...~.G...`..>.&.>.........|.~...v.<xJ4Y.F.c.j...[...........n.@.......Bh........"%C.....t..3CW.`5V./.kP.T|q..!/C......b.6Q.=...m."@...@.R.'...u1..`.b..C...X....L|.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):98551
                                                        Entropy (8bit):7.998064538656171
                                                        Encrypted:true
                                                        SSDEEP:1536:umVIw0fSO4uXqSkBSsxuyWWcSOIvHz3Hn0xs1qVNLCrcbtYJcbyiZzL4PoKl/Oif:umVIVd9XSzWcpzXSfCwBfVQbo0Q2vvDL
                                                        MD5:C585795D9D4FA5A4D4130B1AF2CBECEE
                                                        SHA1:5BEB925AA49FB031AE7A7944F8E3B008F09C0A93
                                                        SHA-256:ADA0F51DDE6A70D4C0297804363113E7F844A6D5678DC7DC1E8F41F7A5C79BA5
                                                        SHA-512:18D2EA53D4D4B7B2674B7F596B720BAD4C53EAAD84E26435A4CAA254C2B72B63026E538963895DD5D308704AA7FEB8C1BA26D19AC6879C829534407F15ABE89E
                                                        Malicious:true
                                                        Preview:....l|C.N...}..+...u.K../\..D.^.W.5w....E.v...?.}j.U3.= @.z\.6..Z.>..C.._......-.I.`5_...[..o..?......4I.7.-.=u....{..).&).aU..j.v.i.j.\.5.."..*.H.........HD....4.?...W.../x#.....k..[N...UAC....\...t...j0WZ....y..s...U0%.1(I..-..z.x8...Vp.......P.l|.%.~......k.Z..N.]....M.mH..>(..GL.u......w....t._.....gc.$.H..^<..82.a...S.x...r[/.[.LU...m.g..*...L.5........j..7....3..o..N~.PN.t.M.b....~AX...n:x...`.Q.P.B4.........?$.4.".f.....n.D..L.Btbg..w.....BPP.tN.fu.x.-D..bP..-.S.J...bT.D..........s.|s.t....>Hn}.(..U..=...x.6.._5Q....tr......)HD..C.zSl..+.UM....AUL.W..]..Z".C..}S!.?...1...8,.`.|(.~6.P.....s..._z\@...6.d....O...(y..S.?w.Q..orye:.....Q..6..........c.......Zn>....>j0...v6..o..@.z.K2|...u'..F...M.<#C..~..._(i.....)cX.......v-.5..(........]...j h.g....{@Qm.^.:{N...D.!..Y...^;B.9..O..T..Igi.....D.bJ@.f.TH.q.....O.Z...Y...|c.6f..b.%*.b...6.........%.G..G.;.!...B./.z.{......X.|]e.fpe_,.L..p.7.`O....{.l@...|...N.C......1P)....B.bV.Av...

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txt.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):753
                                                        Entropy (8bit):7.759062822786711
                                                        Encrypted:false
                                                        SSDEEP:12:wZERiyJ56cGTmMywtKfEbfP/TakZNVwjaBtCCiksJED8AVv+3DV/0vCx8f61a+6R:wZSJ7GTmMywTaYVzB0rJEDh+3J/0vCxA
                                                        MD5:1BB11CA83D358465F9B21380C7C39A67
                                                        SHA1:EA803357E5CAA29FC2548DE66C20CD198EB41FA8
                                                        SHA-256:9AFEAB05CA4C9E0256F0AF490B55D1D227BCD2A8C414981D07AE404AF50614C8
                                                        SHA-512:96673830CC2F7C030072AC1E4A189E3F61F67395BC1A42BED8CC26749A0DD036F538028A5D311D226CC33ADF3AB180BC612AA0849BCBF70A137B46CDD956A106
                                                        Malicious:true
                                                        Preview:. ..C.=3..6.]:UPvD..j.,-.......37.T....3.]C.P![.6..1.JF@u.{d$.>......+..).....Qcz...L..ueh.{.K.........N2..h.?.......I..jc.~c..IM.1....8V....... zw..:....x.9..1.B..8j..:..i.."..)...*.B.K..._.C.kp.+...l~....^.6....B... .....23......-1^s?..<5.0.lf..6.\S#.'.p.(...}. _(..d..j.~..+P..1V*...8..,.h..hP...K.h.g.q....-..##..T.....s..b}[....s..y.kr9.I..H..F8.4.y..|.Q..E.zE.1..M..U..........7..2..gV/8.4.{I>.z..k......"$.)a.r.\HA.YAN.. ....w. .o6...yN+F..w....Ch....M5;.....z.T.O..=.5K{R.........&sE..WI.t,...9.^)L...n.3..../e..1tU...\....'wg.z..f.&xJ...:|.!..............t.x.._J.RV./z.v.f....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33014
                                                        Entropy (8bit):7.9927526174037276
                                                        Encrypted:true
                                                        SSDEEP:768:ex9A0pgI3PQgE4Q5VeKJu6m5X5E+7oYxTOT7ehw/DcLftF:x0x3PvE4QjeKJu6m5CT7Aw4LftF
                                                        MD5:774293EDA422917599F02B2943BF31D9
                                                        SHA1:AA5E32EA3EE4FADEE757F9FB3D536F7E4C65B69E
                                                        SHA-256:0EC15B414A9134D8A038A015BC8EBAE8F4038929198C50DA39F74CDF65B64E6F
                                                        SHA-512:4CD04B8C707772FB553D9A72C66DCF06F29FCF9060619A958309B235D44640EC53E7E556F97B7F40318284097C8A89A429E838FCB8FE16554122C9379DB3580F
                                                        Malicious:true
                                                        Preview:....].;`H...r..[....0#.W......&..H...yhkS'{..P2..$.W%.W... d..p4...Z..&f..&39..M..{.5..? .....N...bw..\..|...>..d.u.SUe.'/.+.^..MB.R;..~h..Z.O....*.P1_.`V... ;W.Y-.N...`.]$|.bsPKg.*.&y....;3YF".8.X......%. ;.,W..{=.H.HaXvQ..J......(..+.j....Y_.sM..-8M.4.i...*...&w..R..)=.....q^9.7w..~2..sc.._`..N.....\ ...."g$.........:.S.$sp.k{..*..f.G%.o6...3..kQ.8.)...U.8y^..9.y!..\..v.3....)4..kbX4`...k..Nf.E3...Y..q.R"..P7....g.....w.....-.r..k..v1.....$....+...]E..[...x....==A..O/..j...k..9...6EZ.e.1..J.......A.7#...kH..O.Q...l...s...6:V.V..b..q/..{H...HV.t....r...l.....O.%.i.[...@....h..@G.y]...Ko9..........8=........lh<aq..y..)..;......y_.....o.G.IP^...mn.X(.`y.....4......5....#.]=.(+...o..A.x..2....j....7.O..c...y...E-.i...>.l....p.W.0..f....;....o.vS.......(...J.B......9m..$.98.S.<..W!...y....,t.>W&....P......E.G.?.n|..d..U.-.m.;YS..Q .....e...`?....[...z....]...*XP.<.xJ.a.....;y7c2..t..m !cJ..1B........R.;..o=......L.&.O:H1.3H.<.;4..u..

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):5243120
                                                        Entropy (8bit):1.2695926812654936
                                                        Encrypted:false
                                                        SSDEEP:12288:wyca/2wIPuGKn83Rgk/rFnpqBf2/JYmOXb7Whv6rpGqZ5c1f94:gaePuGKu7DSCYmAbm69DZ5aF4
                                                        MD5:A24A2E0AA1816CCAE79C0870DB87C0E0
                                                        SHA1:8A988ECF7B2CADC0E6D41B789A95558902ADCD3E
                                                        SHA-256:719A904A407345B4A502E18EC252E3D6BCDF1C38B452B4DFAA4713D01F6A4F99
                                                        SHA-512:D3F64478E30D1AD08051855D258DC3EF0CA583128D4A7D8BA80684AEC20135C520A9D2386D2A7A0710DE5775EE6061E2C262E4F35DF7C6B44D1053C0FB31D5D6
                                                        Malicious:true
                                                        Preview:....^....s.O..&....o.{R..-;?..........2...E...I#....<..e..Dg..XM...O.Q..6...@f/..K=...p3.6J...>.vDh.......2L..?...$K*Z..[._....'.I.}...c_.{.h*.o[....ig..DwQ.9.q...E..-.?pf.A^.PcC.?...Q..\.u..%s..~..G7JD.A....uy.]..5.+..QA.#-...-.bR%...{u..o0.zS:.3K?...IY.w..../e@...u%..SF.O.(...4...(..'X...CLz.`..G;...h..(..M...ME,34...L..e..A^.....B......p.*A.....9. ...]y.Y~Z......|.{.O.NT.Tt~.u'....>...-{...,SO..P..2.8Gk...V$j.....ls~oH..\..z...Z......m..2.k5nt..O.:..B../..Pl.....[.. k....m.W...g.V...........s..4..o0.'..^'..l..#pj....k)l..q.l...'w../...../...U......p.....$B8.@....\.*..D...!...5gN.v.&..'.A....0yD]i..#..i...=..~....Q..^H.{...g.h...i...$.m...btL...!.Q`...\......q..HH..*Mj...g........"$v...g4?.s.\..I..Y.(....j,....../.N...xj./.V.Sh...n.....v..R.3....`.a..b........"e....|.. ...;..O.d|$..S..+..2..J..)D............V%X.%.HI..E...L[.a.b....9.BR....`..t......_3...#y...n.l.fc....=...g..n....(..}M....J1.?1.....l..{O...O..6...M7Kac.r...G.i.z..wsuh

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):9805
                                                        Entropy (8bit):7.979692935424495
                                                        Encrypted:false
                                                        SSDEEP:192:RajRNgnkLO8IuGT0SRwWhm/rFGT/ORAPa3epwMEH6ruM85EVwYSeDF:RaFNgnk68IuGRlmzeGymMjSuF
                                                        MD5:8411E44FCF7704FE3E27E6EA5E5E884F
                                                        SHA1:72A65788F25AA17B623A00760E3E0B2900CAE33D
                                                        SHA-256:EB7952EB59E2407BAECE02483AC08EB8DDB265D7213179733378057B101A9AAC
                                                        SHA-512:C0490DD83C708F4C6650EA29B5695873EA83995BF234A2B574335FDE7C338ABA82C855FB96FB203282E1A5725EDF1D1F56F72FA19DB5A8C978779ED16ED5DFC9
                                                        Malicious:true
                                                        Preview:....e...4.>......N..G.l.]g...V.."YP..\...4....T...5.cb%&.y.m...2.eN..n...0.....}v..,<.a;..X..%.!J.N{v.E.........;.KH.&.+p...M.<./...4@K&...UG.g_..ET......Vm..u.z.f*....Lx.od<.....c1..n"er..jq..l..a..>ZR.>..V.....c~n........%K]....0.....).sL......8f.WQ.j....Y...5...O3...2..D!.A.^..x...............S..`sJ....).@..g..l.G..R...W.`I.#...P..E@.^.m..>yF3J..._..].e.m8...0>.....?...1<LBY..f..-...o...W...].g..]....k.}...U...uR.J.Sn. ....TX....OFV2..o%.~s.03y...L._....-6..........6.'Q...........r}.#.zvv.`.c.c6-.......6.Lgb.."..q..3-.m..T.:.5...=k.../..y.L9..[.`.k......l....7...=O.}...d....../.._.!a.....D...,/.7.....X.i...B4..$...%c.~.+.V..$..l^a.P........Q..c.7.....R.V>`.&..$q7...C.~.^..B...N.r.aJ.dQ.-\.R..>..W.4pQ..E.=..1........>.3. ...>....X..6.(.....;m...{....D......<...y.U.^M{..P|V.._...{.>....I.....+.$.....5..@<.VymB.........!...x)..0..}RG.j...k......,..#iEU....MlX.8.Y...%5..`..o#...(.b.Sg......F...T`s..\..&N.^0....aY/..B)e..Ywi.<....v |.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):65783
                                                        Entropy (8bit):7.996832410042551
                                                        Encrypted:true
                                                        SSDEEP:1536:6MF+APj1TqVxG716y0pY5YY43DqtV369H3ZZgnadzei3t5PgkF:Ddr1TqC716yUY5HYmtV3Ebge6idtgu
                                                        MD5:899F6E004477C14513B8893816ABBE7A
                                                        SHA1:F1525007408D431E91275D648FE7C5AE14E1030A
                                                        SHA-256:98FB962828DCC1480329E17BBE6D80AD37B8BFF03CFE3F158CBB086EBB2FF8EB
                                                        SHA-512:1995D1320DC24CE3E38E91D027FCA2BAC177E0FA484C2B785553CF85553722DD71E8E384EE00B8999BB14ECBA7F7A70F48DA98EA4785901AB6D0A57380AB1FDC
                                                        Malicious:true
                                                        Preview:3SaLt.......^.8..j.AM.#S...b..'....[g...p....p.......o;J/.*I$].._=...&.(.|.(m..R......3.II..il........#.p..Z......A.+.l..nfh....U...&.Y.t...fcc.2V.H(F......g+S...p...s1.5+.Nu..e(.@9Xj..%.C#xG..njE/.d.d....&C .-.g.L."[l..0ul.....2K..... J....v.....H.....K....!..5Q...3..e.U....U"..(.4..Q#$..s.....`...s.U.w..]..}...)Yxa...T.wo..#...Ss. ...q...G~'....fG...j.2..V.`.=...Y.E..*Pd.g....&....z.Q...d.......|.\U.4}Vh...N....o.k.cOR...e./.5.;._..E........\..2....a..A...s........8r.YI.)\..|.j..ky@.r..p2.hr......k5.q.......K....v.......x.G..8'....nKGJ.>{..V..b.c..*.1AZE..U..i...n........d..........>..........&Q4C....1.9...x%aB...b...u...'..2....;h...@M..5Z...E.....JT....dr.A.A.n.H..X..QO.....x|.C.fD.._....+v..X.%../.;...|...r.,4...x&..<./..R.Q......X...3.....>.ln6.GZQ.m..k...3..}|.k........cn..@.. .#...S.e.Ix..Rv8..........R..j._t.&|Q.....a.\......{.p.....f......{.,S..>fk?Y.d.U4M...X6a..B<..Y.....jS=..89U...R..$RK.^|....1................G_....TM5XX`...._

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\45e26519-596d-41a5-b290-e547b44111fd.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):758
                                                        Entropy (8bit):7.731976047897477
                                                        Encrypted:false
                                                        SSDEEP:12:vZ6kg8g+GdfwMNioyKqpDGhAqGs9om0IH6IzzoLT0ICvwJKf61a+6KxPlu6nW:v7g80wMNioyo2qGdAvonFEWKf6bxPlS
                                                        MD5:1E75130632792130F950E4DD97D477F7
                                                        SHA1:E1C7E915D1BDE460071B3D1FFB102B62160B9B23
                                                        SHA-256:B88856709D767BBBED73CDCFE533493B49383B14B57722039ED304C885794947
                                                        SHA-512:F926661F61BB776743178DDC348CAFDED19DBEDBCB515CC5C3C806CA9B5E8FC37327FFFA4E6819714AEEAB76A533ABABF4445865AE8542AC652E5E10799E5195
                                                        Malicious:true
                                                        Preview:.....h...^..uen..j.B[5:._f.6...R.by.....q.B4.G._Y.*.....>..f...0mD..w...<p......;.Uy.{.v.8.L.$.D..p.&N~XP...gnf..I.S..Hf.4.....c.n.k\.X:....'I..u.$....3.]..z..f......#....M'0D..M..2......^` ....BNQ.lsU.a...h..wH........F...j]N...|..`M..s.m9*.\5#..D.8.?I...6.D.Y...\t...bK.k..I...8N..$.QE..S..o.8.......^.#....~....'..J....).....5.T.v..&......n...0.>.$...:?.p...i0.O.L...Nd.[...%..0.8..pA..nv..6..Z.=m.J(....!...w.Ys....S..gi......K.e..y.....SU6.....sW....o...A...&uEX.PI.k,...5..].8.i..h.....'.u.D)..z..7.P..n../R.,..d.....4.A...=...~c.J..)......o&..'1. .[tW..Z.....Sk.CW)...)8KmH/3;.,.....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\6fc53411-ad83-4cf6-a5f6-905f0f3f52e8.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):760
                                                        Entropy (8bit):7.725712684052614
                                                        Encrypted:false
                                                        SSDEEP:12:o/ifeWORTe+ZrMtB7zVccRBgfhwKpMEot4l16Fjqog0vFAdDue7Al4f61a+6KxPQ:o/iffMK+loBehwKp3oql16Uo4Vcmf6bW
                                                        MD5:E9D6C80944855C02C8C4A144FFA76A94
                                                        SHA1:B053F1F15C96D6AD48F0968EDCEA3F8B8FEBFB22
                                                        SHA-256:3B303BC5EADD0CCE670BD874F196250094646DA1D479F77462A9D64CEE8A57E3
                                                        SHA-512:0D8C2A0000808768C64E68EB9279D510C20FB24C8BAE67255FA6A87670185A1769549979F09CF0AD7E38E36E4BC8D1EFEBCE9115FFCB6120573D601DCF5956DE
                                                        Malicious:true
                                                        Preview:..=.#......@.6..+..M....Srt-.G.c}'"n..^S.:.Z|r:........9!;..DS7..KX...a.yG.s/y.Z..<..T.p&>.|.yW......D...C......G.ry..S}..P..O.......?C...C.U%1.e.p^..>$.s..X.x.P......v...h6.g..A.s....^.R.Y..S...4<n..,.v..@.0.H...6GB..b).\g-..{j7C......,.&.U.:..;.8.g......Y,'....G..r...C?E.r.T%..&*N....aX.......[.x....1.N..n....]q...-gUG.g.Y#..k].........9r..&.8*...^*x.......8..S....[.~=o......7\.2A..<K.F.O.Rp....z.1.zu[.n..Yy....g3q...u......%.Q.....p.d...x..Q...ob.m..e..3....&sE_.Ug...t.....].f......Xc$.$.).U..$V..)......`/f..~..g.....r.7.b...#.........C.7x...._v.'y.?7@.|..+....kB.|./^.7...@...u......?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\7278f154-e8f4-4235-84c5-c5c1c6af0084.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):74436
                                                        Entropy (8bit):7.99775184481043
                                                        Encrypted:true
                                                        SSDEEP:1536:fSPdvsBggAXAdc+rc1/eE4WILQtlz63F+JouF:IqyZoc+rc1/eE6MtlzqF+ug
                                                        MD5:6DDB5B9A1BE2917F6BB855CE8F833879
                                                        SHA1:E645330A5265A6BD5C7E05B2835F9D8693315E5C
                                                        SHA-256:565C35B338C379E6C9488D7D95298F55ED7DFAA8468A2FCC6645BA60A8AFB460
                                                        SHA-512:AC713DF72A20E3E7A7E7581B58ED6DEA84655D22E51381141FB50F41EDBF3A7B07153101A696A56BC3A6A82C05879197B06AACD1DA850ECD14AE17FDF19D1EC5
                                                        Malicious:true
                                                        Preview:....o..4....N.Rn...o.|._..k..oq?..kZ..|..E...1d.7._T.....a.<"N.....,.YH:.....).DY.L .!..x..0!AK.d...mM..G.6...\.G.&}?R....K.).....=Es..]q/..."A.....;.....K!n7Ou\&.0`.hQ....H.......-.B_..wI.z.r..,..L)..P,...E.&.m.{7..0.\_R.@..T.\..C.w3......C..........vUd....6.Q.......Lm..+......../a..C.....`.2.......y.$f...6.N...........j?.........q.N.R.. M[.......l.u{.v;...1..u..$<.p.L*.G..R.....#;.i......... '.F.Ki.4.....K..Op1Q_[.M;5.K.WD.....k.&.(.f$.:.m.%V.by..&.$...........v.....l..c:.N......m..a....a...`.U...~....?`.......C.&[.*..t.E%.$....G..o`{.Ut...)..M......e.PjN.svb6.s.{Wd ."c<...,=C.A_B...t.B..G..!" .(..X.).....vC.>p!.*....gv.".......<s\....6~....c..<E..j.....r.Z..K./T. ..m..n...H.0....N.3..b..N.@.........g.N.. {.4.[.zI.Q.y6.Ss..x.7.d...A........{B=.c.S..u.k..a1....{t........p.......F.KH]...._....-.J,.f#2..o...f.g.A.......yF.~Z.fK..p.I.6....Z.u>.M.\.7.....A..00z&..d}.kUm..^.(S.4U.p..l...i...../"..yW&.F}j....q...C..2..:.p..

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):599
                                                        Entropy (8bit):7.621217048936543
                                                        Encrypted:false
                                                        SSDEEP:12:tiNgCjf+0jRKErLEyUzJ8TJzTiopsVvSz6Qhvdg4xCQeNbhGYVuvsu+kDJff61av:tifj24RKE5UzJ8TJsV6z6mG4xCPMYIvX
                                                        MD5:31BFD12DC4F09E60824703E17D55125B
                                                        SHA1:0163759FD5B3E3A80C7A5540E3A2EAE5F90E4A44
                                                        SHA-256:AE1790CD0A2BEDF258DF1A534F16C99DAF36C4FB8EE9DD65D0D109E2D773848B
                                                        SHA-512:C555176D2F20E8F1409D59C651BFB8C79943FF1A01EB547570165DB86683C4994C8A0D4A0204EFF4716B9ED4238F0AD30D311B8D1174EA7D46E35B9FE9A8EB35
                                                        Malicious:true
                                                        Preview:O..o8.o..]...^..7?...@CzFK.1!1.[....9.I...K/.W.{n.T..>.'7.5Xc...o.B\.....G....R...&O.?..#e4...t{.N..%.~&..;..}.c.z&.o..A..E.X.R&$c..l...$0&.aNY....`..n.....F!u..-..,.......b.....i.........2...P.e../.4d+..\.qYe..6.......Q.bf.7..A.c......`!H..Q...F.74._....^.7.. ........S....{...uoM..T..G..4.c.....a.R......_.Tx].,...Y....%..4z.A...&qE...g..Z.V.X. .KD...g.....2/e.p._..1.6.|o../{.[...(..-=..Z.L.... ........|Hz.....=..g.1.f....Y;..i..St....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):541
                                                        Entropy (8bit):7.635571628134239
                                                        Encrypted:false
                                                        SSDEEP:12:mlslXpEafv/Fd8WGvQGio/Qsc4f61a+6KxPlu6nW:mlmEafvhiQJfstf6bxPlS
                                                        MD5:27BEB302F9979419A59A09FA99371E37
                                                        SHA1:19CE7540C42BEAE08F9A3D708A3F297E6D2FDEF7
                                                        SHA-256:3C929DD856E6AADD73D39F649EAEEF9178DDEA56A3D27DE9A7548A02BAC76A6E
                                                        SHA-512:7EA480B3B4D83D81C4053DCDED78B7D439E80A9F19437517AD9D1ECCDC1FB867417D646442BF5E82D2EEB63723BE34C95CE944ACFBEEAA4E70B898BD1BA483F0
                                                        Malicious:true
                                                        Preview:O.*...|(..%..96.Li.p._#.5X..f.F..&..`.@.(/...../x O.....i...Q......H..=.X?..>v...I.XH..5h....q-j.O]...(s....g...cFy.p'..Oz%..K+...U..l.VSp...."..O...q.cN...v.SZ....x&....#NbS^.l...M.m.ts.Vc......MN..f4bw.p[@.t0R....y.P.........!...}1..g....X..m....!..F..s/.sk..}.Hhx..N..........'.o.^.4.....(R0..%...@.Z...p-e<"._..1.6..l..,R../.>.oSrk.R4t .../5[).......J..O].......q.b=....10..........w....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\previous.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1465
                                                        Entropy (8bit):7.881444549399648
                                                        Encrypted:false
                                                        SSDEEP:24:66jDxUcvvF8XEoQczcevIOgT+4A81nCpJIsOj0/t+NBfDFPgwyV34W76IPjf6bx4:RDITQcsTRA8hgJIT0/t4rFbyB4WWILfF
                                                        MD5:4D3CEAE6AF45062FFDFB4639AB85043C
                                                        SHA1:A24E6B5280E8DEF01CDB54BEE26299776E3529FA
                                                        SHA-256:30CF38C1AF206B8C23593400748E7727BAF8F755495053F82B38402B1583B9B4
                                                        SHA-512:384185A2DBF29464F68CBE75A17D1A7D8FF68E078AFC8791D420943C778184C91BF04725A5D7D0FF3EFDB0C0B6678AA44D90E93F32E4B7895D1BE23FF9271DCA
                                                        Malicious:true
                                                        Preview:Hn...G.1..qh7.......Q)...(..Pg.".:5..).".*QTE&/.yO..,....c..l.....iZ....9)....f..K#!.2^.YqV...F.......0....~._.aSy<.......3.F..../wBX@d.B...........[.v.>.?R.}O...&.........p...2..W"I...\.......)..fX......./zX..7........4..........M.jihs6...bx(.0).g.L.d..N-?...=9....yFwV8.....I0.....i7..Vu/..t.A......&..m,.8..D2..$H...L.s.x3.gW:C....U......*......R.....s..87...p.1...).~....;.@....u.4.....O....]..\.5...U..iY.X..)f.ge.MT..^n..Z?......rw.y!.s.`P...,q....7.2K....:..........o=.Z......:..[h..E.B.........y.e.d.!....jr7......:!......,v.\qi.8.s[.).D..>..nzF(...P...%i....?..^q,xZ_.m....v.L...q.....0.!]...k.....q.8.|H.}.h.p../..l.\.=..j.L../8...z....*.Q..(...4.a.>|...F..'.j5..cSiYh..G...8..t.^.).C.....Y.<.`.\..;.F.G.u.....fKm...7..j........!.0.n^..-V.7..|.LR.;....)m.`..4r....v.e...........>M.^.h7.6*9j....L....;...^..).he.k..{...6...p..=..gu ...o.mQ.H.......Qa.J....."...e...+.dT.[j..^..D..@....vp...|.O.h+..A.AM.......G.`.B..t...G..i"

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4684
                                                        Entropy (8bit):7.965687397864257
                                                        Encrypted:false
                                                        SSDEEP:96:ZbAX/BMJlojYVFkKIoKEewtIkiq3PqTOOQh5t6axAHDY58X1zJM7aeQ:ZkX/slojYjkLXEHjEOOro8DY58X11MuF
                                                        MD5:42EDA00684A648C29C714F659EACC9B6
                                                        SHA1:7716D7C2CAB4607477157212FC08D2F3A8D405C7
                                                        SHA-256:60262532097B6DF757BF8D50D1FE4B45DEEEBB0803DDC5920C32FC5919B45968
                                                        SHA-512:35C92DC3034B61FA83617B4B2948FF4854F6A10FE3D338B886B262897C4C376801D70EC5C829C2745E239370B1A053115A9400F2C0028B8878E99E8E3C320017
                                                        Malicious:true
                                                        Preview:......C....<..r..&.Q.Gv..T.Z.b.8.{.o.3l.c&...d..0..`.....-dz....e.....*.......9}5.|KA....Rt..'3.Ri...........;[.....S{..d..^....;dY..Y..n.j.....!...^...>..,.O:..<...92....B......a.....a.'..&C7.'.`.pN..e.8.C..+.nD.^.z*..0S$.Dn4..q....U.7..(J.b.......)bQ.d..d...C.....I....x5.g..w../.d]#.J...-....\.r#..K....z2.9R..*{.G.....;..B..p4..F...S/.....X....Y.v.k..2..$.8igI/...=.V....#a!......U..S.Bh.!k9...C.......5.[....:.....r.....L.....3...'......(A0.k....5.2..$.y.{..Rn;/<..(._...,~a........r}...t".....El..g`...M...a^.C..u....r..r..|.|.k.....ml.0.T.(#..Fcm5g..E#ky'4.qh/....FZ9.J.;+M...v.....VT..............n...\...K.a..... +V.C.2.p.f...9x......i.-...g...?T..8.xZ..:U....@F0..9.\i....[.`..]......l..b.).!....4.J..^af...V.....:...:}t.....-#../..e...S=\..gHE.....z..>xC...HU ......P.d.q@..!b.P...5.kyC..E..}..7Fh..,.h........I....kP0.=.N9]f.*.;.g..=`.._s.Z.H....!4.^....s>..!DF..K...&s..%......2....]g.....p......[.;....&/.f..79x....i..m.+....!..J.W.h..|*

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore.jsonlz4.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1466
                                                        Entropy (8bit):7.84378350946376
                                                        Encrypted:false
                                                        SSDEEP:24:ZEOFlc5B1gg7uBOOK/nIAWWPlIA9hUUVG3P57VJtU0Df4jhr1uZ5HFYYaTmQGUNo:D2BCgaVKcWPlZhUU6P5Lf4Z6HyZxyoB+
                                                        MD5:884449C421367440CADAE36E41B5083E
                                                        SHA1:3980909C767B63B880E0576EDCF81BC5077E9A4E
                                                        SHA-256:B2579FE179E360E7E4F637A6ACA3B5EB0935279C140B477306601466497128FC
                                                        SHA-512:DD74B0FD2D74B392D63713C5E43625D3EA4DF032A726FE61E7BF4268683340C68916987AB6017D57BE76E45A7C3A94DEFF826AA681B678D606369118D6159220
                                                        Malicious:true
                                                        Preview:Fg~..wYr..N-.nad.\..sPZ:,....5.K.$........* ....t3.`.D. l..IZ....~,.d=.:s..yab.v>..?../.9..5#..,..).}.%u.)....K).>..P..w...Z.>..}...F...#2tk..`OG.=.X+......;..|..*.+.G........h.N...g$.x......*!=.l<..2.N...5hU.0.i?.-z........eC8.yiqm..D7.N...w3...1..gr.#.td$.O.'..+2../@,3$.VI.....S.0.."3n..)."...O.....a7.@!..{.vj.&.1..v..?._...;..I....F.6-.+.k........A=h|...-g.w.M`..*..,-.2.O..[.-9.V...j.........@.fD..t........b..@..z......gn/01...H_,.w..c~f5.........>.n.!u,.3....$;O....K...K.l...-...k...x..9.:.f.ri...q..W.4x...N..sD'.....h....@..z...c.E....vZ.5.I.n....H ~..I......kb.....VJ.>..........Px.."2.....Q1.4..........b..Z...s8..;./q/|.....U...5w.....8..q..3.|.;...=..kC#.a././......Z.!..t.w..9.=.2.Tk..".....j.5)......Y.>Q3.`.w.u.#.....2..<.g..?....-{.o8d<.T.U..F<zak.].:.C......A[.1.Q./.J........x~..L.T....Z.}G.q'..`2=9...\v9."...3..:...!O.Sw.#,.K...:s..o.5..gF.pF...R.....+....u..gD.Kb.@.....c. ^%..g<2r.uK.?.d...f+8*Y:.\.v.s........pb..g;W]Ge.b}olPm..@.D

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\shield-preference-experiments.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):286
                                                        Entropy (8bit):7.289825576160298
                                                        Encrypted:false
                                                        SSDEEP:6:0X02fEZlWJk/tu6qLzyrbOyd90hrOZSCf61aBDE6txWw+DdP9l49aUSnW:b28ZkJk/tu6qYbvd9qaQCf61a+6KxPlS
                                                        MD5:8C7EE9E40FB3555E36C401E97E58B28E
                                                        SHA1:D3097EA460A389578FAAE073EC77D41293CC567B
                                                        SHA-256:B7356A4744EA137284D9FCA0161F6319E4B8A7A296E1784E104BC1FFCE5C808B
                                                        SHA-512:3980BC1964B284A0AFF1D9543B69F5F695B2325C726E2A6A4160EE95EF499422841B80FDE07BF04641CB02666DBE19BEFDDE5FF45A2B211ACF17E4B8A8E53297
                                                        Malicious:true
                                                        Preview:......<.l1..>.$.1...&yE...g..Z.W..._.M!"|...C.H.#.{....8..7.;..q.`/f..~..g.....r=EBL..&=..O...pM...c...\...F...........L.tJ..a....)...+.........?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4340
                                                        Entropy (8bit):7.956863923850365
                                                        Encrypted:false
                                                        SSDEEP:96:nJlsmZtfQFj0vgTS3nyLz8Nwp8xqFtQ2vj9UmL3aGaFDTWfpdw9htxceQ:0mZVQFji38z8qpLtjhUmraBaUXcF
                                                        MD5:23CD44C97954A77EF9E2D8C28FDB87DC
                                                        SHA1:8F555E51C112FCFE08563DDF09FBC5F6578AF742
                                                        SHA-256:E4788DDD627EDF9015438E846A4BFCE2A2623FC9DFA92EE39DA4BAB68B65EE43
                                                        SHA-512:BCD17A041B5DC75AA546608B0544D368E8FF0A094A02EA133FD81BFEC8D4E813631C5E4C7BEE783386AFAE74DC414B89A0721715043FE47861AA3DDDFDF336DE
                                                        Malicious:true
                                                        Preview:{..sk.>...z....$...b..7.o..:#`....F...WD.O'A[V.s.N.]ywm...T/......^.......9.~s./..I.....u/_..!s.`...M....8e.5.%..Z.....b&...."....3..].>.+.M{].a..E..x..!..3!.(.~.[.N.;...<[V.../...+.".....V....Iv.E...9.h.D9m.1.mzXoP1..k'......T..K....\].|../. .~|.'..K..(..K.q^.*.....n...?1~R >.....^Y......N._l.%..r{Q..+5.F.9..Y..1.-.).#........G....Bx?r........J.K_..~.GIx.~JjLL..P*P..<.&Bf.=.z.....d.Q@T....Q..:.}U.m.u$.... tv...m...............^/|...t..q..M.Eh.b...oe.=$....%.K....#\._s.....,ka..,....<.V.h.JR?..h..q.z.8.~...3.ck$;Q0M.....:F:fa...kf49-(x.7.y..2.OW.....?.h._._.TK...{.=Beb.E....LN..cH2...2.H4+...9j.(..=.-...;.Z.3E..eYYix/..S..h.l.d~{......(....9...qZ.Q.f.}....T....\8....wZJ<....Q..A.M.... ...,......?|. ..rv::S.a~5|%..y.uB....4.-....Q.$..8]...#..Y`...Z....+..~.V..c=l6$..h..R{.M......Kj....!F.8[6.9.@....k....<...9.T.!..^...+Y......j.7....\.Y.!{...a.1..c....X]Q...N...Y}*.FE&........D.n..u..p...V.F[Sb..k.0...w...kx.....+.[zICV....d.z...}x.k.-.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):131320
                                                        Entropy (8bit):7.998702501720811
                                                        Encrypted:true
                                                        SSDEEP:3072:x71CqWawBnM9Gpx9MKSbQu0tRxIzbqLjNmLE9ykPoZIzslz5:x71VcsGds0ltcqFmLkPoizslz5
                                                        MD5:2086CDFB546F2C0FD695CB8F193EAF7C
                                                        SHA1:7172C17732FC9B8573DA7A30C06BE7900DDFF738
                                                        SHA-256:58A924942B42F11171767FBB3026C8170E713F06F477E21622400389F7230CEC
                                                        SHA-512:F011C6BD18CFA32C2D2B6D04D8A80B0EDDCE7C621BEB3BE1993F48087B0F5DB547D10708B821F0EAD34378DDBD227920B7F63B39D18D0BDF33A9A12201262F76
                                                        Malicious:true
                                                        Preview:+Z..a*f..^..=.s.Yb.,.../...f...H:zB...;ZT}.........Ihc.K..'.X..."S./_~cE6.kD....{....>.[)V..e...=....`...+\?...;.ho.Xt.5.NJ.......[.x../.<.]..l..`=.rx.k..!.<.....8..5...B9ETf."..8...!..w.A....K].....ow&.......R...=......]....?..P;I.....]k$>...r1..:..4ixN......)....rG.........S..].,......ou/3..s.T#]<.;.9.g"7...q.k..(..C/.f...|....8V..ov.Q;...)...@"........aV[..H...X.J.Tg+...pU........y.I.A...9.`@.fz..n...u....m..k.....$...'#.@...g2<*.FS2..$~.......4.......F.....Mt.n-...W`a$pg....07.l&.rC<P......./R.;...x_....o4rf..."..;...+}...y.'.O..eq....(.A9;^:.....qN1.8xgN..'SPf..ag......DK.....q....rn......."...Q..`.R..K..(.>..|./?....70..L.L.Yh..L.\AK.0..x...d.n...{Q.4)}'......$.?T..`5.....m"...{.N..c....>.i..1Q...Q......^..t.....Mr..v...........t..[..?M.....c...>..]g....HV.`..S.r.......l.._.-...O._G+c!%..Zz...}.=..~......-nw..u...(..$)7_....Zn.8;...B..$..mx/.w.{...W|...*.[..a...........0..".7..{.B.......7..I..N.:....L.5<.B...Z..`}P..t.I..

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\.metadata-v2.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):275
                                                        Entropy (8bit):7.254839399203097
                                                        Encrypted:false
                                                        SSDEEP:6:ZCnNVO6omtBXzu9/apJxQCeqeQf61aBDE6txWw+DdP9l49aUSnW:ZCnW6oUsKeqRf61a+6KxPlu6nW
                                                        MD5:0AE4E7922547F63AEA0DCD2C1E5FB5D7
                                                        SHA1:72EF67C56FBF4F7B7ADF3A9E38D134EC3D6C1CFE
                                                        SHA-256:3BF6781B2FF5EE23EF9CFA9A40147406AD5B047A1502E7596D19F3EE637ABED1
                                                        SHA-512:02BC396BAA28AEBE1F57BD274DB842434E5F2E796BCD7B36BD0ADF71A0333F697A6DDF7C9A65F016D25544125F3881E9945EF15B29177E05AC8149E7F88F0200
                                                        Malicious:true
                                                        Preview:...V...D.._)...i6is...S.....@......u...&uE...g.*........\)[...n.0..../e."._...m.j&..L......p..;/.?......X.#....8]r..E....[..2@..,...ji....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33050
                                                        Entropy (8bit):7.994338205164709
                                                        Encrypted:true
                                                        SSDEEP:384:zXTMjcLpvBevocs8RRn4S2XXWivavyg7E/WEkVB9VHambdjwK+CotvsLvII8dPW6:sjcFZARl2XmAat7E+6Ub+CwZNr5oBYF
                                                        MD5:EDFD170AD422C4C772E96160FB2218E5
                                                        SHA1:AD1FF207386A5054B1750947D163B311124EB283
                                                        SHA-256:4C2C1C306AC58F6FFEE54F57B37E18A69F21EA0F328DAC170857E862819FC582
                                                        SHA-512:924AC20B0AE684228C7B97725A3806A4021369AFB19C774DFC130C3129565172F7ED924F68250CE86EA35E1D00B6BADD85D2E408FC7426DCEED1FA81FF55464F
                                                        Malicious:true
                                                        Preview:..Y...?.....]..i.T>..jL..NI.........U...(8......S(p..PE..{M...@15..'...r.<.}jl.,U...,P=.e....q?..z..D...-.}.[*....6..3s...n.4.Tk..~\.9.sg..L...?........|\.uC./..r....c.l.r.L..~{m..6..4.P.9..........D..R.......M..K......I.9.f5.....q..&.WP..SC.+K-VmM)lY...2m.6.K. ....z..enB.t......=.E........U.4...v......,x....a..v-........ga..HZ;.x......|.Q>rm.9T..O..,..:a....Ix^^.....I....\6.>4..C.wF..u.....#.J}V.0?.1Q....K..Ab(#....E!8..nM.f.....]....l ...b.g..F.+wr...j.(._.....4...Z.4.3A........,q.....>GS.^0.I7s.x.pV...........j.`..g.....bB......\c...I~....A..V.A."....D...X.0..JB_.l..)...z.....M.p...G(J......E.3n.Y.,.;!>K........@3...g..8....TPc..NU.-.6X...O. j.....Z.%.K.......M|.....|.....s.|.{..............Kx.....lr..}...o>.7LJns(.VY[..+....;.Y#..Z_.f.x..Zn..W.w.D.Y....w..e...D...t....3*g........z..K|&....Y.K.X.... B.....Q4C&jr.~m.P.......7.lT.+.Q#........b.]ri..U5k...!&R...1.B...,(W....KR.*.4..=.qW..x|5.#......up.$.r0v..,szs(..u...7.........[.V.T....b

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):49429
                                                        Entropy (8bit):7.99621515681164
                                                        Encrypted:true
                                                        SSDEEP:768:+an0RzoRuq8vl9dTyKs9+uIuoNHzUTQxuF1NIttTZn9fNWFXvuxBeJvaFFV6F7DV:+tq8Zs9+gTSuF8tRYxv7wFFV6B+4F
                                                        MD5:8C51D12DEE1A05B5A54A6FEB2AA8C062
                                                        SHA1:0B942E92602303C8D4481E118B20D58701D528C0
                                                        SHA-256:C173795FB94EF39C10ADAB0C42AD1D2009008C926A828CB1EBBF8ECBE76DCE21
                                                        SHA-512:70AE2C6890D2588F957C12491EDF2216ABC7F05DECC939D6958D50144D213319EE5F843436A0A769F4A8C331CFCE36F1CA16AA63DD84A7250609618F955BBA8E
                                                        Malicious:true
                                                        Preview:.F...p1...x.c...GR.]..!.BG....j9Mi..IU.....5.=.n......;Q....X......../...lc...\D....)N...W......}...-..}.#Wu2S.G\V.....s.TD:...t.w....(r'..........3HL..L9.z..=b...F>.&.2a........xO3.A.t.......%l..A......n... S.....H;d..7.+3W.W.....f.QB...k......4BK.C..vC...T.H...k.i.z....E.<.(O.K......C..l......}y]<..B.-.......@.?..<k...B.~.L((.L.`......a...q....~....L.............:.h.@(...p...t.*'.#......f.\L....l...&.@.Y*.IGC.b</./q....... N:.u....7.l..(.7......R4J....j.M.{....A..FU..WT...4:<..l...E.....l..6.<.2.m8&.]%{X....W....Os@O..-x..x.V...*.T?..$6M.H~x._..x,..?....'..g1....XI.t.i_A....../.. ..ja19....s....p.c;K7....:U..t.iR..Q.o}.."..../..I..:.......h....y....g5.....5.....I&......7UhP..9Q..o..c..b.'.%.5.B_T..!GPa..iA.4F.v...%z/.x...8.m..Oh.B5pED.y......]..(.....u..=W..lN.+.J.-!............m....Y...jc.=.e.........\_...p..l....@k..r.c.L...edU....`.......eU8.......|.dB.#w.Hw..I].1....:%.(...~...n..p...Me.'..Y...VU.b..?..26..kpr.R.:R..=o..H.~'>...N.w..`

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33042
                                                        Entropy (8bit):7.9948907662854864
                                                        Encrypted:true
                                                        SSDEEP:768:0Udo/r9xfC7vbJAsU4/JfT3ZJ6gYheDFk9Yg3dRF:0UKRxyviQZlIgYhHl3dRF
                                                        MD5:AF78FD2C05A5239F38DC6A73D40C1AC5
                                                        SHA1:FCB1F0FCCFD6C71A3C5A55F18EB7A1FB81368EE6
                                                        SHA-256:71370DE5C80472D0C661109FEF4700CFF6F3E1E075628CC9915BC51B1D778827
                                                        SHA-512:885D33A174A74B359F66B599FAFCF1699CD052927366002916DCC50FFD028553D40961669EFF643A2962E5F482F9BACEA87C267AFB5C459714F044D815F0A8B1
                                                        Malicious:true
                                                        Preview:.I.9.....U..."...Zc.....P.;y..Sl...q..`B....*..={H..)...cO..!..=.G&....../..h4y...y9....r$..e..\X.b.L..L..'.).0C.N...._<.S.g%b.)..Z..7...8Y.k.Zxgv..'..B.\........*)....cZ..(%*y.F.a.<E...g.}@.*......x..y......>!..bq=P(....0...*W...%..C.+.p=.............!..s.u.o.p.D.Kn..O..W.............@].; ............a.......0/...6>...W...$.. ..fJ\(.g/..5.i..`.uX...~..iB.........16.#....w.......5="S.>..2.=@..t.Wn.P6#.d..V.6..#eF...^.ce...Ck.O......0.o.....H.E.. .k........*..=d.X.F.......U....y.G.hx.......#M....QH..[.Ix.@..x. .Z.P.......h.ka.'yZ|....\=..2...d...mC97.)#~.. Q.....7..=.._R.X{HM...:.9.4<2.....J.P..,U.[_.@..]6.......1...3.7`.:^b...;...I.|S.0^.%_M..../..9u...&..$.8VrS-.....{yC.oO..f..e..qV...h.UHU...!.._F.X.^..I.....oJhL...........~...........#...c..`?.V......T..C[a..8.NC'.=.@.Bpm......(v!....z.2..[..\......k.......M....M.g.T..O'.{.T...._.|.D.jZQV.c.e.Y'.BQx..g"F.a..q..s.t..G...;...M.M.cT...YB.X#....l6......!....yH......~....B..R..Z.n..g

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):49421
                                                        Entropy (8bit):7.996437631072737
                                                        Encrypted:true
                                                        SSDEEP:768:LyWNZaizYarKKMcLrMLq18wrpaLiOv0waPtoBkk5rMku0FQzN/GSRloYC81vatMT:OxVa+aLYLqdNyOlohj3qFRRpQ6F
                                                        MD5:736311B7DDBD652D5D949BA390850AAA
                                                        SHA1:48230E2838652344BAF922CCA6BA107263768B91
                                                        SHA-256:D72AB5F924AE67ADE38AE53A9C2F0017ACF3ED16FB729D7A41689D4EFFBCBA2E
                                                        SHA-512:954536192346F5E47BD448D54BECA25083FEBA27B47497CE8AAC0CCFBA4243F7B51BB6A2ED37EA70FFA98351E46DE71778877F90329449C0CE4D8870BB855F97
                                                        Malicious:true
                                                        Preview:.F^.m..a.bDL`.}...2..Vh...%......".g.".,.q.@;@\...b.x.'......u_.k.q.v3....r.A..9XZ5?..k...r.H.....xX..,.k.c.K.G..Y.....$...<n..;.1...:c:...2H.)..D?.G-..y..p.'N..r..E..y3J..~..Wr..n|C.B._... . 9;....~*.;2.b.rBQ....RG.{...n.G.Y.....g_..75.f..T.......4..._Ge..o.I..{.....E.`a.l^..L^6...<V.M..kuw...eej.`+...qcA.[...1...9Wh0H.....|.......a=.....=O..I.y....>.bIEw.O.O.gD........6......uJX......J...>...Ht9..m.../m#.F....gs......\..IM.X..Q..:A....O.[..:.s....Y.}Ei.4..e.\".4...tq.....6l..h.H.?S..H...=..*.J|p..i....G._<.y..M..P.^......:...#..O....iX..F<t{....K.:3.#..E..fp.._...../.=eT....n..A.F`.;...t\.T.....4<...j.@..s...X.G.A.....1r~(.?/K....W.....*.... .}3...y.~.....N.K*).!cx.F..d_+..jN.+R7wW.k..sx8.(K.V.J....&B..#.M..h[^?,k...A;.^....a.U...y..s.%..8./}Q{...."..f.M(CY..:.%.L.^.|......z..%X..(En..6. K...T.Ld.z..m...\E..V...J8..c..tJq.\.'M..6.............]z.}.6^#g.>........ut.mA..*._3._{u.v.7".....Q....k..=.51...s.?../9T.+n.....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33046
                                                        Entropy (8bit):7.994918780930422
                                                        Encrypted:true
                                                        SSDEEP:768:9p1RHoin8X2+O+HmxmH9mkTjT8VXvotpeI09bzbF:9HRHf8GFoH9LeXBI4bzbF
                                                        MD5:B2FC00D93A670EC7AC04F1B790ED64C8
                                                        SHA1:52A08EC9DED896EA7B83624931AF2F2865339E6B
                                                        SHA-256:115AF7B0A94A633FAC5A15799A2AABF2797401D464C98BB404B39B56375B479C
                                                        SHA-512:C4A6067603F3B6D56F463B5A2492F44FDF449A45DF8491B76476C27DF0AE67255A5D901612421146F4EA15FD9A655D774050B8E62BF5B7A1B4D14CBA1A9307C2
                                                        Malicious:true
                                                        Preview:"G..x...D.CqiS8....~..b.p..,)[..f.w. (..sq..*._..2..k.v.J..,...s....-.T{M.|.tB\.'.....S.*3...i.[..,([g.{M...-......x.g...Qv...t=."0?'H..'U.oW,..*N...\..eVI.S......HG?..w.'Tpzj. .g...O."q..S}.rO....9...@.....=[....P.V.+...._.0...4.5`%.\...,.0..n.Y.....qCq.8^\.@.>H.jKy..}....v.|.%[.._..'....u..(.#.....z1.d..H......E....r?[..a...4?.7..6$...`..y.7.`.E.E...:........V.td..dt&.SJtom.2.W:.js\..q\...2P..y.'/Z........q.......<.e...L.R...Q../Btf..... ..{l.R....q...t}...g...O.cd.rF.$.pS..'..=.._.Z.I...1X...s.....).....Z......flx.. W....h@.......O..O8}<.r%dB"E1.............).=&Y;..a.m...dz... GN.*u..a....;w.R..h6........7`^./.-:$\_-..I.....gM.]...}\.~Uo.....X........5./X..w?.5..N....?...J...NH.O}|X.&....Z.....$.2.@.(.*.......c..:.QBDy.N....c.+..U.a.. ..{$.(iE.G..d..#Q...>]...U>&;...Af...~B.*.S.....f.{}"z...n(.+....P...q...x..Auk..F2K.t9...^@.....S...~...EH..=....ai.Y.y...=......+j...)..?.[k$..X...Y..2Y*U...H.%|.^.,.....SSh.5Nh.....I>~z......

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):49426
                                                        Entropy (8bit):7.995834214689837
                                                        Encrypted:true
                                                        SSDEEP:768:Y92KLBBPV3jG8oCS+qhYoi7Na+Q8wrvSmb+9wBKxdVFsqOcm5K188+F:Y3bPNS+Roqvwm+UwBKxFsqfSvF
                                                        MD5:AF773A6643424C0DE5D49B5742150B19
                                                        SHA1:1FA226994C255E8C4ACB6867FB2B338272207148
                                                        SHA-256:F54CCE92AF91A28A9AB24F4B112DFAB41773A84E7A9A2F3EB04828BDF38ECC7D
                                                        SHA-512:63C7EEABC531BCB5B0AB2B118703F572746780203624761093756B80BCA85F79BBCE13B23DC2B705E9D133FEC09B7A0E13BED85AB5D061DAA5117FDDE008250F
                                                        Malicious:true
                                                        Preview:......e~..iD........... .2;p.....c.. m..... ...J..x...t..q.'.~...........9.I.v..G1..K.o.S......T.e.d...04V|R.Z.mO.M.p...-C..Q..H.l. n...Gw..[i..<...o....9.S.Y....)Kn.`.[.....V.r....vY|z#2.Am......;....y.-g,..F7V.*...S<....R....\+P...;E.SI.....o...k0....}..#.m)d..r..Z...y.:..D..\......$.o.-s~2..#UG..h.~YC".t.3..}}o..:|.....~^....*o.c.E7y..y.A..uE.IW.O.Uz...|.bt.Q..X....n..z.R..v{(....O.q{...../.@.......u...DM..d(e...seM.6../L...9k8...H..S%>!.@.0......-.....X..H...?f....|...KD.E...F|.-..T.#."/.`..-.\.n.-O32......y.j.....?........[.Pf...}Y......M...c..\(. ....8_\.J...yv.. H.......p..6.4..a.7..mZ.?`.=...Q.:."._.....B...mP...(r:P....pA."..^.%N.,......?..B.V....F.gg.g.85...|.p?.A..q`.JL....Z\a.T....KA;.+4k!:M...b.K_A.G..._..z...,.b.....@".....[....0$r#..L.....r.;M9Q"dj...;....H.....loB.QD.;.....m..~....;XR......C.E<.<...."Rh...P+}..........njw.>..pG.H.T.8..RE&.._Dt.0)..j.,.tx...5.....1fL~Q...b.C....Y...........#.^.M..\...]...=p.Tb.H.P.)

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33033
                                                        Entropy (8bit):7.9948173138477445
                                                        Encrypted:true
                                                        SSDEEP:768:WokUpBh5neRX0khhgcb8vTD2rqHTTsNZFW8HH52dgFF:Wuh1Ufhb8vTa6TTkFW8n52dgFF
                                                        MD5:88EEF12C9DF4BF9FADA4DB16E0AE8646
                                                        SHA1:C1E641FFF5B3FD16AC37C111596704B6B246F37E
                                                        SHA-256:9C83F768AEA6CB6AE52CD059C692C7E48CF46AA6B3918B8E915D40DB567EB02E
                                                        SHA-512:B538816095BC707153218EF2E5C36F259ED81D990BC74281CB304E5BDC080D7BFB9B560F39D9F4362D58AF04B3A8CB777D6944BC243A5BD0ACB74EBD144706C2
                                                        Malicious:true
                                                        Preview:.t.T...%..0....P...rGx...\..........?Z.D.`t......'7.3+1T.v.O?M...c......._..,.....9.E.(......c..l.X.....+...nv>l$.:&..s.Ux.*.S[e.$NS..P..j.Dk.-.{{C..u.X..5.{d..gU..f......C.O..[.....t...X.G8....A?s.O...0....i^?...m.SF..g..s....lg....d. ........q........v...]....Q-...xB.f.}C4......Zao.'.:b.j^...>h.g3.....r.i..^.Q..l...)..N..3v+>|c7`.e.,.\..L........N(.n..F....p...G...<.E........)N.91.=.=...C.......D.s.,..o{\................-7........d|.4..../..c#..S6n... ....O.. .S...m..-...t.,....Y/...!C._:..;.[...;..b...]....,Pw|*s..5pE4.u.=..1....C..JE..e.?p.8lj;}k..R..0+r.+j...3G....Uo..g.k.p>.T.8c.*uB.@..:-..Gf.D...$.^5......(0..gQ..d....XN........ ........$0..P.K..%......k......|.uk.rY....NQ.h.......z....Bj..|.t..8.5.~....6...v.....7.7.HB...D.clZ.......L.,...Y..".bp.s..H.....8!M.j.Y...4/R_x.j....2......%*A...rJin.k ..+i.B.`;/>.e.0.y....S.X.|.....i.z%...1......Zfl....../zV...z5CQ..]kH.q...A...atTu..`\.eE..,.<...X..G..OtJ..C9....8.X/....|...)..

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):49412
                                                        Entropy (8bit):7.996103108963834
                                                        Encrypted:true
                                                        SSDEEP:1536:+4qonNpSe+5C5Yo50A03HwyYo+uOddTQ0F:+RonTPx5mXwyYO+
                                                        MD5:BEF2712BE8B9B7DC3F0781063B360F42
                                                        SHA1:987CF8B581009BE44C3F8587BEB54ED99DE7E6DF
                                                        SHA-256:7F4927A33F7FE21C887456BD052008847C74C0A3429D6EDAEF4A3FC82FC52B1C
                                                        SHA-512:5B2EEFA3D797E854CB7FCA164EE78629E61746B8E99308E6BB48C2D49C5A255804295B4ED4B5BE8BBECE6B8757836062F45F933FF4A64E5B02E512755D6ADD07
                                                        Malicious:true
                                                        Preview:)xprw..0..v..........X..!T.....M...q....I..\."a.>./%.g.>x.7.y8.z..X+....Xe...[w*...,.x.....~T.....Xf8..#\....fb..a.h3..V.wf.d..D.!..........&.8y!..&\@+o....'md...).G...bW...I?.Z..$.J.....^..8....t..:La..J|.r.;.c..G...m..%8.4u.........}...&~..f'.g<..8.m0....(...W.../...-Y+......3.....g).5..e}.h..R.7.Juru..7.....Y.v...S..f\.(f....;R....1...y...T..!.|;C{...........5I..^.;.%#*t.._*...Y.....p.`C.....{{._..K......kzr..c..c5M.D..0O..T..H.n.K....M!.s=.T.u..F.p..%..^.%..._.|..\=..1\G5.6.2..f..'S....)..a.y.b.Q.7..8...N.DSc..?.K1...m.....C.....+V.|...5.u....(.-<....X....k...r..._..-[R.#{z....i.Zs..J.}|....f..S/..E.Z.WpdU..?+._. d.1....[=^...pt|V.o......`&..p..X-%.....P....u.*....G%.VBC..D.Y....F..l.....Gp.|O..D.....q....z!.....f.K..l.....2RrSL....Zu.~...%..|F....n.8l@...`..e..:d...>e..B%(..#.1....}t]$O.H...R}.2.[$@../...........w.........I..8[S.*(..".......V.QSr._...v.rJ.v.....:+...Z.b.I....#V/8...T..@....,..\i.T....eU.I.[..CD......mI..n..t5d.0FW.pX.S...$..].

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33029
                                                        Entropy (8bit):7.994680382856916
                                                        Encrypted:true
                                                        SSDEEP:768:D/0J9QeLcSmu8AzQtlVmnzz7uFc/P0q34IXUyhmF:D/0jPL3B4VmX2s0eBhmF
                                                        MD5:D9A0A6C31E1AF03FA9208914D6B199CA
                                                        SHA1:B90254B399591E972EE339AE9A1B30D3A771F3B9
                                                        SHA-256:D19A581960BB241E4FEFDEF018BAEC579798AE8F0B9F9F5CD5A6300744CA45FA
                                                        SHA-512:2E35655E2317AECF91BE2388AFC0F0B329ADBAE525ED577ABDD9D0571FDB0ACA35A0DD41217ECCA70498992CB7D3A692D58D78167AACE96C1F08003B8F44B4D2
                                                        Malicious:true
                                                        Preview:4.F..[,.~S/....A.\..~.$.J..=..fB....^l.C.l.oh...btu.u..\...=.^0._.I...g!...{.p.:V5....d.........><.......B.......q......v.?.N...3..^G>..Ye.....{.....X....e....1..h..d6..I.....t...+.ud..T.cC_..T/`L........B..L{H2p....... .>)O....-._?a....._...jp......;E...%..s..fh..T.E...G...F....v....uV...E.w..R..bI.....e.....>.L.e.M......_...SW..}....m....P<P./.I.%..$....'.e.n.!..E...vA/.'x.v......,....!(......8.A$t....1N..FR.vxAH.S.E.8.J...->....HIYK..e......B..hY2.$a9.>Wo.UY8(..........d.+..j...@...^...k.y..+..sE.../...X..r..5.O.(..V..{2g.k..6`.c\......:K.........?j........X9..$..VP..F.{j...%.a8..x...%.*..V.....;..].>.c..:...y...>C..8.|13...y....x.J4]R..6..`.(..Z.*..7.l<P..\X....7x).ZJ...V7.G........9f...{.#p...H.....J....I..t..&Lf..A,z.....,..nZ2...W.....q.I.....g...yB..h...2..T/.0.`3...+.1qO...W%l..|.....fh.}..I....p...!.7..C.-.C...-A.2...M...z.X..<...$?.....v.........F.7.4g..k..L.<.h.!..\..S....[...d...;.^......O.....+...,.I.....si..........1...

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):49408
                                                        Entropy (8bit):7.9965335281105085
                                                        Encrypted:true
                                                        SSDEEP:1536:13LqxNYHRqOCVpQTmTXJmAiGonQ1FoWf221Aq7FF:13LKQRqOciTmrHZf221Aq7L
                                                        MD5:24BA5D758FB7B0EB3ACD3FA357FE158E
                                                        SHA1:B7FA09480C8AE9C4043D411EE0B11991B8FAA9FC
                                                        SHA-256:5093100A6D851FD3546002E4074D2223A902150DAC48C4ED4967D28D5EB4C614
                                                        SHA-512:D2B76A8233CE04ECFF5B9EBD40BD077601155EBD6E8304632423B2794B519D2063912DACC3333E29CAEEF7881CDCF1F6A060F765CEB40296C88987EF3635CD1A
                                                        Malicious:true
                                                        Preview:...._.x.a...B.n..j..?.l"....G.@.....a.H.......eT[i.t...z6n.....G.=h..._L..4;.P........:..v-1X.MB.d.$.......nX.Ra;.{....G...R..;....?.......X_.;l6......C..H..$....\....P...VL..h....+$......w.*..<.I...363Ruby...I.....q......?AB..=.....w..N;..D./..//.....$..*;N..:.......`.....q,J\..-..iY=.)......l......v;.bsd3..g[<..#....N.i.....yv..<......|.....*qaZ.Q....89.. ...;....^_..o-=..jM.{.........}mI......Y..j.~F.=.&...:u ".*i.K...X.........op(E.>.<.>ov.)..!1...~^.Z..X_.|.....c.....9.....".My...SwC=.e.{._.......4J..P..P./.X.:..ON.w.....aF.1.I..Xs.;..bN.I|....nI..Zb.....*.b...-i..J...Z.q.*c..E.~....5u..j0!.7p.....g...c.............=.k.-...)r.X.`......#...]{G9....I...'.2..(D..9....}..l?...P.T@.0f..w....A..?.:..9....@~.I.}6xvAGG&{.+...Sc.I.......H#=6..|....%G=.|...x...O..LBR.x-.9..])@.<....Q.QR..MU......u.,.M.4.P........:?........o...G...?..-.....+.f..Z...o]P.:.......I.....}1.p#....a..|...Z......wB...8..]X........X,t.N.. ....],W^..H.[^.}.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33042
                                                        Entropy (8bit):7.994280480091762
                                                        Encrypted:true
                                                        SSDEEP:768:CxeXURiO/002m7CoCrBdGkqNzUnKdV71TKw/0F19smhF:oeXURMNpZrDk1UKdn/sF1xhF
                                                        MD5:2FE27C3F39399B7A92A8B249BBC8352C
                                                        SHA1:2D9D11BBB1091494C5D55A347368FCCCC7EAC9F3
                                                        SHA-256:EE40DB81ACE272DF97E77612DCF92E270F5F35C4EEF7CCB92620998BE877EBCC
                                                        SHA-512:076B54E6A36441BA0DB7624F48A08B8B37A3D33AEC76C194DD746F988A450CDB58AAC6E31A586BFE65A897D929B184EDA92C0077B3EFD8ACA2D8BEE9F405FBEC
                                                        Malicious:true
                                                        Preview:t7B...!.G|6u...G...`g)...TrV...Rv..p.u..u0.]..M.........`+.^9.......P.`..1e..K.^.6....V.]?]*|......M(..k.q....#.g.].X..DB.F.q{...*^...N.....qo.r:.....rE..p.n-...<.........;*N.N.`..{.*..pQ@d.k.\.+.L. ...u....p.1.`... .8q.......`..{......B}..|r..W....B.7(...b.Mo......k.W.......X..(jO-@.......T3...p Q..p...2...K!.S....W.F.V........!...\...-h.@:d...$.u...gX....p..r....8.c../..1.R9.F,.w.._.!.`....n.@.W.r)e.....V.....,...?i8...i..?..........cn.....&.0nJ...R5y.-....Q5X........^.%...,.fE.o.FWt....Y.&..f.................q\X....4.DaA+....d..0....<.I.\...s.T.u.(lw.8.5..f..*....\m.!.[.8E.....AZ...//Q..5...A.+....;.?.A...Tz.[..'S.L.;....eY./......>....M.I.X.."0A.L.<...\:U2..u..k...n..Q.'...@....W^...?.....E.....t.`..D8..c_...M)=A..$...... .....A..m....KI..9+...>~1uA:.M-a....J>...P...... i...;..u.{l.."..[....N@.............:...@.W.....,T.B.....,..2.-s.i.e2..f..SUH._B../..r...Se.z.1c.c.^.?a.+Z..r&..T..6.2.....4DWF.xh/....h.N6....El.o.F.G.g.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):581901
                                                        Entropy (8bit):7.791383932014087
                                                        Encrypted:false
                                                        SSDEEP:12288:ocSbp/+dGe3p9ay/G5ZYH8yT4m9pacVLluXwK8NQJ:Qbp/+dG+p9kYH8a4kwgBQJ
                                                        MD5:67199F36E8E06B17A9AB1ABC6C21CAFE
                                                        SHA1:B9794F0D842993F715A56705219A38821919E243
                                                        SHA-256:0005556BDDE1F546364A1AB12AE0B0A33A4CB56388E2D5AA903FC571DB37BB61
                                                        SHA-512:2B30BD7815B5484BF1009FBCBAAAAB731DE97FB22594BFD67919D7F6F0F268AB048B50FADEC25C5015A133A9CBABEC093D8E7D55D400615B2B647E1F04BCECCC
                                                        Malicious:true
                                                        Preview:d.K..$f...}... .+Zi......\].....f.........#..Ac..l*.$.|}........G......Ve..tQ.?....P..cvd.*...%.Z.zV..B.. .A..0.&.?.k..........;-..T..e.r.M..)..#[.`.*9...4...d2'...F.(P..G..3*.E.....L%.t.....+(.....H!...g..D.G..K.....l3V...t.i.......khtn.....6....|.H....rl|..ONT..QI=....m.]..@.....'i&..'..]h...'3.?..m...%..E.dh%*....~......>....m....`?..uu.ri........6.[.TL...F.!t.R.t.[..m./.(......7! ....N:....C..2_\...H.8f>..6.4.X.....J..Ha...J.g.?.............^....jn.0.)._..........M...{.{..{o}.......W..J.V.H.Ff..q...+5.4.].u.I..b.....R{...T..c..v.....J....p.](..?k..q...mEDDP.Kv..Wa...A-..fL..5My........[./._.y.`I.....Rf7z:.......=`.....<.s.....$.`..m.l...8.z...C..n../.d.n....O.UG...^W.bN.]'...Jm..I...[~.|8v&.."Op$.LK.....Q.I.(. .sM.'S...*.bAi......o.w$.y7.s..X....n.!..Li.......}.W..z:..,...S.e.)...Gf....p.@.,|P..&..`.n.\p..;..z8.W.~E.".-.V..c...9..E..."..K.a...3..S{....z..^.....m...[..HK......x.vF....v}..%!|.w.$.......JX.{C..7...N+....@......K#.$..

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:true
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):3940
                                                        Entropy (8bit):7.955713399318157
                                                        Encrypted:false
                                                        SSDEEP:96:rhhjaewF0ZX+eCmChHESkSwcggkkgrqq8rNPeQ:rjjaOZueCnEmwKk9rqqiNPF
                                                        MD5:B7A00FF6CBA41A0593ABB00DE4B3342F
                                                        SHA1:E8B686C723B09DCF759B583842C456AE7F5EB813
                                                        SHA-256:31A0F1829E6122752CED9B519793A9E173E77D35F4E19EE7BBC9A50807472257
                                                        SHA-512:7EF0A4B72C0902EF4B384E25B01EA3ECFCD87CE4F3ACEFC7A3E1451ABE41113519801E6222A3F20829BE44CC03683F101FFE9BE03A8297587343BA8E52F6FC2C
                                                        Malicious:true
                                                        Preview:...iL..\..7?...*T...w.Y.MU.....z.4.k........h...o%.`..T&.....@J..|t.......l..u.C.I.=......E.Lu.N+O. ...B.sTLN.U..8....j.....Mq...?...s~.....}.em....~QB...V.de...K...V.C..P..P..5.s.".*.!d..-..3.$M....&.".q..PYFD..<......4.GKenf*G....Y}.@.,1H..O..vw.N.....YX.....{c...n...{.Qo=o.SR.k..@.mhyO..z...X.L....Y?nj..*S..M._(.*..o.......Z.k..J........w..10....-..Vq......L..Q..z^..Q.c...u..|...~.4;.$T..R....c..;=../......*..BrA....'....F]6..m.Z..;d....A.QEh.j..a.R.P..I.t|.[]7.xU\'..M...pV.q3.P..$...*JX.........y(r.)f8......\$"..a.F...........KA.7.|.....c....DL.......V..R\.'j...0..n%...gd.I.Z....w.78e......j..N..oT.wF..os#B.......9.w.5m.....[..e..q...|@..EK.I..!....=...=..C...:j.?$....F.-s;.(.......m.....m..................\.99.R.1......#<...\..bF..P.'.iQt....$...1j..........&.>a`a.Y....[.MR..F...j....i..F.&.{0bn-.x.L.A.X....g.P.s.e)...}......<..d...D2<.A..?.+....CG...y'.E......y.........p8........E...gH.a.K..j#...y..q.7a]0[....y...}...5.. ..sa.W..V.n4vR=...

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\times.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):288
                                                        Entropy (8bit):7.246478810416123
                                                        Encrypted:false
                                                        SSDEEP:6:peq2ZQCYpMqhYDflEjKk2MaMf61aBDE6txWw+DdP9l49aUSnW:8NZJYWlGxjf61a+6KxPlu6nW
                                                        MD5:2B281037576FDF99C74BB167A5976241
                                                        SHA1:6DC5B7098E0906036301C81B5E61457E7B57881C
                                                        SHA-256:3BDBCC4903CFCEE0A14771A689429BEBD7E976AACE50CCCEAF503D319011324B
                                                        SHA-512:FD184497E06967E20F371C93FB80BEB09D7B6A90513EDAA34BCF63070B5E667F9F9CD48B3C0A8B1226746184B54B4BB24F639090CC6DB3FD80DB6527A510A874
                                                        Malicious:true
                                                        Preview:.H..(...k....Z@X..S..+j..[....<~C=.#.Z......1.....&}E...g..Ht....;.^?L....n.0..../f."./........y...= #pr......S..U.....T.*.[:....;&...j..aS.I.J~.Vh....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite-shm.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):33022
                                                        Entropy (8bit):7.994484831186392
                                                        Encrypted:true
                                                        SSDEEP:768:0PcKfICG4WDkfU7XABtTTjkUt30ulH4sxqTa6EcrNa0OF:0lPGjDkf/tTTjF30eHXxqlRrNEF
                                                        MD5:3EAC97FFABF0B698DE4AF9EF27E999F1
                                                        SHA1:E82A5D9E3589695ACD5CB6F64A4BD2E43A1D2963
                                                        SHA-256:154FF859B90EF332A9CE31755B48833D822AD7996D95B0EB577976D876A0C937
                                                        SHA-512:989EC97268D7F73E05C76C8D86B62923623606E4034E7240D582D3FA7016751EF34195C1FF4F34242C469A6F78BCCEA00D054D975F1FEAE0E3FC78D147E94622
                                                        Malicious:true
                                                        Preview:.....:|.>B.{x;.?.Tm.W.........9Ou...A"..!.k.@f....{}E..a.....!f^. ..w...]GYc,.5/.....f.....'......5#.'.t..B^Ti..!(..d~.<l$.zm^^..]h^.-v1.O.p...qt.n..6...l<.;|1<...W-.,.A.Y.rzD.2........ ..XZh\...]`6'^gKL..."s....H.7zE...$....\E....$.&Z.......C..V.Q..[...j.!....A..^.Px..G..9B.L...-.d..W#H..&u.......wE]....FjH.F.}..?.c.y..7T.s....C._..@.F....^d...:X\....`GXE!.EUg.J.L.D....^. .G`..K...LCUY.K. gsM9...03...{KX......C..(.....#.).....A..A....-..60...B..`nu.l1C..!.QG.Wo...y0D.6wv..5x.CkF.9.<....4.nA....|...*.._.q..K*...Tg(..V....@.48..m........04.....~'...k...}.K..=.>..u.\Q....a.d..K.HD..9..:8...=!..pD.=.l:.....}Pl(T......h..7..2.CXR.a.Atg.z.`.x..Dr.......7s.-.?.4_..[...''-d.z.E.i*./..z.A@.k..i...@..uy...<L2@.Iv.+N.S.V'.........u;@...|...;.B.....=..eZi....liMm...\yRg.....?>1.E.&.....3....kj.....z5.p>8....t.... .[$....L.#...A..^.....2..Z.."T'..t......f....P...8..K.F.E..*.0G..><....DQy..rn.bal...mp.7...-p....T.....te..Bz..."h:C.W.........

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):98552
                                                        Entropy (8bit):7.998163675113464
                                                        Encrypted:true
                                                        SSDEEP:1536:NKp2U2QG1Q1XgZfg0PDim6w7R1A9wQlH6nxuWQZLbyFdnoqzNgJqu/9WIF:NXHQ1wZFPDi5w7RHn2ZLcyqz+Jl/9Wy
                                                        MD5:AE1C57DB5DDA32ABB2EFBFA5AA0254AD
                                                        SHA1:2BB4D69E92F9049308D693C5E2DC8505322D1D91
                                                        SHA-256:BDC37405D31C4C5EA6BB30013FCA44C8243DA42704F3A6C16CE4F6D086FC17DB
                                                        SHA-512:2B4954A0623933B0D21177B4BF1E0FB0EF22F84ECAC8377726E79DEBFE5473E65F71BA1155F94C5A65BC6767D0633FBE1AC146D894F96F8EC0EA7AEBFD6B75CC
                                                        Malicious:true
                                                        Preview:E...S..Z..9{..su<.{@0.!'K..+...<.....%......Z./p...8.........F..l..@.i....EDE. ...yxG..i.>.....F.)............R3.......#....U.y....>..6YE...G./.V.o.KS5.~..6t..#.^._........$.Q.m"....\......"8...*..CU.{}.....'.P"..n.&".@.J.Y..s......b..........\..>.....J.....H.Q..+@.+....1........\<.S.5...j.bQ...,8...H.1%..mN.......r7.L.Y.X2.....^..:i..^.#ct..Q.....$...R........2.......^.A....n|iS.2O..Ux.X..U..^OE...&6....$&tG.j...r..c..2V......o...[.....ov..3.<+.w;../..*.<|..Lh.wd..PP. ....!$.S....j.o{...... ../..R9........x.+.......|z......-..bD..X...E......z.`.........q.[+.R.>.4.;..c.e..s.^(..F/2.Jp.j.cM....B.[.:.2.....S...M..`.......^E.pn.................. ".."Q^.d.......MAA.ooj.l.%M..(s.%Y{.\A..of.....>t...>..^.`6.s.....l@..0.V..p........;....f...%..Z..)..<.I...K2.zz.$])R_D..H....]..)7..H..=.........v.$...Y@.UKG.~....vt.Y..vt.X&.)3.d..C...{.........k.3.?.-....f..........Y..AU....KPG8..... uk..a..lF...A;.....q........`<.....8.X..Fd:..v.^

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):363
                                                        Entropy (8bit):7.469278966495794
                                                        Encrypted:false
                                                        SSDEEP:6:No2q8uHwhuu2HpysFlBrOjFYisPPbPKCf61aBDE6txWw+DdP9l49aUSnW:NduQMn7OjFYRP1f61a+6KxPlu6nW
                                                        MD5:51162888B2B74F5B66C94A7D4E01C0D8
                                                        SHA1:190C73C838E3848D9964E9584B63969D40491E2B
                                                        SHA-256:12F13BC2D20E0E0B197795BA19F63CDA13083C3B0000C424FF707A38877F2780
                                                        SHA-512:D059C0164779101C410EA8AE6F3984C3CA30DFA6C8C8A8A2D537018CF740E71A235719DB9C13EA650452EF86A448EEB47755E93947A505CA79F9F82A8679F729
                                                        Malicious:true
                                                        Preview:.!qSc....9...p1V..|.4..KNH....]6.w....m.-...?);..hu.t?|<.%i..P..o..6z4.6...H{>..%.9&..."....u@6...I.w."..=C .0s..Qh.....&|E...g.PZ.W....FG.....n.0..../e."._..1.3.F.T..=.5.....8..`P..........O...j...M.`d.......ht.....S:.m....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\times.json.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):285
                                                        Entropy (8bit):7.251091289789029
                                                        Encrypted:false
                                                        SSDEEP:6:aLWwH5ExTW5qhYYQrF5Nl6f61aBDE6txWw+DdP9l49aUSnW:EWwHKxTG5vNl6f61a+6KxPlu6nW
                                                        MD5:E4C57293C654BD1BAC2D3CD9634AB4AE
                                                        SHA1:8066EFE7E00270DC879B7DF12710D21E7C327FF8
                                                        SHA-256:45B24E3CD6828EA9B021040EA8A6D5A06557434F843A5ED6314B29AB9B133624
                                                        SHA-512:E86DB824B0165C15A8F127B433F02A81C2BF6A9EA8B0B9DF87CC7D0DE79C0308CB4282DA1877EDD560B372BEEEE0A0AD10DEDF04CC0B579097AAD11C50834754
                                                        Malicious:true
                                                        Preview::[UA.c....9.1.zeT.....A:\Y9|^..g.J...........&}E...g..Ht....;.^?L....n.0..../f."..g.I2r.......B....3..-....B_....A.....\..H..Jj....p...B#.h....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\installs.ini.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):313
                                                        Entropy (8bit):7.3652192366454985
                                                        Encrypted:false
                                                        SSDEEP:6:yWbFRlY7vzmXvC1qQmPKKhYmVSmnnx8w7f61aBDE6txWw+DdP9l49aUSnW:jhNnznNzf61a+6KxPlu6nW
                                                        MD5:E6B7D84823EB7F965A3C32614980C5C8
                                                        SHA1:FF21B4D8A144534963393DAD1FB06CE301C41BE1
                                                        SHA-256:F118F5A9DAAE89261B9E7F670EB1FD190F677760049A4226DF50C31EEF8AC879
                                                        SHA-512:E26B9BDEBA86AFE9BD85EBDF413C12ADC3FE3ED8608373D788B238189ED1F0873822CE950744FFC701340EFFF74462004E145F97F6118CEA892148ADF1D83073
                                                        Malicious:false
                                                        Preview:.Y.N)v..JC.$......\`.....-...N......x.w..k...TH.0....~5V....b............&cE...g.'..u.j...^?L....n.0..../f."... ..&.g...{Q%^......k`.t`...]R....r....,.[............+e.;T.h....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\com.adobe.dunamis\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Desktop\AAAAAAAAAAAAAA (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\BBBBBBBBBBBBBB (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\CCCCCCCCCCCCCC (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\DDDDDDDDDDDDDD (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\EEEEEEEEEEEEEE (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\FFFFFFFFFFFFFF (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\GGGGGGGGGGGGGG (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\HHHHHHHHHHHHHH (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\IIIIIIIIIIIIII (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\JJJJJJJJJJJJJJ (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\KKKKKKKKKKKKKK (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\LLLLLLLLLLLLLL (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\MMMMMMMMMMMMMM (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\NNNNNNNNNNNNNN (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\OOOOOOOOOOOOOO (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\PPPPPPPPPPPPPP (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\QQQQQQQQQQQQQQ (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\RRRRRRRRRRRRRR (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\SSSSSSSSSSSSSS (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\TTTTTTTTTTTTTT (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\UUUUUUUUUUUUUU (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\VVVVVVVVVVVVVV (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\WWWWWWWWWWWWWW (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy)

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:dropped
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Desktop\bZRL0uttVu.exe

                                                        Download File
                                                        Process:C:\ProgramData\B0BE.tmp
                                                        File Type:SysEx File - Clarity
                                                        Category:modified
                                                        Size (bytes):149504
                                                        Entropy (8bit):7.997296665490752
                                                        Encrypted:true
                                                        SSDEEP:3072:4Oqnx+iSxf4nlFrjqkUOqnx+iSxf4nlFrjqkUOqnx+iSxG:XWxPSxf4nlt5WxPSxf4nlt5WxPSxG
                                                        MD5:D65AC327BFDD3713BD7B4F1F56981974
                                                        SHA1:350FB12AC37FB9A182DA3CCAF186054045069782
                                                        SHA-256:B812EF0676BE8216B27A8553E0CA83A805B14AB1508AB5D8AB5FF7BE187EF196
                                                        SHA-512:2DE483204CD02EAEC61803EAA708FF1FB180281309A73D32DF96E9FA15E28B4F1DF06A5B7259CA103B8E3B24CAB701F5FE66653B644FCC2FEF341EF4A33811B9
                                                        Malicious:true
                                                        Preview:..1..Q.?.c@.....X..Px....h2.B.j....wY....z....f.....C......NQn8..+.F.o.....&=[@M..h.gn..h.H..k.QKO.r.F.s.r...A.A..s.,.*ZSwBE....BWiO....h..i.&p...n..%...e..Sv.m.....O&q^+.ob__.+.....Y..V.g.@..HK|.8.....Pp_..6.b.'d.5'J...pOt.....1...e.5".@.....Xx&.`a.....V`..5k....H$`>.]Z......./.l......z.%.|..^.YiE..d}.R...B,?.z.. .....G.......d[k...O{.u...\.h......=zV.....\G.I..^'..e{^.-l..J..\.E.Hvq..N..v.N.z..Q/|...5.3d..y.....mL\.......77].B....%cK).......g.#..r"J^..v..p....?..'o.x..7....Y..^..v....J.'..E.Bh#iV....5Mq.FX.............'....*.qw.........X........_M.U..z..D...(..?.t...N3.l._..>....#...i.0....&-.'pP..!e.:xH5gF..s..l....%L...w5vY........Hva....ZS.a..j.8.....(.k.Q.....;..u..Q..|Q*.>.Es)..#....E='.$4.....iX*`...)H.7/:b..mP..M.u.S....T.....w.,}.M.,...#L.a...;..........'..|..,B..N..X....j.?..6}p.....@....8I..F-.8u.M..P.....E)A@n9}:b];.j.j....T.c.z!.H.aB....Id.R.w.A.."5@.q..."......S...\...5R..K....j.X*S=6.....1@.f1DI|.5.....8%:H`{1$AQI...1|...

                                                        C:\Users\user\Documents\BJZFPPWAPT.mp3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1270
                                                        Entropy (8bit):7.8328525159884705
                                                        Encrypted:false
                                                        SSDEEP:24:urGhoDwLQOdic5Q7djHhV4aPM5wQ5dUcLp6ZMimkaFLgN++5iaWACf6bxPlS:urBE7iT7djcZ5RTUcVImkzNB5oACfeQ
                                                        MD5:1CE99762AD6A076ECC5F69DEFEBF0606
                                                        SHA1:B4E814265DF4BD27B52FC861B1896A68253FB946
                                                        SHA-256:371948278801E0A67C9223637278A21BC21EFED3F2880E9D31539EEC40F8A9C4
                                                        SHA-512:55E5DC59BE3E05817FA3137564EBBDC537A50D2EA83976F1F08CA506903CBB435BBEAFE890952F38BDF6DB9D61154217A34D797CB42F71987347A0BB9EB1FD0B
                                                        Malicious:false
                                                        Preview:.A\-X.~Y...@.=..K...*(#4..4...HvvHK)...p.sX.`d..>.....GX.u..jt.).\..ppq2.:....$.}L..\Aa.$;9...D.D.{.<41ay.z0.a.(.........;s...m.26.....#.v(.c...)..R..]...._.>z....+\.T.os..;.Nw.m.(..!+.&.UI........>..1.>...u.ZmA#.ouU..h.K."b..r.V1...[._.......0.*....*.N..B_#<B...Im.}K.."?w..^....N..#..p..#E%..[g.='....3.....e..`...r..W#..a..D.a(.".P1_..........-.?...!s.L...1.S...(s.f-...e.....S>.D..].09.....#.Z..+RE.4..T.&.+..0..+....d7...);..o......D..j.....\..@..$..V....l....PCs.(....Y_<.0.2._.\..9....N..m9..p..YE.z...X.[F!.....&?l.T.......4.1.......GZ.),*....v-?xhd)f...F.Ri.2...D.......R.......qrb...q....e....z...]ei.7...Zu$...V%:.*.7.V.m}f..H...;.\.<.M..dm>...$....p4.{..q..E.....Q....%{czC...z..b.eJ.<r..t.z..#.`..i{*..-r.-E`\.y...v.2P..%..'.yx$...X`.....nP.5[+!.C..\...D...:]x..y>I.68a.....W.Y`j...f..L+,.H{]......%..`...|,..ibo.ao..].8...)V.1...c.....^..G.w.K...0...p.3..q^...Nv.s....D....-._...V...'.Sx.hK.{.jR..|.)vJ..a....p.`\..e..wF..X._..J..>.....Hb

                                                        C:\Users\user\Documents\BNAGMGSPLO.mp3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.8466439188507096
                                                        Encrypted:false
                                                        SSDEEP:24:0f8j6++uD+jl1E9EU/mxa0mkwZr079LfrD4Jg2uSWQsKNYGCf6bxPlS:j+xe+jldfmkqqZrcuSZHYlfeQ
                                                        MD5:064D84B359F763FE92546F78DFB4FD68
                                                        SHA1:FBEDCE2D4B234F5710216C73446BB023113FF6EC
                                                        SHA-256:E66A7A31A8021E813AB6206692A81B6C687DB4DFD31BD17A4E6504CBFFD9C4C8
                                                        SHA-512:335C1682B8B418CE880248DB2BE16A3FFFA27AD004361AE982A19B850471781AF703B6670CA6A405E42601A0BB75DBAB6A91620360F3AAE026C89EEF586016BC
                                                        Malicious:false
                                                        Preview:,'.NS9.&.D...e..6..=z.B..85.:._.......>.e...'U.Van:...Y.O....m6...e..O:. .N.Y...Ye|5e..Q@...#.4.W...@..f...R.a..b.,&.~.Vm.u....e.n.4x..M.}.....u.}.Y3".<#\.t~...X.C......... .8O...L...~.......p6Q....Qo.... ..E*B.q..9..|..fb....{..v....I`]Zw....'.g.@IY.^i_......./......e.c..D`U.,Xj/.1.c....!..[.mS(....._3.wR.._.a.s. m..q.....2J.8..V.YL..E...N.Y;(@.&'6.e.#+?."..?f.~.K.z...n.>.........d..`[G..]..l.^.SdZ.s.j.P.`s{...)./..L5....t.U....f=.@.;..........?..R.6....R+.!..=.F.N..O.[.1V.DJ .R;..!.:}.......4.Q".Kw.....E>..c...]....._*"...^V-.vO*..:..^"....&..P....).;..sH6..w...........$.:....y.0.....e.c./....sJ..;.[......7.a .M.p.C_........o....5..ld...ht.h.A.E.....Y..U|D..pi+.~ .&..g....9...W....Q.!@.._......$....-..u.N...&...'...$N....>.c!.-YA&....^Cvs&..|.h/..6.......R....U..";Y..f%..k?..h.1..T~a.0|}}.Lo..;..;.-x....T8;gL..4..e....G.bT.....w....'.\K..J~.!D.[9l.5..W....6..L.l.R.(..5.F.2Z..P..y>u.~])D.@.....'.:...Wq...2..`..{.~vO.E....$]..o..H.'.yZ......

                                                        C:\Users\user\Documents\EEGWXUHVUG.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1270
                                                        Entropy (8bit):7.871421019489369
                                                        Encrypted:false
                                                        SSDEEP:24:l9fx8y1MLa+38TEDPm4iwKsI81mpZrddT+y6LkJ2e2PfYgoVIs5iDsZBef6bxPlS:l911ka+sTYmS6xJ+jPfobBUfeQ
                                                        MD5:83A760906A26E9C4523D8EFAE452989C
                                                        SHA1:09543FE39AF1EA672B223380BBC66DDCD6A81DDE
                                                        SHA-256:75CC6593369E6BAC76EC667CBEB40FF4C9D0478B56C50FD79B616D40474D5510
                                                        SHA-512:17ECFAB119644403E7AA548AD549C3038530DBB4EB27F5079862405C1929A470B98321CA9F04177FAF0B4C3383053A64A642007FD9EAE19126DBD8AFAC1FAE6D
                                                        Malicious:false
                                                        Preview:.).l...GD...X.C<7.....0.C/.d...r.'.g.....H..O.n.UH...m..c..?....V..Q=^~)..4......q..eQ;..p#YT.m..+<......'t)1..?H...u....._....Lk6..w.._bv .....K...o.f8...,....C..uN.)..D.....jt.>.'2..{....J>...H....j.-R....fc...f.K.@R...-).m.yB`.....w.G..L..g....N... ..t...Y.S....d.AE....7.\T.l.|+..>..;.t.....s.X)(.&.uIw.6.B...ro...O.c....z..8..]..^q.ni.*2.Xu02..8....aPn}...j.9....p....t....v..",.}'Z.3..6.1..7...[...tg.......+..SV.....@2...I'%.......%d;tX.. .}....)...!.kW{....n..Hj..d,.l9.p.]..<{...|..q8.."b....MZ.Y.....(...n...:"....d.e.J....W..E..2T.ED.......5...IU.Gt...WC... .<..~.4...h...*.........|......\.&<.$[h-.7.Z.i?&..6..J.7...}.......%`.zv..N.J.....q..4t..L.q*M.".p..\%...;.<..V.wvq.:W...z3.).EX'.q.Y.`|.O'?u....@..=\.Tt<%...3...7..y...}m:R7....2........S...~b..>..>.8x...c..8.sz..@.z.~"........&.z....W}..+....Q..b....j=.N.K.&...Q9'......$.57.C.a...F..t2..g.>........2.........0x.Rk..!....[.......G{.gz..(O..=Q...1..4)%...w......Y1.Zx...a8[.H7c[..1h....?.F.

                                                        C:\Users\user\Documents\GAOBCVIQIJ.jpg.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.860347978280234
                                                        Encrypted:false
                                                        SSDEEP:24:++nhoc2/SihWfBLE/OV34mW/o7liqkVaIb/pGzYwuMB4O3/tf6bxPlS:++nhouGW1Eo34mWAliq6aG/p2YVstfeQ
                                                        MD5:4418FC097DD2826E1BFD45C62F057F55
                                                        SHA1:FECA9AE761B05F59B4425285ED04CB535AB289CE
                                                        SHA-256:593A396582F046731C008F204A64F39342E4C097DDE94E278206381D8C2F29D1
                                                        SHA-512:F2A2DB89B60B2816BABE5FEACCAF4519277697D8BFC3C2A4D5746839EFBE70F4A6C6DCBB49E78F60726BE37E3171A5DCDB7AB9E7F9BFC125FCBC5E07152221A5
                                                        Malicious:false
                                                        Preview:....^....2x"...N.Z....*.#...w..H~.....u..h..=4O...xx.C.5...9......jM..d.......(mB......]F?7U...8...*.dw...{..]...8../)a.k".rH...+)[..N...(8..}?J5.U....Y;......o...Tn!.......$.9#KC. ......l....5\.C%.,3.j....DI..5/..eQ.<.p.=.9...M..8J6..\s........CN....`.....#....G....8..7.H3...7..Iy.DF.....d{.....$.Q..!.Wq.....l.............-...S.w`.g-...O.>..i...,1..].*R0..R..c.R../......?.k.P.6....#..~.....j..-...p..,....S.}.=....{..wK.....O....@#....Y.,V..9GH.d.....+.........g.c.$......a...mZ..{.AJ.......,...N...N..f..w..q.@.).0...o...X...XC.v.M...H..48q.-.....N.$.0.%.).....<..V.#E.F.Mu...3....."..}i.........".fh.....`.....&.zA.T.o...sl....\.&V...., H.m......p....u@..SA2*...d.N.P:..">e..XV;..phE..an.w..gM-DS.zA............4`..k.cf....Io..6;..6..`.C?.~.;..z..._....SD../...k.2.Ep....A.X)......[Hp.(..y9k..sMU....:$.....fO...#.....h.S.b.*.&ug3w.-...,........d.s|..L.I...}..C.'q...2...lf...3...<.9(.._...Jx\c.._....|Mk.....7b.">0R.z....BWc;....|....S...Xp.

                                                        C:\Users\user\Documents\GAOBCVIQIJ.mp3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.849707785861836
                                                        Encrypted:false
                                                        SSDEEP:24:gtLcudRigEFqz3q7TsHcW7jgeh9lTeGrZtue5lWFfpEdwR4XHlf6bxPlS:Gx/jAsHcGjgylT/ySluhEdO0FfeQ
                                                        MD5:351417B5C3BDB0A59A330639D2986689
                                                        SHA1:63DB05112A5F3233EC2BCE10C8597F165F61D462
                                                        SHA-256:CEC8139DE204F66281126052F5763AC1C04FD5D5C35B49080B4610A5E0505567
                                                        SHA-512:5621BEAB2359EA5DBD098A16EBF0EA017576C71ECB779D7568BD48E9C73B6E634818E10E1D2440602984B75812B884D6695A7250E61F87691E5247857239D49C
                                                        Malicious:false
                                                        Preview:.W....?.S9l..{}.].6.}..R...L..........n._...=.3..*'....Z..O..q....:..#.9..A.X....].C..e=X...$.....V...:?>.%7.1.k0...6X./o.z..(...ZX&..._.2.u.t.....R.JX....z......q<.B.N.....P.Ro.....P..+Y.........i...)-.<...-...lv.lw1"..>..........A.Z....H3.z......_.rGk..".q.Wi....&.;.F.t..#..4.....X@&~ .i.O..........@....`.....zL...n..+.4..Qn....Oo...zR.'..(F..dk.pK.r.V..m...#.ji0f.I.D.o...{...@.......|......b...a..^.*...F.../......RG...M..6.%.<.&,xx.....vNW.*.:.R........`. 6V.M.*...0v!....W.F....w..Y..r..F...^Rj?.8VW..{..$/I..|A..J..%......K].....@...Y.."..a_a.~..<7...6..d.....5).O......u."..c.@.._a.:3.........f.J]#A.db...e..z2...!.b.......y0..l....:.$t.......J.J?pY.......1.QUW..hP..,.<8...G......I|..E.0..vT..B.q.U*........K..L.&..G..>BS...6f....=+......Q...#.b*.L.R.Z.&........"..<#6..G...w.G.5.r..n.HP..w[.F..;...&3......\0.}..o..$.N=.$.N..Jp?}7.`.v..+.J..%.l...r9E2]...Q..lGU.XV..o..Y...K....4...p...n...C.b.u..x.K..v^AO.L...G.<...R....\..).

                                                        C:\Users\user\Documents\GAOBCVIQIJ.pdf.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.841531239302878
                                                        Encrypted:false
                                                        SSDEEP:24:M5PRH3LQtbJ17BvuJXi9wjB+q9r6T6HCMTpLKUrICSATQzNsf5npePTc+f6bxPlS:e5XEtt1l259r6mNp+q5nuNEIc+feQ
                                                        MD5:BA6F657F5C8D6DD09F4442CBF5BD4777
                                                        SHA1:DA12B66131255A42246E94904DC07F6ECF4B55E5
                                                        SHA-256:CC150BF2B4CE4D206B128C2B061FBD12D87F9F6E731B026CDADDE5D6039D2B28
                                                        SHA-512:42FE97585D5D374866F1304BDCF01411FD8CEE38D8E6129642523C75B5C349C5E7E367B11FA87563BAE84F724BBABE4889778A12D6BEAC720D2EC6791FCE0C93
                                                        Malicious:false
                                                        Preview:.6"..X.......J.z...H...:......%.Ll................G..g.Y...B=...Q..&.I!..wXD......1..w=.X..-..l[..>,..v..e.....X.'..6Ek.4..|...\....62...n.f....%.D(..eG.....v+e. .z....,~....$..^...:*Bl......Fn.t.w....E..}.0(...'%..Vb...B........z.y.YP.'M{B..Kx.._.MT{K.O.):..._.j..:.Q..P......N~|.E....:!.{.I........S.J.W.36...7.m.?'..5.!_..L."B...[.r%..."2Jj...S.t...(...2.@..!...E...=...I...M.UP.....+..l\..x..g.#......-...?.}o.....cu/.8..K.....LG.w.2....\..!..-.......p?r._.%........G@.9.].-l#..E..mtM|*...1.=y=^.1..s.....Mb^...g.....cL:".,......0.Mp%]...U.w...g.Hz.+...<...........&.8.=.M..(.p~G..x.V...~..>.Jg^J...I`..X.....6....uO..{.\....5..fQv...H.?.wu...U...8niK.`..Z_.;..........h.i..-.;Y.y8.zX...|...oZ2.B......m...~m..u`.a.!A.N.'.|...O....`...B......K.b.n^2E.=.'..JS0&.,Oqx.....X..].&..%.$....*v..T$!JMp.{..>i.%.}x.M....oL.U.H.N.[3.:....UO.fnWZ......K.[..aZ.....q{%...#$.vpaa....o@I0..j..D{zmc)....8.Q|}.-.....T..{..b.NP/....CZW^a......(..5.....

                                                        C:\Users\user\Documents\IPKGELNTQY.jpg.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1273
                                                        Entropy (8bit):7.836093287503332
                                                        Encrypted:false
                                                        SSDEEP:24:9kzG8TByq7/u2Cq6bVUhwuzUEgFqPJxJ9OVAE/6f6bxPlS:qlTsq7/RJyChcEgFqRxeCfeQ
                                                        MD5:04A04C24A98F3FC15045E365E697F9E5
                                                        SHA1:E094D852A6C803526D55A941F8B313A83DC9F556
                                                        SHA-256:9C7A859C7BCAEC64D896DFC41509D798ED6A9E0C77B18CCFC738FA0EB4AB5951
                                                        SHA-512:83FEE0A0C2CFB197E3E8DE47DE5B7C933986926D470712EB9597DE482656F90BA1135E3F8FB57EF10F2F22E0B4DD66BEA3B65B0059B749AC0A060C63AB7368E1
                                                        Malicious:false
                                                        Preview:FX.(.z.R1\...../.....u.2.`.Q.%D.z'..A`.Iv.3.....f/...x.....x...r.*m.......O.Ol..iG.....aX..v9.y.C.w.._.9.....hnj...?.|S.....iw.'.X.;_:J..9.2.0....F..!]I.U.....~P.}..&.b..o......^....F.?.X..+...&..y.d..r:8........).*.....I.E..'B..+v...../.....D&.....#.'..w..GX8....g.w.D.m_.JC.}.j......7..!.;xf..P......\qR.....^&-..2.q....S7..b. .y.....JGF.,.T..j.Pn..r7.....'...-..d....p..._,..'R.1s....%..G.,cD{.y+.&..q.....A@..&..Sg)m.....7..>..jd_.`.X...8>?L...:..=.V ...P.7B..c......1...p.}...5....L:l\^.H.5..9G.x.yA^...C.(.pK.*M....u..g..>...<7.............C..5..N....1..........Z.b....XM..oP(..B.uec.5..2..%.;.....ZHB.Zj.....[.I.C..|JI.9`.yn..A.b....iQE.2..v_M............%8...PS....'.F.{`...&.,M..vI...o..<.p...w.3..P...X...UAy)...D.S7/.+.G..b....F.(.Z.b...a...`L.....J.H.....YJy%.(....'.3....n...0....v.......i..r..e..t..q..h...;..>O"YW."@.kX$..Bwu@\%.{.g.....I..i....I&.....|.:.....Yd.Z...jx...6.....eE`..n............$'.....\R..p.&.....$.O.5.>

                                                        C:\Users\user\Documents\IPKGELNTQY.xlsx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1274
                                                        Entropy (8bit):7.839885939477525
                                                        Encrypted:false
                                                        SSDEEP:24:WSclIAgIkk4cD3YdGnKD+mpLOSF1qEoXGB1GIYL+vfiOhf6bxPlS:8gJk4E3YdGnKDFVpF1qEMGXTG+Xi6feQ
                                                        MD5:408560929AA428C8EB3F978C8A018073
                                                        SHA1:A5508B0F242F99229B4AF47ED50179CED39FBF1C
                                                        SHA-256:A73CA54F99B493D780BE71FF43DF8536FDCA254356AC373A112AA1FE6FAB85F3
                                                        SHA-512:D925C88F91DBB8C164B4B08B315EDC1044D4791ACB0DA98015C0A5174F617F258E97539A584BA4849540F724EF3AD99C0881A73BD443EF2DC832C1E4A9D48C4D
                                                        Malicious:false
                                                        Preview:..?v&.. 4.k8&.........E}......+......E."/..y..V......-...^ ....Mv.V....2..c..Q2..........f)\.....q...5...>.....=l..q.......e...5..\U.1...J...xE.#:.c..3....j6MroYs..b...:..........yp.9Z.....?...p....z....X..L;q>..._.d.v=.l.red..........g.......Y^w....G.Q.?..?..h,.S.O.~.9....4....8.V.O..U.{.$}.S...6.q..@$j.i....{.............,kc..{<!_.nG........]YT.*.<.+.B\{E..W.z<...&%....Yc...x._2..J..N...V..}..../.Rq3w-...<v....U.._\&..H. ..7..C..w..5l.. ..k..c...0>.{....* X.J....{D...p&|............'.......B..l....=}..).v.8....I..m..q.ziTrJT.*n...V...%...|G...;..,^..-....A..D=f.<n._.N.x9.0=.....v.....o!u..\q....*..R..<{..,....ceHhv.)..S.V.F7 .QX>....&G..$.....mE..7...&?.6)...4....L..9.....>..W>X...`u...FDDsm..@.L....C"..!W....W&...e>_.,3,..?......."[)........y..@.Ht ;...#....#:dPg.2...2..U...6e.p.w......Su"....W.}..H....5..%....6<.+]h...)pB.s ..eg!.j0...|`..-..K..8k[y.>.6.."..7.Q.-{.9._ca...t...L.3._Q..A.j.ve.{t...@..1.S.U..w....,....7LA?.p.|.|....}l.K

                                                        C:\Users\user\Documents\LSBIHQFDVT.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Secret Key
                                                        Category:dropped
                                                        Size (bytes):1273
                                                        Entropy (8bit):7.817693326900692
                                                        Encrypted:false
                                                        SSDEEP:24:qcyjN3AqhPjx3sqcLkkiwcfUykarrDvs3wpcs9KtYxunCDMf6bxPlS:nyJQMxxcpw31rDkmpzxDMfeQ
                                                        MD5:330DA1B084D7232D0579EB6A31780455
                                                        SHA1:8F1D264977781A386D4B658AC9841883D61B600D
                                                        SHA-256:B2C0590A4E8E3554EB2A26891BAAB3A19C0AC24C2318A953CA2740BA38016035
                                                        SHA-512:24CAD9039C1C324A94BF6FFA9C6F1B7164A4E34E770788DD4432CF3D93724EADB3A5C427394F71B50D451753533199A2EB9231995304BF62C2B5F383DBB7966E
                                                        Malicious:false
                                                        Preview:..x.~..m....6c.#j...<...K.]..-l......UW..r~...e.d.!.L......kg'Qd.#B..#.I....*.-j..3..k.n.......)...|P..+.....8.H.......o...Q.'..,\K.r.Z..V..8....3.>}..{.qcY..N....}q.xJ.?'..\$A.~........b2..w.C.l.=.......;.. .=.f....0 n..~m".KP..`..$75....k..M.zN.LZ.V1.c.&;_......t....f.RL....Y.K......W....,gL...UJl{yp.P.....A..7...y...{.s#@".<rx!+...O+.#2O..).^..5.B..AOX.x...l.I.hB...........';}......Qa..X.E..........o.c....4..aq.......7..~.f......m.....B..Q..... ..sQW.f...`..{..g5.U...f..,.....{.$B..Z.(...GN...A..~...[....Q.[S....N..=.rI.T]A..U-]...}?...)pm..2...S.=.j...H..#....!.(.;.60x...Z.._L.|6...A..b~,.......\2.+I....].;.....{G!....p.8,.U.}..lr.@#...k...B.P.r..}.....=.V.d5>x.c.".5.Y.].....S3..%..&.]o.....W...}..9...U.~.V....}]Yt..B.r..l..=.&l..d'.k6.]O=&.,W,......JZ.......0..q..,.Q..=.4..k..|......:.V....v..[..Y.&..[,5....e../V...ouk.a).._%.U..j.+..._\.*w?A..R.....#....<;...<....?8.....z.^nr.L.P#~i.`.......m.L6..l.h+#.[.Y..;...eXd-...l...&|......#p.(.

                                                        C:\Users\user\Documents\MXPXCVPDVN.mp3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1269
                                                        Entropy (8bit):7.853882924039091
                                                        Encrypted:false
                                                        SSDEEP:24:IhcsQB8uUWCc2ZdPVgzm5tuh01AWJplFc6z1LgjJHjQUw+m8vif6bxPlS:IhS8WCrHfLuhPifc6z10jBQdMifeQ
                                                        MD5:4374EF7177A5546CD390C51E965C6A5E
                                                        SHA1:B29C52761811E4D39F4365B478576CA7E8F06181
                                                        SHA-256:312607812081AF08B49C4AC1A36775E9A49F933DA0830F49D107D2682E6DFABC
                                                        SHA-512:97B14EB4FC088AFB94C8FD785AA822EE61B46B0BD0F0116DBC2E9F771A1045ADACEDC7CF119D2F7DA9C5B16C81425CFAECF98417910FED26C5AA6ECDA9E89D15
                                                        Malicious:false
                                                        Preview:.&..cN..."..^.'Q..Ur.......b.+.uY....M.E.?._<gM..q.h.j-.4{....tEq...v..;tz..4".T..N...........5....v.c.<"@.H....7c+.1..*...xt..je.o......-=*.M.nIC..KD..s...8.,."....I.4...>....g..}..._..Ay.Vy....l}h......0..|..".A4I.4.g......aL$.......z.Bd.......z..(m\r/.......C.W....DY...V./.K.......<..B6Z.*..We.*-.....K...).J.h..j...R...lW.(....f#h...01.5.z..7g%M.$_.P2v.-....[.Z..f.o rG........_;|Z..!...6.hr..wg.{FP...kF#..j...n...+...-.......Z.f.~}%.._.?...z}.r..n......'..Xr.8.\..rw^...z:.m.3y......Q..wv.....V=..fz.R.r.....Rl.N.....4...7..Uv.id..&.m.0...U.!.,e..n.........3.......RHX~.l......}..2......pPi..f..o...b.A....x....R4`Sq.c.I...*......*....n&...vz....u.@j]........&y.|-....}...K...`[..}.&.h..3..#.cF/.J{L.P...S.F.S.y.w!..,./..R.2y2.)..B>.`..;...9p.W.`.......u.h............'.XX.N..p..@t.....A).d.9..C..B..d...CE......(."~.%...F...F.P.t-YR.x?.Q..X.Mg".!.Gb.....x..O.*../.z..0/...,..KJ....0@hu:Xc..Fo.V+....z..L...%p<g...a$.m3.6..<,0.;...Ik{.bcT..{.

                                                        C:\Users\user\Documents\MXPXCVPDVN.pdf.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1269
                                                        Entropy (8bit):7.856690195525435
                                                        Encrypted:false
                                                        SSDEEP:24:1iH2QicFCQyxDUrabyc6ZyoeEdqAjJkg/BGyH5DLS/0fpX7f6bxPlS:IWeFCQy1UPk1TANYYpLS/sLfeQ
                                                        MD5:0C09355BAE433C10C14B7CFD77AD9DCE
                                                        SHA1:13582AA252639CF208622B8988AD5218388E4307
                                                        SHA-256:FCDFFE937477581C0D8EAB184583A515671E856EB18C52349DBC67C84083487B
                                                        SHA-512:9BBF8941900868CAB61EAE9B3F3A98316A827D11E85B75E1A2F2E3A3C05C16D53C8412C56D1E3E0E34734C0A4F491B6210C7CF6B4B5F895BED67C085EA8F8DD7
                                                        Malicious:false
                                                        Preview:@...(......V........q...6.Y..EB......L.CaJ7/."......~.......ZQ........*.5.:...........9.6e%_iUm.6....%iq..l..W..."S.?|z.ai7..gk....f.F2...{.!.6..y.4.\5.r..i.................i.......D52..L.).._.E.df....H0..T.%...!...a..F.....L..h./.<0...'....f.......=..V8....%^..b..K...C}>.....d.I5<..U...M.U?..{.Lbl;...{.b..s....o..jc.....{..@/.e.u..$;.[3_..g....Y...G1P..H.X.|t)..{.w6.N}H.4k......p....Y0.7.?.o.....MAiO..kC-......l.............#.,T.?.....h..z.=...AO9"...7(&../%^zg....Mn.kS.]...=...3U}S.46.....N'A....S_g..od..{M.}.~FN:./..jEO[.P..............j[?.?.p.-.1.....?O....@q.A@.......h.w>:........HP.....+Kh...~.. .y...`C..*S.5iB.CMPz.u..W....y.I.3.e@FH.&.K.y)`.....g...Ey{.R...~.^..5.% .....<<.DD..k*..lkB.|.3.."...Z:..N..od.'....g~r.._Rs...R...E......lz....R.B. Ga.7...N......PZA......V.9....P'....../..T{E..g.........w/.8..R.7.M..#.].s\....[0c.P.[Ps.K@a..... .{}."..p..~ZW.......i...,<..R...V..4..^.HkQ.5..-.1..'..&q....N..lg .P;..p...4|..x

                                                        C:\Users\user\Documents\MXPXCVPDVN.xlsx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1268
                                                        Entropy (8bit):7.840825054527119
                                                        Encrypted:false
                                                        SSDEEP:24:8ciC2tEuBRxmlHD5apRPHAbfjJa04/uXjE9psX+rHweiAYr6f6bxPlS:NEyYRijSgHkv/QjE9pg+rHAAjfeQ
                                                        MD5:79AE699FDBD2E592D6048A58A6BB9052
                                                        SHA1:19E8333C96EC5D0FFF6DFC587FA49AA6D6E30F78
                                                        SHA-256:DDDC8228F13C795E549E13D1F3494545D9FDACC74C457CEAC6D803B14E96EF89
                                                        SHA-512:BC9FFC823986E48E744C73E6A41EB2A5EE51C03A68CCBE73A4500BB990CA7742CBB38CA8F4C385EDD854796108A7CEDDA59C2394A18F514D40402C4A2770FCA9
                                                        Malicious:false
                                                        Preview:"....%.T.....j8.\lE.......-.>1....1..M..?..qB...`MfO.Yk..sMw..5.)J.0..F7.&OR......L<'...}o...u....}.....":...0..R.../E-"g.cj.7.....O.%..x. .N..'...Q......U..h..d..,=.+Nk./..O.x....R...:..M..J........wMx....t....G....n...C.,......y.v..`B.~E....|..}_o8}..LD%e..1...a......#u.L...9~.e.c..S.wqT.m..?<.8[.v... S..V'.......".HV..G.FL$KW.M..&...W.6H^.F.]u~Yz..!.}.f..g.....b.d.P.3 ...X..=F..K....=q.j........1%.f...I..|.n.!.."....)1....8*...8.~.t^.Ta&.J...<0s........0.H.|.q...F;.D.&U...........=S..BZ......).Jz..I.....jr..A8..-H..>...G.Xr.K[.)...T._k.{.g ..F,._sd.^1...0xn.).}...Y.S....A...........US>Z.....f#...~6.L>.../.X...<..n+.#`..#.'..;.Q..:...'t.m'...g!..Q.N<...?....e.J.H}.9".~.:n..S..m^<J8F.nZD_&....j5.~.|Y....z.N.S..2...z.p...0..... ........g....Xe.l)..yV.-.X...YO.c'...t.........<..t`..f<...D$.P{WbVlK.q......c..h.8....i.m......rF...Dt.?.&B....)_.t..`.;q.a!......=9.NrMY<s..m..<..R.\....E$.....'....8._%.u..3.Y......^....&A].

                                                        C:\Users\user\Documents\NEBFQQYWPS.pdf.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.865809925995557
                                                        Encrypted:false
                                                        SSDEEP:24:Kbl704ntH6DIX7COBdY7BqAcblYVR2j12VqSZ56Hz82TF3mf6bxPlS:mY4tWmzdY7chlWCsu82AfeQ
                                                        MD5:031A653814A0FAF8F72A4975FE075361
                                                        SHA1:CA5A3CFE1EA9A922BD945933184860869955379D
                                                        SHA-256:975F055950A0C7C4FF33B932D2D24B885895322E64B75D56A2B1CDE6A9E646A2
                                                        SHA-512:2DC1E9B4BAB2A2D83B10E6E4C02AFF0633173B6FD95CEBB9256FB8CB872C82BF8B19BA6A838F3E6C5A5DAC4A6C2E0AE50DE66A5FD9A62D2B51F0307C641A78ED
                                                        Malicious:false
                                                        Preview:T...[O..a2X..h_.8N[..@l....9..]......mz...k...UKVa2:0BQV.....&.k.<;f.6......D.......}..M!z........9g.2c..e.q~...E..r&....A.A.g..c..e..*?%j..x~~x..]9w.C.s1).~..A..]D.v)..n,..;.E2@.l.S.,{......]....~>t!.U..C...M..Z..{.n.gi2........~.U..Me...-. ..{......4c.D&GH...?*.@\b..5.].U...rK..,......*.\......3-.5.Y...P.Kr.....S...04..Y...B..$.W@w4zi.(+.... E {....d...*qvq..f)N3..,......]H....|..u..\..G]@9...$...r{a......B..H...Xw .q..L....p...t*J.z..6.......o.`....j...}.."Pxt....hxQ...6.....\..;mQ.d.{..q..k........'..[FSSqQ.|.....K.(.l.."..c.E.."...5....<.3.....3.....n=z.....,.8..^wfUW...w..9.!.~...o..%QWSL.i.D..[..h..U...y.U.Cs.p.......waW.........7<{dHS....lf9..A...9c...K......A...hf....e.O'.>..8^N{.~.q.._.])s....qA6.d.X._..R.....p......h}...c. ..'...?UaJ..$...{d...JB.s....rFk..o....]... .,..GOk...U>$d.....c......ll......l....Z...10+GI.....g.....f.JZ.5..p...6..0...Gi.a....-.._.......S.....[rI@.......0.....Q?P..A..sm.6.;.ax<..?...1.:.....7.~......

                                                        C:\Users\user\Documents\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Documents\PWCCAWLGRE.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1270
                                                        Entropy (8bit):7.841810495502491
                                                        Encrypted:false
                                                        SSDEEP:24:22tpy18P9uB2Wo2iP5BUFd6djB434FRw8porgh+sZGkswSTK1Si5iwBI8f6bxPlS:vtE1DBW2iP5BTjB4ITw8lNckswYK135r
                                                        MD5:93CAFA2CB864B18DBC10676169C69282
                                                        SHA1:20EC70A949FBEDCF0983C721FDC73CBA591475FA
                                                        SHA-256:65995A09A9B80CAE9C69AE0013250B071E46D027B61CA31A4853C36737B02B7A
                                                        SHA-512:2085C697E4BABC639F485FDBAB8AA5A9F832C1E386620B2A9CDA4E5710994F31C5A5C100929B196DD10C23F34B18102D16E8B02FB01FC801EAA71B42A4B1DD26
                                                        Malicious:false
                                                        Preview:.*.....4.xd.[..Mx.,m..*.......ol2..0.L.MB........[E.:.F...........m............#..m5..sz........Q_..).....&......_6r.{..u.....Y8....Lj..}..._...n.....q..2.5v..F....H.....~.p.....:29)Hl.....xa...T..-]..<i......w....@8.6.n....L.ii^.l...5. K..2f..L..-.\7P]....,....B+........[.@.Ed[.t..Er}7xh>...+.........X.....Q.N...'o..(...9.@...l.!bg.....s.R..Pb..-.........."d..d..6I..U..9..q.../=R.<2...N}.Y>.sB......N.....N...]....RV......F.LK.b...Us~.....Gw.U\]........._6.F.&dM.G.v....R.....1....Xb..-.A.l..e2.j...goy[#.F.-..SH....'........N\d../o. 3.-E.........v..a...q....OB.f'.......O;....v.se...9.k..X....p.P..$K|&..Y(.w...=.s.....?..u....L.k.$.....?@.'.E.&...N.....[L./.5..C...+9..k.....x.....:..1.@..`]F*.g.!:O....D...K...Q...BL..F.hn...y..1).SU.-.c.$.c..*8.X...Y5...m^6z.@.%..a..k..D.;t.K..63.U.|..z_N.s.-.H..bV..U6"R......^...V......N..\.s... ...p....'....9.>.c..[DB.`..o.0..=wM.....,.H......D.L..:... ....u.....Ppw.......R.*..o[ ..]......;<

                                                        C:\Users\user\Documents\SQRKHNBNYN.docx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1271
                                                        Entropy (8bit):7.861965973795107
                                                        Encrypted:false
                                                        SSDEEP:24:ARLu0ycJ/ossatKnXszmslwyuimrSaU+vvMW5vdy+tizBL4mf6bxPlS:aLWQCyKXsVw9px1MW5vUREmfeQ
                                                        MD5:37CD4C209652B71DC3BE9FA0DDAB5651
                                                        SHA1:66D06F05E1FC1298A3598A0007DE95EAF063C56B
                                                        SHA-256:E544CA28655C7B4367A076EEA687317F161FFECE0F5A06205D5AC8EF7FE782E9
                                                        SHA-512:5A87CFB8FA86D7A0EAF4962682003EDDDA183E99F420FE32A4E63DB9E2E9EBAB7B532F90210DD1AB0C42C6AE68E67A957145A3566B7E9DFB09C51A6950176901
                                                        Malicious:false
                                                        Preview:..$.|;..._r......k..fH..q`...*..C......Ky...@..s...B..?0~=,.v.....hG%.;W`.Y.q.[.....8.!..."......h.6..)....np.G**......M...adb......b.....A..2BlO,a.@...........I...t8..A..=s..J..]..xn...6 ..y......AW.G..[.."...&qbMc..\..`.`]l..<.T.d.xX.!...&.&.2{.Q....`.^m.*L.A..7....U.#O8.a....qa...(...{7T..5...L...8e.......5B..<.lp..9.....c...F8.k..2...P......4..kN..[Ox..*.C..>17.....'d.3.!.C&a.."..B..Ooe....c.?.{D<I....2.....w*..>-6...:.../.n[H.z...8.._..Z......P\}n..TG.<z.+.....{...)..z.....W.5...+.[.5..#...G6I.3Jo..y\.FyuZ..y R...- ....@..`..U...0{...Fa .0..Kd.!...r......d1...zY;a.gN...{ae.v...3..^yZG.N.x?.r....Si...w.....B.y.X.7G..YI.a.|...5P.).;..j..|tw*;.x.o.{.9.xT.+AP78..s...>....S.+...H..<Q|..r.f....d..V...b./.U.mu....L.........3.._X..u...M..{.og...]..S<.Q(....<....~...........SS...!q,0.!.UQ.7g..........5F.. .(.q.i.M`<).Im...._o..l.y...F..S.......~)iF0}f..Q....v....o....BU...a.....Z.4..d4..m...jJZO.S.Uu.|6...J.....gZY......6 ^/..*"....*...@G.-.z

                                                        C:\Users\user\Documents\SQRKHNBNYN.jpg.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):1269
                                                        Entropy (8bit):7.843186133597596
                                                        Encrypted:false
                                                        SSDEEP:24:1n0di/IOtqS+c5C318gWawkGcJyU6VeW+0p/6nf6bxPlS:1n0c/Hwnc5610aJy9eW+0VsfeQ
                                                        MD5:9EA529F89C43A5E15B196C73698C17BB
                                                        SHA1:39AEC2F3C007768B9807ACFFF5237918E7149630
                                                        SHA-256:9943F49C3C7868D497F2CD899B8C0AA81DB973A023DDA2123812B389F35A49CA
                                                        SHA-512:0811F38CCBCD3B3DAF240B77909B84B98FF6873CBFAE9B9FC4950B8AADE90271D351BD00BF0CA5EC6A0076B778C01A31B87DFD0C14838D269F3ABAEADB3E5586
                                                        Malicious:false
                                                        Preview:.....IPE..|...W..iOmS(.`...K....y.n{.J3.8...JhH...Nm)E....(..LD#.....t.U9.{.{y&(...^.p....m.7.<a..U.h'.#.I......^...=.2X..a.~..Z.`.Ev._.8..t...,.....AeZ..l9..,..K~&.....!d..`1'.s.o...E.U...[. .>.K.bU.q0.|.BY.w.8?....h`......M.[..\..s.O.."a..j. ..... <L..tB.}#OW.Ex...Ge.p..\(.................7..&'k..K..G..E)..'.'.K....7.....-P....p..!F....@..(.d'0?*vn)...\%Zf$+=!.m.x.5..2..P.w..a.!..../.r..V.8.^.TB.T..y,...<C...>....]V..U.K..c]..MPzs..Py...0..m..a...6..n*.v..... .}.*.....5..8M.z.`.;|.SX..Q/s.....1..M...Th.k6`m0fd.....*...m.oV.....]..K..J..a.l...E .......^_M`.+v....xm Q"a.. +.......].... ...p.a...V....W".o.....e8K...l....RR.,......K2..o.."....qHE......D..m..8.>.|.^R.C~..W.N...HA|C......5..v.A.....~.......Ze..q.L...%...:.!..!....f....*"8.....C.HY......Q.......b...,...R^..;...,....)..x.z|-..T.l.R..x.v.....t....-WFR.....m.I...Y.Z.0.V.S.j..b.Rij.C....-r.&}<.`9..rq..$.$.#><.c.^=!....>.H)..{]g...T..b..(."......9.....7<.....h......(...|....

                                                        C:\Users\user\Documents\SQRKHNBNYN.xlsx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1270
                                                        Entropy (8bit):7.857399478935005
                                                        Encrypted:false
                                                        SSDEEP:24:A+rvrrmEe7zioP8pueNZ8jCMxJB2LXxHAEZfnV5mQuMhd5iX2wjf6bxPlS:jbrqVzxKrZKCM12LXxpZfiLE5g2GfeQ
                                                        MD5:CEA6FC0BCC45DB7F66BA66B0EA25A48A
                                                        SHA1:8288252BB64521E79831E18841CB4F245D7FE51D
                                                        SHA-256:47E0FB8F7C81686EFD40327A5490F772EB37D605E5422B3A9608366DEF940632
                                                        SHA-512:0BCC8C8ED49EFAE6148ED58C9A554D95816CDCA9DCE0C6A34E6D7A5A8D912A3C507721F4157444707B51841A0F863DB495410FEB7A087D3541E3D6F1C58C4EF5
                                                        Malicious:false
                                                        Preview:..\.J..... ..^....Ds|......W...R..\!.z.u?d..@qd..a....$.%.$...0a;D...t.A...6J+.6...euV<...)....z.v'h.nfA...M..Ez.uH.k...$..B}....[.yD.?d......L..P....Oy..)...6.._?'$.!....X...e].....&.......".7......W....g|..$......S"..Z*.[k.".u......Ga.h.C]4.L..Q..b.U.%.l`mo....7.r.y...D....7..O.S.(R...1....$'.`.;.a....`....}DD.l;.Lu;z,..H.... ...GY_..g....I........M..._....@FF.#.}/.`O9....:1P+....X.+.GE.m.].Y..X.vq!..L.....M.#x..OM.....xQ}3......T';...f....f..5P..2...8.kX..:;.......w.an.f...Ep.J.. ..Uc-.4!K,..Ib.D..xH%....U_+,.nN2..o......4l..D.j.j9w.Jk......Q\.a.x..Yg.9|.\.O..F.....}.'3b..K.z...M..t#..b..T.......p^..xp...vu...3..@...|.r.7U...._.}1...2.&....C..W...m...A5...k..L..^..N.TG...V....~..4..1<.....r..'EGR...6./.....|.N]5^Lm.O.....vw.~.d.......R....H/....h[bJL;X..[P.....o(E..ax........l./.oj...zj.(.|.....s.r. .h...\..'.M..3.X8?....g,......).P.....ZZ..O..T.*..l.4..NE.[.-.T8..........R......-..Q.m.d.Y.j.<......?t4.^.....#7.]...:.*.c..5.EI.....3.]P.Q

                                                        C:\Users\user\Documents\SUAVTZKNFL.jpg.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1273
                                                        Entropy (8bit):7.849254612217184
                                                        Encrypted:false
                                                        SSDEEP:24:uWCwjdQ14BCs+XXUQR95xNHk3mWhzuaSeFkGlEYijt6+8Ogf6bxPlS:bdQ14ZgrRvc2WpuIcjtHNgfeQ
                                                        MD5:7B0D07DDA49863EFF35C2696241CFB8E
                                                        SHA1:B8703520B75E2DDF0815A8C84677FFA5BB5710B8
                                                        SHA-256:14F756233FDDEA32A6879EEBE7FF52BCE014E842143B073C66B2E0022149E099
                                                        SHA-512:E320E03FF6D8C44004092934BC32B1288DAB2FB3D53BD4FF296AC1C641A0680A15A27EEE1B31580253FA9E1301688F708929A8BEB7FBE0B85C1791A08440FBD0
                                                        Malicious:false
                                                        Preview:....$.EvBb.`8..b..L......4.'...+...vq.2.......r....3..8..^.PG.+.Pn..... *..fj+..........0/.o.j.J....I....+...0(.@>..=....M..z&..<.t..JbW...Mbx..$.9%.3....c.~...k..4.....m./k..J.l.......|xf.'...HJ.2.aB.r.$z..#`..ug.Ex9M.}..,.....vE...x=.U..8m,b.46...s9...k......S..c...^....vu9..... ../.t..H.e.H.D..o<o...F....R.yp'....R............*.Z3..@.L....N.,.i......%.+...^.....M>...rP......*.~p:7B.....`...w..J>.a.....n.b(.=..F$.t.i.Oi..(..b...g.s5..j.vl.U.c.(..!Z...R.B.E...v...-...S.r....S..m...eng.....v...J..~@:!.!...q9......A... w!.T..F.r?...{T.A3.f.7.G............H...(.3O...q.E....!.u..@.fv.....k6r.^Fi..`......UU}.Bo...A].(."...?+..W....!Qp..^(w...h...X.Jd..wh..X...`.....,`..;]......Mu..fpz9.*..{..Z..\............D;..G...r..D..y..8K.5.M;..H6.iZ.Z...0.*.....>.Z.......y.:...~...F.Z....o$.u9.{...Pr..WC..)(...S....o..@wxla...?.....<..j...V,.......-f.....6.D'..b..*.s..^.^.j..w.g.YYj4..U........h..e..IAu..#..K.a.,.hQ.S..u.a.x`...q#|....!..J....EGY4..

                                                        C:\Users\user\Documents\UOOJJOZIRH.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1269
                                                        Entropy (8bit):7.844023501291973
                                                        Encrypted:false
                                                        SSDEEP:24:4P5JiA/0ZBMrFLaOnwcIe9mN+6YR/z2Fxh4PHrC/Tjbc5TLC7f6bxPlS:c5MQraOnVx99rR/zAL4PHrCLjbc5TO7d
                                                        MD5:6FA470CDAEF74B763D56FA17082EA84F
                                                        SHA1:0F735D3EBBF9883C8D3A1D0C5B503411ABCFBA77
                                                        SHA-256:97A39A7ADBCAB0DC7E21A9DD7DDD472DA80CAC1DDF7383586CDF1FA271CF324D
                                                        SHA-512:CC677221FC283C2239D45431F389C2D4B6E027F73881ED8DF6F07DE6C65194D874E2E824881AE3FF8572F7B976E498BD0E46EDB602389FB55C5F64F4815B2F56
                                                        Malicious:false
                                                        Preview:..e)8....C...{%..>.q.......0*..9...o.n.....2 .<..$E..F..g.Q_|.m.ibW.......{.F..y~.,..8.......V3..}f.@...i......6.A-G..6.G."y.[.#./.V.&'y....&X......;.......6.9..\3b[t.&.c.. _.#,..c.k...l.CGz.Ha....G...#...`K...^...'.Y.u......o.q.r...~.M(i.t.*.E.D.S...rx>..2#....<P..Q.b..?..(P6h.#s.C.....X$.sb*...r.....&..JY.6.A..%km..w......"Zu|.B..t.9/B(.R(.d.....!..?ZD(.@..4..N.YX...?.,qk........"]5.........a.h.......M......#...<G.V......Z.....y.....?...KYo........C?..??(.U.....Q.-@E{..K..,.......V.N._..Vas..;6..?OC5...sq3q2......-V..'g..Hy82N.....,..idh....@..zN...q..35'...C.<...5w....se..nfvI..<.....f...vxLc.L|k7,:m.j..5..Tx............l.-7.B.I.;?(........%1..V..`........OO....A.O....5.`...r.4..VS.....<c.9.Y;.e...'=..G|.......2.X....{4Cz........|@V+...M:...e9o....6w....Q...f."..r...i.....Ba.a..6...$-h(WHI...q#8u*].u.JM.......gb.x.O.$d ^..8._.k............].>"..M.....L.?....L..(.S...m.,..{...n4....Fi~\M..`.M.....\.!.4......V.B..\H'Y..)..,.u.@...fE..].4

                                                        C:\Users\user\Documents\VAMYDFPUND.docx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1274
                                                        Entropy (8bit):7.84523548465574
                                                        Encrypted:false
                                                        SSDEEP:24:Pv3rQOURsbvB8+5FAABIa8+5uLb9dtslwwLNGUrMf6bxPlS:LGKbb5VmZ+5Ub3tsltL8UIfeQ
                                                        MD5:EEC1EE8D3D2E422A4CE44E1CFB149969
                                                        SHA1:F8A9D30F89ADA3EA3BECD18C7097863198CBE3D2
                                                        SHA-256:195B9CB30A643387E9A8C1EFE33EA868E0E1C7E008E3E54EEEC4F388FB5BCD03
                                                        SHA-512:83341CE51BE76CDEE0AC144ADD5B22893422DF5EC00C60051C4F50388E3DEE3697E9F54FD6257D0E59409A6B1DE8746A3C392CAA7C81A37D3760B56B9AEE2765
                                                        Malicious:false
                                                        Preview:..e..D.~.)........!(.B..5z$.lv..W..D>F4.lC.cE..uO....O...<...B...UU.}...g.|\]I....QTY..!...d..~nG....G.C......W.......G/.Kg.U..r_..wk2..Zl7......$_....A..._(%m.....c/.X........i....G..#;....+.........r.cG...e.3....U&..\.7.`.....u..g.P......c..y4..+v.O..X3.../.....D.w.9!.:!.'.b..c..e2..z.o..m.....R..&X.....9{.+..4..)...X.._(....<......7[bC....B...6p.ku....9[..^.*6+f,;..S....x...Xg.......[...,pwg]...../...+...)G........Z.D2..i9.....g.!...Y..*.].|.*..hq.(.x..."X.......F...Jy#..p.w..........u...E.{d..6e.W.....;.cdS...2.i.(..oQ.....u.W..i..h:..........f...;.N..B[r..E..WI.l..E2.2.y.B....Q.[..!..#\..Z.....l....9=SR.....@m:.....:...&.Ca,....j-5.[..Y[.<z..Q...zN..e.I!....(B'}.u.C.,8e..{I......D5...)Y....aG. ..|...SA....K...u...q..|.P.T...I$.#..@.....U.fu.R3m|..v.6....b.^...O+.<\.iOY....5=...V.mc.~...q:}.'F.<.....6...8jQ.S{......v.....<.)Aje.m......4R].5s.....U~I....Y.@.8.....j..A.....a.:.-S...L.h.S.....:6.2...%^.U@.<.\|F.[Q....+....K....

                                                        C:\Users\user\Documents\VAMYDFPUND.pdf.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.8224705353711474
                                                        Encrypted:false
                                                        SSDEEP:24:1nc1tEjJCGd0nXyJFHrMOAIH6X7429OrpHn3rVyNua0jm7cP34rzxf6bxPlS:m1yJTds2HwTIH6r4298H3xyNuLjporzf
                                                        MD5:A0EE0D5742738AD28EC01D6DABF60F89
                                                        SHA1:9E8058B5C0E4507087BB27ED41C9C83409C69FB6
                                                        SHA-256:8F12A63CEDCCC01690B7DCCE7F1F4AA70A19EB905B0AF0A5F2E630DE3FB4ED79
                                                        SHA-512:71B0EC1E9BA4ABDD1254CB79E40744E022DEB0D28D0E5DD6597B5DFD9C617867AC613C633E8088965D065E1D619BEAE932761AAE6A5D6A11BDF68686555407DA
                                                        Malicious:false
                                                        Preview:o....9.RIL...+D.[..5.L[...!..(......?i5B..........r..../.}.o.Z.}..a...g'\..Z..'*.R}5.$~.q......".A.I.0.q.>C\g.d^_.x....P..3}6..V........1....ZS...7e9.R.L'..t..%"....|.D%.....6UB.D\.w....b.............^......Y.&.l..1..{.:.U.0l{.d.G7..t..W..K+.s}*5./._=I...H.(.(.?0G6s..+..G....K.y.s......g"o..y&....@...........#..F>...X$..>8.nu.v.<....C._k..y..;.....f.o..n.q.Y..(....zY.o........(F.M...&i..mU.c0..e..u...!~.N.]..5........uI...C..(w.K..D..........E...y..|?........_...X..M..(..=.F<......i.g:3..|..^.e....@/EC....@....M.L.$>.g.z.........I.E...Gc......i`.p".....~....^./...tP...;W.A.)...Q2@Rw..{...69&t,'TWo..->...k...... ..\..SFn..*...F.Mz.W.y.G.6q..c[.T...{).m...EA.....r@...S6.bv..h.....R..*..fKq...v...;..&..D..).a..n..4.5..v4`.{.Rn.`.<...8.0.1..K.9..J.6.b..D......nJ.....=....%.b...O....d..'a.f.A/p..~".,)%3...B..#v._..c..s...i.....Y....E....>.-....9..-...b..%FnOf..X.I..P...7Wv.'C......s........BX....Z...C....[.....bm.IE..(..&}04.....(.%..ZJJ..

                                                        C:\Users\user\Documents\WKXEWIOTXI.docx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.868676405247338
                                                        Encrypted:false
                                                        SSDEEP:24:gRxRjd3HsWTs4jm4T34GwPOfaXJMdAqN9VVreXlWMf6bxPlS:g39d3Hhtm4TIGwPeEMdZ7freXtfeQ
                                                        MD5:86DDF3AB7FF8A8BC854B5D03E5908529
                                                        SHA1:A3D19E4AFAB8D0E5EAA619D7B3102B2701208C8A
                                                        SHA-256:B17861A159BA69F408B161F9319D6742A1E8559895A833D89680D476A0D94D63
                                                        SHA-512:E3ADCB7381200A09BA3B2D3B62EEAE8673E372C487B223BAFD932F07E7091FEF3B2C83ADE6EEAFBB60812C6E631F9541E50C096E7654B547BA0AD69A684BDE1D
                                                        Malicious:false
                                                        Preview:..|J?...H.n....r ..MP...?y......B.. .3."..u..t{R....YVA........%m.8m....R....@2.._.RF......:._..;.6nU'....b...#.=K..!..e..,8X...TK...83.^`.8,.....-b.\)eAs4}.k.tVb.....RM.`I.B.2...G..M.(Jo,.".u...O^t..$S..])..T5K...X5H.M.'..T..$..... .B..,_V..2..k.E.....].e.UM.h...4..X..f_.!.Y...z.Hd*....4..B...c........kd.C..........l...;..*.....~E}V...np.\)..5|..-{q......(.C.>9.:...u./{7iuf..kg. ..V.....A...5..N.]...{.N.../.....&#.2.G..7....Ll.FA.D#T|/..B~..P5...gJ4.Vj...c..?..e.jF9..hN2....Gy..N.....3.QH2......c...#..N.....mU.....j..6..F!"..}..'.i... D).]..!.........V3.%.....R^...K..cLGs............{Bv\..3U..cx~.&..#U}....8.n..>.......\F....).8..\..r.p...`(...v...2c....y.A..r)M...S.n.3/|..u..m.We..Zm..}<........>b3.Wp;_.b?w:.).?...un.C.r#..W_`?]4.|.....W4T".......P:^F[....L.....6...$....&.b9.xGZ..~..]RN..H..........9.W....x....A9Z4F?$-.3<~..d__.9..i..*.H...$n'.Q.l. .u.}...^D.....9Y..J....s...I>.....nG..fX....`.<..4..[.jTu:...rP....'.lI..Js>G...T.*....^.

                                                        C:\Users\user\Downloads\BJZFPPWAPT.mp3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1270
                                                        Entropy (8bit):7.827190336430446
                                                        Encrypted:false
                                                        SSDEEP:24:quQh8f/UCCW/71ZTV+w2fvp2gA6CAR3v2P2iaLBG+kP5icggrf6bxPlS:pQWCA71Zow2ZDfXRBiABc58grfeQ
                                                        MD5:254B3512126CECBA3ED09C324E32B673
                                                        SHA1:A2208AA37F08B9DB4456964B855436961343D3B0
                                                        SHA-256:9AF46244785D0F4CDB9DBFBDC28D373B653332642535C05839AA90D5EE1D4871
                                                        SHA-512:1474094014A5BEF13B33BF0969435A5FFE9D23F69B072E3D4D9046C240E30E92BC9AF90FC4BCC42C1D91ACAEE4DDF04535E2FB028915F15BB84ED6B6F0247307
                                                        Malicious:false
                                                        Preview:...;..#..ed..*....a........t..[..J...C.=....y..9...9.[_RQz&DP.q.$.~...e..x..U~..{.q..G%....]..M....7>....*3i.....A..^..NN....A...i..@9".Ws..K.#...6.(....7.. ..B..G-5...[^.....kw.ZF...5...#|..:..........hh99....Q...B../.{.5.A..bP...D..|.&....mS..>`Z....qS&-q/..NI.....sw|S.k.$..V.kH.q..:....;E._.s).|.z..3(mF..h?.d.....?.7?,HK...3.sr...8E....N...R.MB..j$.;...%........~.6......6F.....|...&.2...l.U.*.. )C.....X.Yjz........!.%Q{]j.;.]f%.Q..w.9.-.....W..... .5....qj.FMN....u.C..7.;...%...Q.b>"...1.4.T.-...L5......!/B......<h@w.r......Xtt....../~`.w..JK.(........o..Yi.nC....@.....;\...^.o.1Wg..........#..........,)..,W....o.c....V.......?.l....69r'.E0 ..?[<;../..........?N.MG.j.#.W....Q+..lnnb..F.........r...Hh..:........v%.........V01.6a.0...J'.......]E....`.Q..n.-.:..*;;o=A...tx...*...v.4.p.h...........P.u..b.H..F.A....1.M.@..1s7X.....ek..C.N.....W...n.=..x.iP.U.v.E.}.G..&O..l...R...cA...U5....a.L...c%... ....a:.z}s.9ma...Sh..J$..)....

                                                        C:\Users\user\Downloads\BNAGMGSPLO.mp3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.828596244054118
                                                        Encrypted:false
                                                        SSDEEP:24:UZ9cYaNt5SSfESAogj2vIka1ysdWZGpmPuscVYC/1fdOuAPb2ZUiYH1y7T5zgF+/:CJanTMSAogCIk+1WZGpm29YcFwuAT2Zp
                                                        MD5:CA0253902CB92D51809637320C388861
                                                        SHA1:C4F079CC8235606F34EB0EE167A7B23218B14254
                                                        SHA-256:549EBE7B0D7DEF7669999BE3D8414F1A1793E47C7C64007F4D00636E2ACB69BF
                                                        SHA-512:C061E897B08DA24DCAC50912E2E51EEBD2AFA55A66783098298A7B0CA46EB60675EE60C8B4AF0173727D429770730CBD4F6E01C70D4F5B3E1180C33786CBFF06
                                                        Malicious:false
                                                        Preview:L.....Y.}...A....-....O.~w.......<q.;...@.......bZ...../.<.....<.W.U.% .s......d-...d...1.A....}..".:.M....ne.R.{..j-.8(..`...6..n.upQ_..*.{..4.c.n...b...hA.......O....".A............(.....|^.O..>.P.e.bG.7.7....J.%..m..4Xww...l.h..C.d.4."..e...1q...g..#.<.......qTvi#..*.W.@S....P..ch..,W.g....OO<...=......3...h..6.........0..&....H.w.@!.( p..|....7.H(m]..>._3...?t.x.V.tm<.f......NX...Y....{...T..FD.0OI.p....V.fr.qb`.2I...Y..hYr.T....f......O$...&....I.*...........V.c].)..%h. ...`.K..iV....l.y.%..........uM.[./...y.\.g.."\.0.`........L\E-/.F....T..3.......wX=.#.N..h.s.M.....9..MU9..J....g..D...b.>.y..<..6..~..>.I.q...WjwMly%.....bGA..l.BW..W.]fz.4......%.T`2>.:e..iW........M..4.S...p8.0.s.............m.=.....!1.:d>q......^.h.-..V6.+.../..R.G.B...%B4/t...C.%...^@.......7.......h...2.j....J..'..N..r...@.i.....d....../6...../g......A?M...9.n+..C.a......evZJ.to.N...Ph....;.=v.....p..h?i..R.........<...pOu.h....-z.i..4.#V.......R...}P\.y.

                                                        C:\Users\user\Downloads\EEGWXUHVUG.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1270
                                                        Entropy (8bit):7.857638755683675
                                                        Encrypted:false
                                                        SSDEEP:24:koe7ZaDHbdcs6enhNZXs01IR8q3ahz6DYBAtoHsrMCSVB5i/y/gMQf6bxPlS:ktZaDHZRxnhNZXs01Cs7Cq3UUgrfeQ
                                                        MD5:77AE3F81B7A756E484314C2B9806926C
                                                        SHA1:2C2F67893FD666BCBE3CCEEAEFBBD124727A1BDA
                                                        SHA-256:C979CC7FFE79D548EE1696D7A9CB711CE37B01AE73B8342CB2959C1760606D45
                                                        SHA-512:1D0F81A99A8B43A3A20DC760D46909734B08C0048315482772A0FC11DD6A7E6760FFDEF54C76AE61F04A2BE3CF1D0290CEB07623E728F621F70D82DD6E0F50B6
                                                        Malicious:false
                                                        Preview:|.7..R.|wN..)5.Ss..whY.h...[!......H.L.....?........D...)......wm..1c....."\$?||..'...QE.,.Ic.Q.l.N...?...o.%.BfE##..)S..p....".Y@.....<...*W.tA.....k`.b..my..a.....S.G(...2U?..zQ.....o....+...`.Vv{...B.]K:.s%<%..a(.i........D.gH.W.S..z........c...1%.G[H.X.)....^.e....2.H...SN...#P..t.....,l.......v...T..0.J.RU...$....`.>..M%......g....@~...p&..o..........El..pXE.i..Af...,.......ir&..(...x.V.B..QT.....+..R...$r.<z......z.rThq.i.<.sE..+.s.4s">...@..>".......yK.?}.1.?P..E.+*.=..x...ylX..T.9.....\.... ..i|.@.FZ...MA.<.6..2...v=U...c.F+.V.......(...t..e..t.i..7.VO..CM.6..#b.cQL.u>.\..?x...^...W9.s.!.BuC..Dc.U....mi.F.....UR.....^8...R\Q.6.g.9$,....,%...t;.K..[.../_....q8..1FQR.....).%.W...a.t...+.........n..K.%."VW...I{.....A.i.W.S...3...b#....\ ...E.c.....:.g......hH,.i..\....3^.h#.".p.....!.(,@_...`*$R+!X'J..-6s..)...E&.m.6.u.}..qd.......0.1..,...t.N.....|0.?.\..J...'.....Y].4.:$8z...KLk. 'K7]....<|.[.g~F.y=k...9\.,.w........z

                                                        C:\Users\user\Downloads\GAOBCVIQIJ.jpg.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.86837129906554
                                                        Encrypted:false
                                                        SSDEEP:24:EZTY6R3/EoPh3yWu2oiiVmq9mfFREtwASbU1aM54U1Wf6bxPlS:EZDF/jh3yWuzdM7Fi27boa1U1WfeQ
                                                        MD5:A4CB56A75C83AA66473CF004AA1652C4
                                                        SHA1:5D7565FF4A6B9086320BBB883C2F84184CFB60A9
                                                        SHA-256:8A9FD01BE96BCFB7C6E495684CE70C28CEE8020F80540A566AB085E60645A490
                                                        SHA-512:7CFF2C2A1A65BC23A1A59BBD49B474FAD7282C78F549F570F720C5BF6916B015E32E5A764D1D94AE402157198AC69B8814DD3A22122B09481DD3CE3AD42F6258
                                                        Malicious:false
                                                        Preview:>.N..Mh.0.,.7..e!...+.\.....}...I.T}NJ;m..].m.ht.......t."[.D:......)...q)xO..p.....1.....7K..Zwh...k...?.}.....y.).[9.....B21...u..&L...~..MFg8.9".NwN4.On...F....^..M .>.....nPv-g#.!.r.GI.. ...e!w.C....,..Oe.y.@.n.G.w..2w....?}.....3.B.p..).....O:f...f.Z].)......Q\............9..D.w.>hK...F..'...sk7.....K.tE.s...E.E.d}.aZ.{.7.H5....*...$[..h.....pcp...B...YE.@..ly[x0.H...CF....i..@_...?.jK...j..../.@$.7.p...'lr..f..t...._....3.....hA{..2.S.%.J......\.....A....v..]...!T.....N.d.;]O.........k.?.&@Idf..jf...<.._/.#.>...0....x...1tu..k..~v6.\R3..o..{(QV.~"q.5.7=.....`....."...>.$9H..3.V.L..@.s.W...W.+H.kG...z..?DH....@..'.=...{....HH6...SX.........S.o.t..<.\,......8.ocE..R.....A~.p...u!...a:..M..".F.....!%........OS8.o...L2.}....{.....:.....JpP._....M..*p.B.|F....3...Kg...Z.y..eaL.&....2....N./.8A[H"^...J...U\.c...P...6...M....$..=...qx@.....k=....+o..3....\....n.A.."..*......S..-.(....:..&..RO..n.W.305(...t..n.].h.....~.2......0..=P...}`.x?.

                                                        C:\Users\user\Downloads\GAOBCVIQIJ.mp3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.834347696468996
                                                        Encrypted:false
                                                        SSDEEP:24:BYbylLU1t04V7SpAgsgj0vSY3ewX94OzkRgrDMRnPf6bxPlS:BN4V7SOgJmuYlPvqPfeQ
                                                        MD5:7217C34A973ECEDD22076679C7E3A001
                                                        SHA1:2659E0C72739DE6079D024315829EC598DC24EE6
                                                        SHA-256:D3DDB4F0E7DF608F89C2152F8D9099DBFB2050C05A21D993B3D210984B117F94
                                                        SHA-512:AF150E3F2B85C5EBE754CA7A67DCDEE6DCADBBD5F88132BE45F31275BBFD6D84695C6F1F80C3FA4A7958DCC14B68442038487537ED560CE60A56BE21EB86B49F
                                                        Malicious:false
                                                        Preview:N.BQaH..7.P.-.......k.Ky.6.'....u.>^~..:..?%..]v..K..U...*...{.tfo.......*>..4..&0...8..ly...,...A...l.2.?.H....O2.q...D.M@pv..M..+.........{....c..ZD...mA".E.,}.....c....a'".L.+S....n.FeX..C.....0r..h..].~.J.ert..y.i...i.y.u..Epj.YUd.?Y:..D...z.....%....%....a..p e..&...6..........y.(P.)...\.B...K...._:^sT........r.!.T0.'..pr.3h.6o.g..vT..e..fC..f.a........J.8..&qF.t....%..K..^.......e..,..2tR.=_,.8.....cS..R...s.d.........Ka..Xx.?<WX.....J..1..........~~:..c...s.b...jv%.d.......i....~...Bf.B.Fs.[.i..&.J..U..Jx......[s.y..M....6..T...,()....q.u..u....M..Ca......d@JA..A.D.,J%.R..V.q.+8...-.......h..|.][_.<.z._T03D.........w..13P.l..,......b..-.&..S.......;U?...}.p ..n..... .. P....?....k(.....S....-.....B......;..)..g..VI..i.....:.V.C....x..y.z.C..@..F..>3.)j.U.......S.Zh..)...j/..V5.h.{...j.......4.V?:r....rLI../1.Pl..!..-..$....I.z...Y........#}lr.s^../_.n...qHn.L...1.p=....;..I...X.4\.8..u]W....?...=n....6..q.5..y..]4^.N..O..j..i.

                                                        C:\Users\user\Downloads\GAOBCVIQIJ.pdf.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.843554237494721
                                                        Encrypted:false
                                                        SSDEEP:24:fDPwt190cYsxHi51ywVNXUClCbPxWE+QN+eSqcjC3XrLA6ha5sZ3+ZWMf6bxPlS:L20WQjVBYPOQsPu3XXTeu3K3feQ
                                                        MD5:46660524BBCD5FDCDC218152909CB485
                                                        SHA1:DA52459EA70EC2FBC52E02E13393B41FDA374383
                                                        SHA-256:481AD701EE8DF026710081D434E13B9C893C01F812B0752715BA2E63E0F659F0
                                                        SHA-512:1FE8940214B9789E3EE9C20AAF22C6D406EE189B080A88E7DEDA7DF1B94C191F02B9D21DD96BE143E0A3F86710F00AC07F8A9D42C3EC7A53C77446C14491CB58
                                                        Malicious:false
                                                        Preview:G....|..9RV....[...Z.={.....k...m...e......5^..A.s&z.~.#.....j.....5n.....W$hzF*...,`dN .ep.o..)v..fZw.o..+UC.D.........=VLb...d!..haP...)V.p.52....[\.t......{4NJ..L...C.w...g..}"}.HE..^x..Y..r^5....E..g..~.Yp{......0..x..F'.?.)...,.!...^...U......%...A......4.2.>J%.D.G5...Y.0o.>...bk........!.5.._k6...(n.T..D]..1..J0V.W.bF......}`t.f.haw_j.R..Q.T.........F}......L.#....a.J..D.>.{.|^Q<......zA...by.D|u.-w...T.P~m,=/.*..F.^A`.o.....^.c57.6..@..T......U.......8(..8....dK%..i|Xs..w...|.67..U..e.VZQFi8....&....&...u..-.....iN..FJ....k..e6...^#.......5..7...P.$..,..oy.]~.....N...I..-....Rt4........z].I)..i.....t.0x.X.fZ..^A..Zi..E9.....;y.....N.k.=C.|.0.........R..#.u.#?.-Jk......F.l...n..;.'(m.M.D.k..........'.Z.71../.1...wpt.A.u.0..o.S..gT....1.d;E..#{1...?..\d..S,..e..k.a..,8g.[..5)...Z..Z|x...K7.d.7m... .V.w..\s}.Y.D.n|..`..n...MH.-3_.9m...f:..\...J......%...B......9..3.+..............i.]?.@e....P@.Jq..lQ.....eUw....pG..b...'.....t..x..}....<>..

                                                        C:\Users\user\Downloads\IPKGELNTQY.jpg.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1273
                                                        Entropy (8bit):7.868703429251948
                                                        Encrypted:false
                                                        SSDEEP:24:RV/dKqq2Vg/sRVOAV/Y9wmn+hkvNeJipjapzty2ENnZhNf6bxPlS:RXKqDg/yNmn8ieipjaW3bNfeQ
                                                        MD5:8709CD44A74AE8782B64020AE6092366
                                                        SHA1:ABCC161845F8D15C3838D81032B813220FDB9816
                                                        SHA-256:01EECF5E268921D5C59018AA87D9616B762D8B17180540D34A1A2FE9BAFE6BA6
                                                        SHA-512:980A9F50C340468C98C26650713477BDFDA6E69B7970F4E6E5DAF99A2E3EB0F057391125A8CC1E4542B4D8724D9E540C7DE64F459E4A97F2FEC5AEA9A0479ECF
                                                        Malicious:false
                                                        Preview:..0.... .../.R!........../.a...........0V..?.._...M7...d.@....7..........Q?B.J._.F.Oa.|.I.p.h...L.|\sW.O..M.t..P...G..GA..<..j*mk.J..;..;./.j.].6....?..S.5.}5...=.)J"%.-.HI...'...Qj+...l.o!.\...-.t.a.mT....lT.cQx...|...}....,_..z...RNve..K.=.K.2h.7[<.I.....u0.&+......gs.N.R...`..;..>..p.)...!.Y..N.>y......@Y...kK..}.(.HC7m;n...G.<k<...f..#o....w....l.:.,....*X../.$!...KU.c.L....."c..5e.e..w.....<....Y.6Z.h|.]\..X..b...GWQ.'fH..o.......(65-.8..e<|..0..._.....a.JM3W\J.2..T8`...(j@n..!J.c.,.....[.?....e.....x(6.Kq..."...[.p..X%D&.;S.X...Y3....}..}J.....:TG..../BcU.,.$.....[.z....V.Tb?......'-..72CB..I.)3"..."..Z5..<...t.....,..c.*..!........B............zA2...IR.5Fe...I.KM..8.)..d..0^i.].s.......bt5..Z.^.....9U.....[}M......2..FO.zYD'...9.dG.neP...v..!z...w.>`...j....W....@.....1.d..huj.r.=O.M..*.G...?.#......b.I3.q ...*?S........e.).*%....U.B.G..69..G.m.....c.!.........#.L.....L..g..F....m..BO....(...u........o...l..jq K....c#...3^

                                                        C:\Users\user\Downloads\IPKGELNTQY.xlsx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1274
                                                        Entropy (8bit):7.850275528959953
                                                        Encrypted:false
                                                        SSDEEP:24:xX+8lMddguu+fPc+vOpS/pKxvVfOlA88ciaGqoOCf6bxPlS:xX5lMnjf0YOUUxvV2S/ciKCfeQ
                                                        MD5:A5B5DA17D08FB52A310BA836FC7755CE
                                                        SHA1:BFB9503E01F7AE85E9A52578F17E7DD491D75ED3
                                                        SHA-256:900CE74287176284AFA10BB829118995AFAE72FF416AD05E5A8BD965CC5355D9
                                                        SHA-512:7BF0E17E97D05F0EFFFDE27E4CB9939CC3E089F64FE4D07E74626772C4A59D7386B19C6E696A1CDB0AE8FE52FA291AF25A0387C95210F2EDF595EEE411C4D331
                                                        Malicious:false
                                                        Preview:....8{)m.I.NS...."...fX..l.yX...V^.W:.$.f.o(.1(..B.h*..X]...M..V.4...IW..==....D.]y.....<KzH.B.#...c.LQ..U.?..O..5gA.B....H@).%.....4...Ap..Z~.Y..A.B`..5...QN./2.GxL.U...-31...82....e..Pv..q...M.6..;.=..gP.g.j\.!..%R.u...-......1...fR.B.e6.h...,..E.c%+..C...v~..4....@.......V.V\@..)...4.d.3."N.5s......:....x..)].......,..}.."..U]H\....g.;zO&.!.Y)w...q..BzeH....X~..e......%..V.um@L..{V..E2!.....!f....C.:.oh...W.d..|y....u..i...!S.V!.......j\]7..2..~`....Et...%...\.......(...c.a2.q..}]..:......-.*......}.Z'..qo*.|J.|{I........h{.Q5'.1l...I...H..^.i">.'........6....hqh..+.uo..E.z6.|........k<.D...u..G...[!M2y.LV0......Z.e>..sp......$....^.s..~......=".I*...<g..DV..:k..E........`...r..Q..kr.>.6<.G..s.6..`.).....d.v1.M$. .W.........2..Tv..=. 0UvLaI....JhB....W.......W.,).X...].OB......^.6..p...A....G....R9M."B...g....T.. K..6...F.+hR*v-.S../J.......OX;..o5.......>E.p.)...z..=..S.m.+z$`9f....63G#A.e....zR..b<....y.t..3..C....I

                                                        C:\Users\user\Downloads\LSBIHQFDVT.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Public Key
                                                        Category:dropped
                                                        Size (bytes):1273
                                                        Entropy (8bit):7.849290914495493
                                                        Encrypted:false
                                                        SSDEEP:24:A9WmYJOWcL60WbtXpbyndNGmYBzXBID/Ptg9GSv+Anuf6bxPlS:A9W0Wcu0i5byXD46rSnbufeQ
                                                        MD5:48A90B9F86E816486BB9211B8A9C8C53
                                                        SHA1:49807F98D2407528B42BE2598CCF4B82D20D185C
                                                        SHA-256:28BB05A8BFE16B5C4A6A438A9916FCB5C4E5DAE17CB6029201CC6AE4787D3FE1
                                                        SHA-512:CB7223E40F295AEFE22885772DBC6DBC51B38C64598EBDBDC15A8C0E90B00656122F54041C5365FA5CFDC2C8037D9260E4BC9B5CEA2E34D1546260F35698E6E9
                                                        Malicious:false
                                                        Preview:.zY.Q.T....U.`..K...6.q......<r...8;g.].!O..<Z0.-...-+.7zAI..!..-...I.$\...&..l.....h=?..k@{..O.}...%..w..u.d_..&.9..98]....f6`......2.F.....R4p>.$...#?..C.......b..F..7.......do....t9...qm(K........i........e9.7..DV.0.(x.T.5k......^XuTH..T.pG.Ie.T.V.o....3bD.Gbrd$.<U..d29s?.1S|.....1Y.Nn.....A..^6!......2..<r3..}w7....|..|v.(.~...P.E.Ga..srP1...{C..g".?.........vQ.s..m..<x>a...IY......W-E...L^..h....y)\....(.D.!._...}c.....kT..=...}.%.N.2..i.pVD.1...O..+...........g....vNw...5.....b^[.}r....y...i..{.,/.y.Eg<...!a..b...A.....d.?.l...;..R'=..nxr..w..[4..)...a.u.....a....-...4^.:....w0...*M.W.k.'...S..k$..%[t6;..^+..".1...w...@%.7<h..rs.....h'....S...P..x.?..UA..~...]. ..XB{.....b.1o...)....C0...#.I.~V..G..._....#..klB...J..{.t1..j.r^..B?[S...].9._..Y...J!ww.#4...J[w.Z...Ab.....-....j.:.L......9..).\.|....^.=.......N..B...1.....l..........u.........6C..tA.>.|.....r..@.d.U.M.aF..fz.I..._...R..0V.......?....~...M|....t>.k....|.6.Y..

                                                        C:\Users\user\Downloads\MXPXCVPDVN.mp3.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1269
                                                        Entropy (8bit):7.828816086213018
                                                        Encrypted:false
                                                        SSDEEP:24:MjVEeMVIxAHahBvg0PbmF8rXLaOvCwYSN9vsNQy5DHTcQgFF6SfBYSf6bxPlS:iVEku6HIa0mbagCFs9vIN5HTvg3rfBY2
                                                        MD5:151AE1CFBF9022D4A16038459918C820
                                                        SHA1:3DD5C320D1FFA43980E22AFB1E0561A6B91285FE
                                                        SHA-256:83F07EF8601B29D5CD1DD25DDBA488F22091DA9D3138D9DCA323B2D3E2E3422A
                                                        SHA-512:D68089BD6B02A55A99E7B4557E0B00FDDBC85591AEB15612A9FE7A67E187ACE3D83DBADCCA7E5A99F11D60E530F1A8C9E833CFFBE12D736479E07E97F533F9D6
                                                        Malicious:false
                                                        Preview:*=...N$.........{z..."E..`4...'w^(/.aY.i.p.y.^...)<.n.d...?.h.{..........u...$.F.Y..........N.>S..=....6^..ys....3...K{..A(b.d..C..&.8g............./..E^.L..^.....,...CW2.M. ....^Q7qT....*.W.T'.E.<..`5o.s.6.....f..+..S ...>.l.e..Vy.bE........T.m..~... nW'.F..[K..(...5l#(Z^v..-k./......kKw.....A.i.P..?M.+..M}..0...E.t-.......bc{w.}*..n..Q...bAvV4z~..,..3.Y."..s.w,?'8~g>...&..NI....XCr....._g:o.\v.2.U.Z=.....".C.8.?....IVf},.P.MM. ..Y)...m.En.8_2....UY.Tzd..G...,.M4.$T.I.)I..$0..~.$....BK.&eG{]....q........k...E...]^..#5..^x~.8Z..NRx\P..&.sw.N....\j.m.w.w.$.R.J..6..4.,8U1....n#>.-..7...+g+M...Z...^.tt!.. \.utA....L.,.J..[..F...1......|1.....-%G..............3U.........gF....0m.'wS..L.a..{...X...............Y3a(.)...z..7F."qb.C8...w.$5:..2=..K.".^@%;..{........iUv.B......g......J .'.z....V..,..P.i.=...w..JF.+R6...%...y<.-&...#...0..>.5%.a..v!9.)......c6D....t...j.7.C^\\..s.../`...\..= _...t.g^E.MR..X.s.5YC.p...<...c..}-3..`...H..#..b...(.

                                                        C:\Users\user\Downloads\MXPXCVPDVN.pdf.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1269
                                                        Entropy (8bit):7.850936001248052
                                                        Encrypted:false
                                                        SSDEEP:24:XMqXc80opIili8SJfYFV0Vb86dXLkuJ9/tBXnjelSNXnf6bxPlS:XxbYPtVxBJko9FBXkSN3feQ
                                                        MD5:D2F025A01F95763A6E86BE22786B23BC
                                                        SHA1:636C2EE603BA7E8D52E2683B4776C8A9C5E6B75E
                                                        SHA-256:8211DD0202F932C225AA7168E139E6E22F0B09FAFE818DAA84572B4BD4116270
                                                        SHA-512:7C93F94EB7C7661B62EB278E24D3DDBAA90F7EFE32606D9ED5C63302C59E80CDBB10A9A410F21AABD6037CA0085F12658A05BD0B5934D6DD49244FF40FBA53CB
                                                        Malicious:false
                                                        Preview:!......+Wic.....|k.k.....P...'..q.&.o.:.#y.]*.s.....]p.A........;.~...C..h....u...K...@......jS..1...N..(..."^.)t.3.......An>.*.`r.a<.%..m.%_+.!b"^E.E4.]H..y.:+w.3R9~.g.v...$..6..X... +.V..=...F?..u.T....`..-..7B...v.{..........i.c.....d.3..}..\9...J.j.<.....P........I...0.~I..m/...@85.2_.^.|1..V..04&S._KY.l{(..l!...t....G.....%c.UDH.I...@U.w.......W....~..G90.(.E.rC..\ZLV]....(2^8S.i.Bj...[...C......bI.c.G[X..L..5qJ.Ba~.....g......g%.......w}F...{.JY^%U...S..N.....s...{....:gM..M.o\..I}n....N..:=...........Y...1.r...3......<.E..@.yjvO.+....p:...+c.-..&..]C..R...pxQ........]q..@......)dU[p..1.vn.H.g.w.8}..j............m:.P.......E..j...+3b.2J.S(........^..38..e........R..,E..l.........'.P...W.i.....tY..@".q`.W.&.(.{1.x.l.*..Sz,..J.U....=...p.x..]kj...Ki."m.t.......a.`%F.P..{y.)..i..GZ+| _)ld.P.MC..v.b.'x.1..Q.(Z....5.V..?.e.@=.oV..J.8.....CF..!....{...~.$...l..I..,Y.....^.7..D..n.9.}...?.........P.w..^^.3<.i...y............^Rx.{..+...fm(O...g..q.

                                                        C:\Users\user\Downloads\MXPXCVPDVN.xlsx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1268
                                                        Entropy (8bit):7.860659824796858
                                                        Encrypted:false
                                                        SSDEEP:24:f332QOqnwdz4hryEhGDBjcxH6f3JLwAkG6RvLXehaRTbsvz2UlO+xb9n4idMf6bW:v321N4cCKOaf3JssgTbwVl5b9vMfeQ
                                                        MD5:9EFAB58B56B157F29223227147089876
                                                        SHA1:AF3180B8354B0143C08667456DB60CE57ECBA652
                                                        SHA-256:0C3775DAA15390C732E01286DA6475A406DEDDD6A187D740486C29555BC43F80
                                                        SHA-512:BD2ACEBA7433C17765ABF615AAA28B9DD5B00B294D5014A3F0C726377BAE6124708F4A6FC4580AD1CE9A8F4D7F8CD2622E8EF7DEA469AB9D738AF71941B9E3B7
                                                        Malicious:false
                                                        Preview:...].z....P...d..w..,t...)......h.....J..../..0...@4.&.b...\.bc.b./.F......q6Q8....!....}n.....3.....e..C......!..v|Y.6.3d......R..D...Cft.......>Ml.+...!LH.i..a..Y.a.l....'Pd...:.VcF.-.m..._..ec.i.r^,lY'./).}%..V.8[....%.w.....L...\.x...K.....MY.1..v.,..9W9J...o..Vp...s..V...T.Q.r..B....f_.t.r....]...N.ZD^.f..k........E.k..n.e....xLo...t......%8......B.rTm..K-..L..........O..J.00..M..e.3.....p..}....l.................R......z.).f"....i5....a~]..W..4.......u..u.8.C.i..|..M.+1..V.-k..nG....f.a.....u(_.qt|.....[[Z..7..Gy...&.t............h)T..m..o|q...Y8`.....R.nu9...........u....PG..S....3.}.@..7.)..4t$.g.....%D.U...G.-...(... .|.\.........q..!........F'.@..z.s8.{...JI.....1.*.A-.W.J.....f.....L..H>.u...S..5J.=7.v....{.........bA\z.[!..J.RA.2..l.#)sJ.........1y..N.A.-w...! .-.r...F....3.*h...%......^.T@.|\o~..,/T2e.......W...Q....zJ...k...6....(.V%QU.....[.u.{...H......!.x.y.....O0`O...SY.=...l'.c.h.f....8...2.Hv....@V..l........5.

                                                        C:\Users\user\Downloads\NEBFQQYWPS.pdf.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.8603446158699875
                                                        Encrypted:false
                                                        SSDEEP:24:OcFAkvq9VDhW8KZwUcmauXxKz37gyqxIwotq9b30LSfw1qIE7I1oNBFT2af6bxPQ:OcFPvq9TQi94+qvaAb30+IYIKXT2afeQ
                                                        MD5:B8F5E8B33125C6F648C02D02C6C4A3DD
                                                        SHA1:D5E11026179DEE8628615D52AD63792381B5E7FD
                                                        SHA-256:1868EE48D2AA2C6CCD0C9335775D2B75CE3939ECA0E13035A22562113F18FEE9
                                                        SHA-512:DCACEEFA9AC861A1692A7EB95243289CD0FC93F998AF4A03AAA29E151CE45F6CD63F535C7401E38D736FC5A2A358DD5219595C2429EA8084B9DB170778FD3587
                                                        Malicious:false
                                                        Preview:...U........L.U....I........n.`.A...W...4..3....".5?..`+... .....[.#..6. .I.W...c.....0W.n..:..O.......L.dE.?e..a\9f...>.m........&.....R..R<sZ..U./....r..u...a....tB.xn..2]..x.?......a.CW.OS.8..$... ..z ........R....Xb.6.0.]R..*y...k(..J......W..}Z.......W........}t(._...j...i.w...c........nd...B..lk.;bV.Z8Y.y..Y...v ..$........i.8..=.x...]..%r..../....)opI|lXu.i..J...INKO;Ch7...f.2.a........[gJ..vX..z97OA.C.Xw%.J.y/.'r.....]U..N.p1.h..s5./.x.....O."..y.M..Z..../.?.k)d._RC)Z9..X.N...X.o..(f.#.H...i.~m.Q.v.f..G..!`3..F..kW.}i..0Z.,...:.?J.)=/5..M.Y/15.u@#W....h.M{..iM..%.^:..b.T..2.l.".8.}u.....6...E...$JZ..7)`...S..<..}k.E.&.:.y.4.h.O..A1.g^B.....@H6c.......Yr%&.....>.[z..=s..`X.}>.@.n.'.6..U.z..5.Y.?O.....T.8\....)....Lkv.v.N.....6q...X..>.;.Y.8.G.Q....>.}......|.........P.......^.q..I...W...$..j*.x.4......w.AW...c...R-..&....!...V....X.......{.i;X._x...........8.pC@.%3.7#,.@KSp.....@.F.. m._..`4........8.*....5t.u.j..gIO.......Q..

                                                        C:\Users\user\Downloads\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Downloads\PWCCAWLGRE.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1270
                                                        Entropy (8bit):7.881013414431845
                                                        Encrypted:false
                                                        SSDEEP:24:VPWW2GBrNLaAYNZ4ckp7Ll1kup9AXlswfnpR5PNC/CM3D034Zhuxi5iIw0f6bxPQ:FRbY0ckp7By6ArnX9M3D03wv51xfeQ
                                                        MD5:40FAFAB32EB03C9EC6D3EE1F3E466A23
                                                        SHA1:5239A82E1191CDE7763FAC4C26C1E63B8CCD8E30
                                                        SHA-256:9264F7282C4F98A51CC27FC9EE6D0FD1251800E1AE090FE7BD26292C7735ABE6
                                                        SHA-512:AEF2B9D4D14DE5EABA4668B5F32B8D876BCB31A8CEF5B424BE405F68CF8C47AA0962E67D229EFBFBA87B18FD1F2F8E00C8846EB1A26EA82CBDEE08A88539E1C1
                                                        Malicious:false
                                                        Preview:.P.98..".>^!...P...A../.......-~.9..t%.c...l..v..7..^...k..B..+.....M....ZE..X`B.p~la[_:.......!.=.....^....a...."7.k*.sF....up...%W...:*"..1=....7..%N.....\w...6B....aa.+O...Z.G..4?iv..=.....3u.D$.:i.(~B..(.._.....L.j.%. ).-~..e.jz.Q.SX..B9k....y.N.2yR..c....PE)&q\.#K.....N.....a:... ..d........W.tx..R [Lc.9R`..a.z=....9..#.N.U.......^.x0.$.4.,..P.0......H........n....p.M..r..@.y..C..+..]..[}......!...._.v|..V....h..9..!.J.9..T^u.!.:..HZ.s.T.._0..&`U.p.... ......QR.,P.......f$.]...!.a.H...4.# .0.Y.(2R.T..h......c.<..z.....h[L...!...].I....%.....;.op._W..2.{.......).8.>....Z..s.......'i..o......(zK.V...C.[.Z.$..M..\T...$..L*:.Z..Yh-.......?Y..*.<.?...-i..-.....R...9y^..r.]A.d....F.g..4..35.{...dt..<j....."=.;..;...Q..0.}.[.eF../...7b7a#.. ...h...,.#pp4.. ......,......|...9...O.{v.k.u..q...N..~./.V.}.46...>....g..-.=.:e./V...Z<.Y,V.#mL9....@..<.L4LN.....g.....S......]Z..y..6...s....A..Cg....+~...b9s..Rsa.J..`O.o..R-M?|.....

                                                        C:\Users\user\Downloads\SQRKHNBNYN.docx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1271
                                                        Entropy (8bit):7.857315359613131
                                                        Encrypted:false
                                                        SSDEEP:24:154ERdXc6EQBz3XRjP6X6DezB/3YKb3CwnXh7bgiMaG6f6bxPlS:154EfXBEQR3XRjP6X6Di/YKbCmx7O96d
                                                        MD5:932300DEBA95DC9AF86F6B6319DA700A
                                                        SHA1:0E0FBD1E634853F29195D24614C0883539F11F81
                                                        SHA-256:58EFA82C38BD59CEA319DC9E6991C6A487BA36CF75659BD31E6215DFA45204F1
                                                        SHA-512:F92E47C4B24B58872817F87617B0E7D20CFA599B672F26480631CDFB109B4580BC436B2D2E2C65672FDFB0C45D6C45CEC61EF2C6EA8EA67131C198D30B4AC3BA
                                                        Malicious:false
                                                        Preview:....._...v..5'wRgh]E..K..#.a@t&V.&..V.....o.U.#D.?..a.[...G.*...;...r..i#..L.U...S2I..}B.q..*Z.=.R@)!b....N....66N&..v./I`o...#9>Nv....].4IL..'.....Ah.!.+....&.4.^f._.>...I..~y....r..QX.~....;..O....Z..`S:.']?..+.9...8.<^.s...=.x...t....(..Px.!.#.*....nc;..'..(../<..~....I..P?@..j...K..3.!.Cp<#]..#.&T...............%.-..R.R....I...C.l.G.....uk.3O.....D..V%.`..<.B4~....F.xb9.....QU.F...Q.^.\.A..Hp..|,".lv.n.|Jwy....^C...0..L.RF.oRl.W.O.5...?....r...7........Hn.........P.T..k.l.?.y...U.}..@.RhC..'l..xWA.G.URL..1.O.uv..o....$Vb....K..~y.0@.T|D.../g.ua.........K0..-(...}1...m<.#....^pz.@.m/.~...VA..J9....dv..!87..z..g....Gp3}.Fi..A${....l..$p...3p.y....1....%.6...FL.x.Zn.=....[.E.'..;......XO9...4../...43GYJ.'.,)..F.5B.t.^.Zm..63.X^W..U....A.....g.j...dX..p..i..U..o..2m......l*.......Kt[.#...p.<.?.0......,.8..a......%.}........._.I5=."Yf./+..!G..T.^:'8.B..S3....F..X.x...........Y.D...v...-.!y.....{...#%.V...&j9...CHe......~f"..;..n

                                                        C:\Users\user\Downloads\SQRKHNBNYN.jpg.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1269
                                                        Entropy (8bit):7.8429447413744064
                                                        Encrypted:false
                                                        SSDEEP:24:GgRzuBh28OJ22Q49fxuA03o70hcEWCZ757rOMIu80EYtCqv0o+rf6bxPlS:VzuHQJtQ4ZxJ03m0hcIZd/K1ItTv0ogd
                                                        MD5:9793BD1177E875A68E07FF4181C017FE
                                                        SHA1:6FC609B9EE2EF3A278C7B0FD5534386A25D347F0
                                                        SHA-256:CA8B13EADAC5165801C32C9BED219A683B13AE51BB20A17E28D68B990B3D0FC5
                                                        SHA-512:74F3559FCE31C7B3365D44F552FE46646563FCA1AE154624550A41B71013579CFD125BF67D9BBAD50C06CA823DA8FA7FF5A3A29A4E0EEBED58E4214732C63169
                                                        Malicious:false
                                                        Preview:9.....e.U..*........`...Mz.-~z.....v.th..A....-.?.LP..W|%'+...l.=.W..vhpv..-*e.(U..'...:.1....(...[X..O.;..!%..E.._K.2..5...v.```..y[#fA..Q<.d....`.0..l..k.e....,../.;Z-.~bH.s.O..<z.k<a.]._k.......@Q...7..b.7.?=O....J.2O.8..+X..$^....&..&..A>.p..u...~..2oTF..Uv^]..........1.`...+.P&./..$jb..!.l..."N4u.Bi^..l..^..4/.......d.%.-G%=.(.9.v7f.He.....G^.R....X..ZR.C.!..r,.)........oi.....$..L`[....*p..T0......@..G\.Y....{{...3..R..Y..")..d..#...F.4.Q....g...SB....a^R@.U.y..3..N.O.(9..we..1..s:..H.?/...B.\F...6#.lH.)Uj.7..k..z...x.N].ao..I.+....M.T.....:...3....<.t....u.......DR...i.?.;..-X....t..L0<E.../P.C..Z..,..l.P....k.D.1./...._..Uc.....:.e.Q.T.RY|.<!..S..`.\..i...q..AQ...$...8N^`.@..,6...*...]Oa.L...M.f/......M......!.'iCwSb.B..m5.G.Y..]:..".T...`.N.0..6.C9I%..K~.2.E.w...u4.\p.N.}...I.y..o.R..c....D........v.... ..-l...)YK.l...g.1s........(.fI.J.~.....U...o..).e{.f.:G9L.Sw..7q.E0.Hy.m;O..._/U..X.q.Q...l.r.....Px....."../...

                                                        C:\Users\user\Downloads\SQRKHNBNYN.xlsx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:COM executable for DOS
                                                        Category:dropped
                                                        Size (bytes):1270
                                                        Entropy (8bit):7.862742343430765
                                                        Encrypted:false
                                                        SSDEEP:24:x1aS4lVbHU2P+7Sn4CYCnGbmRipGT9uZkvyJsKDDs7XHVK7d5iiXUf6bxPlS:3sllHU4F4CYKHipGJuZ8dYDs7XHVKh5M
                                                        MD5:2D414CCF5B60F8BD7E4CC89709CC4FD2
                                                        SHA1:24A6A44D32CC7BC6423B0C022256930565587C67
                                                        SHA-256:55A1753046FF434EDD4568A1D6051A1158364142E758BAE4DD2A5C446D94E564
                                                        SHA-512:893CD879EE9E7B0776436789193A55FF9834752B79977B9B406514F7293F584920522665CE96F1C64B60CD028F54F2CD34AF0C6714D6094F09E95416ABAB8957
                                                        Malicious:false
                                                        Preview:..Y.(.G......8..IUm.?.`I.).h....p....'.$.=.Q=.5..+]G.,b}..K..h%...b..A...@.S+8..|.<...}M.W.p.d.......B.m...Zx..q...m.XU..?.A.."N.......6.i.Vm~>4A.CL...tr>h..B.)...H.]..hU+.blqH....^...f.l2.pb.Ic|3.g...a,7Id...XL{....../2..,....]....C$D.Z..WvX..-.~..,.U.v6c!A..+.....|9L.(..OY.......5..N!V....X.....5..v,....(......m..[|.#....M1....Q....t~Q.>G5.....[.$...;...+.,B..>0.^.@.Vwu....w.l..i..."i..uPi.Z.x>..}R.D0..(.....uF.."..-.p...$.!.....<.A_. .F.JMZ.5.ZtS.......Y.`.5J....8.=[..M..3._ZY....&....-....x..$..}.q`..y._.I.>3......k=>P....[1KW.2..g..?.........&j.S.................*."0..t...3FUR9.]..Q..`.......#..}.....*1.......Flv.q..|^.q#..R[z.}.0...3...Y...m..bQ ..#.!...d].......T,^.r)(..G.....Q.../.O.'l......g..#.E...(..kd....6.._...#.k../.w2...w.....8..)a.....l...w2..O`...V......Q.y..E..g8...EW.6..x.......>C...U.!.i..W..h..'.sO...&..%.L.m../>_..K...@\......8.z(../.X....#..U.4..gt......x..}.m...Tu....A-~q..G...a/.......3......0l9A..R.L.R*.2.[.

                                                        C:\Users\user\Downloads\SUAVTZKNFL.jpg.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1273
                                                        Entropy (8bit):7.85279228929616
                                                        Encrypted:false
                                                        SSDEEP:24:FpT9NFiY+9gRCzqEwUiOriL6/egFmfjt6fV2af6bxPlS:LT9NFiJgRCzRiOrCgYjt2cafeQ
                                                        MD5:453969D635D3AF8BAE288D53F90C43F8
                                                        SHA1:721137E70B385822A775939604BF8304CADA335F
                                                        SHA-256:C66D0DC1FA2EB42A0552046E636B5E9C4F4540F7A02EEAD02CFE8AC46A25BF0C
                                                        SHA-512:A260E7444E59FFA7F7E6D7F23AA806DB2E41D9D83486217C2E289344309BAFCEB7E2FDEC6A1CCF1814EA6F162847CA327599507919E30304FFD2A26D91BB6AF2
                                                        Malicious:false
                                                        Preview:e.[.g.G!.;^ .\.f...K.+*b...O..[..i.....u<;.N.V..A.[...!..Y.$.o..?..K.ED... ..j.r...%u.S6bSN...e.y6o.Of..B:>(.+?..[.:..1.[.Q.E..{.n.[.........9..k.7.....ZjacP.}....i<Q.....;-..l.n6.2i....N.l...T.....9I`I..WL..g.?..L..z.D...v...4......X9.V@m.r.~y.P..^.^5.X.I7.+.[..x..Au|\.X&.|C.d...Ey.zGjj.U/..@.?...{S*q...b..B]...y{0.I..$.:k[K;.....@H.../.Q-.........X......9\r....l.AgB}.f^)YVu..S,....1......T.....7.@..S.mG....Ws).kL-....[..J.....x).UZ........i{.`-.1.V..d..)......\..J.....0m.zy...+f......r....$.V..]....D.....At.)).J}.bN(f...{v.b~..%....P..M`r.1J...Y.{..u.....S....,.....L.t...O..L..Z...T.D.<..S#-r.........,MC.f......F...L@%...v.;N.....d....#..........g......1<.Z|sK......p....t2.t...w.d...@Hg.>.t.......).I.....O}....B.D..2$.....j.......S.VG.0....a......5.\....N=8.t_9........wX{Gutv...V....&.9...36j.j...<.....ng@Y^.Vm.u_).xf...k..S.......L2T\.ZK..7i[.1......T.}....B.Q...=:`m........W."Lg...@.6.H@.......P.....i..........q.(....".7.C.uB....c..i.3....

                                                        C:\Users\user\Downloads\UOOJJOZIRH.png.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1269
                                                        Entropy (8bit):7.874177337818544
                                                        Encrypted:false
                                                        SSDEEP:24:cvxE8XxassN1mIl8586Ni4D36QVBCbqE7IZbMw05krMbO/8QNf6bxPlS:MC8Ylz6NdV8pGbMwUdbO/8QNfeQ
                                                        MD5:44549D486552645EED7703B6E6896A25
                                                        SHA1:B1CBED3254FCABD267D1E7BBAD13272B966ECABD
                                                        SHA-256:E918B9A088B83AD027557FB2702B67F222F73AA1C1FBF81B358E1D6357C77721
                                                        SHA-512:374F3CEE04BF29653DF3A084B1A1781718737F036D0C3D0E2585FF7EC916ED81B62CD95F6F0E038413560A8F8C561FECFDF4FC4144EDBDF7A84986747D7B2172
                                                        Malicious:false
                                                        Preview:.e..y....`.5...8..+...GT..W..~...GQ"h.....5I".7)5....l..4..P2..a~q....F.M.3l;hB..{..s.. *.........h.[....7 W....(....)r/0......#~y.Qn.D....D..~....T......^.o... a...,.`.....h.q..7' ..F......$b.^.l..AUm...vl.]..>B...1.].Z..ym.."./...G .Wx>]I....|/S..)m..R.r......%.....>m..,{....".x....q~..Sm..=`.Q1x.7.=R.Ac.B..t.v..+...0,Jw....Y.....0..W....c...........T..:.."9.o.....r....k.]..M..'...-..1..(.2.}d.b..|.rW...;...u'....9..G.`.O..w....m...8Yg].r%R;.o..J.(:Tr1.@...)......[d...c'... ......LP._O~......c.h...h1.9.dv....X...t.c..5$.....8z..C.D.....n+.S[.Rx.D4..Z....Ug.%.3..F_..+.q..X...(C.s....d.(.V.-.%y..r.-.1..Z.2..jI.0.v5.l...*...0....J3.......F..rM..M...)..0L?.r.F8f...s)..NWi.#?...i[..H...aEwx...d4!.[..S..c..|(R...V.......+....^....<.....8V.;...g.c...mK.1......U..,....Nm,.L.~..M.m.^Q.:..4}.\..M....M..ov...]x.........H.GB5~..E#..L.....V..F.......e.le..+.R|9....w15...I./;..6.Gn...@h.ZP...v.2:\..?......:........* .E..pB..T0.i.....P=.2in.g......N.*.

                                                        C:\Users\user\Downloads\VAMYDFPUND.docx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1274
                                                        Entropy (8bit):7.8497601024140655
                                                        Encrypted:false
                                                        SSDEEP:24:mWv49DVQN2OEIf3CO/93Of5pKYvomo15tYef6bxPlS:ms2QNR/93i58Kro1UefeQ
                                                        MD5:BCF88AA3207AF08951982FABE6351E13
                                                        SHA1:9B91113764246B40F3CE95598E232CCC9ED77089
                                                        SHA-256:D5071F98BAE0312F4F8FF0C3C0D4C65E0B7D8A3AEAD9D40A58C6D942D39809CD
                                                        SHA-512:DB6163DD9C0C8D39AD56E1C142C62FCF8FFE35F5B59F3FC3059B773EF6D60F82EF1156BEB1195F6D66AE52599C3E4174E656BB48AD9C561EBCF22AF25CD07377
                                                        Malicious:false
                                                        Preview:.+.{....!.F.9.6.X.+v.n.MZ.@..s.L..I)l..../...$M....h.G..y....w@..t%d....4i(R.M..~.W3.....\.....z.V{..I.R...'@...b.<........'a...#.r...*.X..t;.....%.<..<..F....,.h......tG...V..t.FV0.%...=...1...0.U..`..>.\...z_.7...(...y.....h......`.'.';..G..5..n.6.C.5.%.. ...\~[.L...L-.'d....s.................!....A....BV7...J..U...._.9.M...^..o&l.@.s'I...p..].T.].r?Z4T....*.eZ.r..Vo..U.#..`!7..`..w...X....Z.}...nw.?.i...m....`b.V.LD.?vH.* ..L-f....kp..;.:.....zc.V..c..6.l..N...xC......aR$....u.pe.Z\1%.....hY.p.&P.......V.|./....:.qv1...tZ3....v.j....y.$.f...rAM.q...)A....$...z(...^V=6."+...h..N.F9A.U]."....;.....3..M.o&]V=<.M+..h....A{.....L..w.....\.UH....2.t.....*Le...'.....?....F.;...n*1..a......\....].W..seZ...Bg.)N$qhU..E....jD.^.Q......A.1.18T..T.pQ...$.....U.;k\.X.h...%..U.p:$...[...F..Y.=.m..7f......M.4.].7......U..P.PlF.../F...,w..<...n..c0......3...?...c.....K......X....p..VDuxnT%5..........94..'.....K..X.O.~t(...s$.~!.C..2o.er8.d$......~.

                                                        C:\Users\user\Downloads\VAMYDFPUND.pdf.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.844000112716893
                                                        Encrypted:false
                                                        SSDEEP:24:iZ96xIUK2txWFAmDYN6XpNp26pPHKuW+QbVirtYVzJ/91g5ANFyEjf6bxPlS:RxIU+D5pTHPHKpywJvgOjyEjfeQ
                                                        MD5:3114A691652A50619FDEE0F138ECB842
                                                        SHA1:CE9A9CF5E5B46B3B5338EB15AB07A2BE91C23252
                                                        SHA-256:961074B362D6C8672F1876F21AC1559F651EEF18A04BF2D7496A2A89F2F97302
                                                        SHA-512:3BC6B708A84321C5E1B5BB91EA0B02549060F76997F79793488A44514AAB20C69E508511FF7E775CA92962DB04A4D27D1EE3F387FB4CE09C13763A04A83C6AA7
                                                        Malicious:false
                                                        Preview:..v"aI.h>.O./.u'.(..F...O.t.V..Cr%.T"\<V....0..9......m....<.....~;...+R+..s&.Fk...(.f.xm..j...y....#.n.7......D9....D.q..q.2.'.....s.k...[.E..n....r...n....Z.&....6...l{L.$....U.0..^`.......4..s$U...)1.tv.<...:......=/.-~.C.^..Piw.J...a....#DT.O.]..k.:...:&1...D>Dc...|..?.\...%.N.;.'..&..".B.<.....n...v..*.f9...p.....p.JmT.V.La._..H.%..ec.ZV.vX.....$.+6}.2...[.fF.......\.&N.kQR.^.e+e.Q....j9u.S..L.ByJ.JaO.....[~..~..D.O{X&../q.#./...[..N..i...Y..3A..o\.*..fz.../. ..e..,..i...w.{....'..*.~...>9~..TE<).x....'.RU..sH.H,Y.Q.S..^I.ROG.qR3.....)y.....J...../B3....g..{..?......f.6b.B.A.....PA..<....Pv..4...."..p...zq.............F...R.R.^.sB..\.......P..P.`...-.d..2:.&..........s.a.>.z..ivA..J...s9.`Tt.%h........5[..d.d.K8....?..<-H5.... ....2..b..[;...[...6{...hn|...M]..z......8.+..d8.$q[Y.m.K]..`k....P./..........ej.1.!..n..+,.0z@=.....z.L..."...tO....O.U.s....N..~.)!...... .....K!+(.._.....<$..W$.2QJ.a.M[M...$..b.WzB...0..?!.'......y....o/.......

                                                        C:\Users\user\Downloads\WKXEWIOTXI.docx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:OpenPGP Secret Key
                                                        Category:dropped
                                                        Size (bytes):1272
                                                        Entropy (8bit):7.842542997540139
                                                        Encrypted:false
                                                        SSDEEP:24:r9Uur9g2LmlNtwtkNn7xpamxfG2ysIDf4isLLwt5GMfH8ioGOFqIrjPqVeAXWMfF:r95r9hm+mN1kofaJDwiA8XfFo9frjCVP
                                                        MD5:36E1BD994AD5CF6A3154EC609DB93CDB
                                                        SHA1:202723873771F5AF37A542A01EB2E5DDB9022252
                                                        SHA-256:53B68574A390FD6B8943E52B2C162063FBDF44986601F89F9661260E92A1FC84
                                                        SHA-512:C55DE7FB05708FA1657940F028A5538C5FBC7B1A666C5CC876102DF0849A9066AFB7852DA473AAAEB27FC9AF039A710A7D7924C109EA58FCD3E069F81D9226E8
                                                        Malicious:false
                                                        Preview:...f$}..MA..._?E..A.}...z.5.l...N...#....,....#.i.uL..........#K..RS|fo.......k..[...3...3.p..:...N..z....,......PZ=].]......|.|?n&..S.DPQ..n.^.......{..."..".BC2y......|.=.>r..Zi........=3..._..\b....ClQQ<.]...".7.B..`T. .2..p...q.k.Q5<.>E\}..1*.A..).|;.>8..W.g).XZ);.......n..8...%.....G)..!..x..'.opyk.B 4......#.X...<..r.=...T4..oy......0...}KT2.....o..^<.RMQDQ;......$...%..]<...b.......a....Bk.d.(..[zu.T....*P?#._z.Fm.{}..pp.LY.....[t.=1...J..fR..};..C.Q..I..n4.Np..NO.|p &.u...xi_.2?o...99..I..Yu..Id...v..?..@.Xsrw...'!..;..R.....N...-S......~.[../.G./^...u.."..C.o.D)h].....l|!w......x.g.a..7...{.Kt...=.P..A|..l...k..!9.A.P/.....;..UQO/.43~ER.).......N......../.0z.g...|.4.|.,.!^j...H.0.`Gr.v.s.......%.k.%^.2+P.c.....2..W....2Of...=j9N.yo.c.;...b.2y.6T(.n,3,..-..d.......t/n........-....b~r.yk.v.Q...+TB.j.T..F........F,...J..+;...W.k.xS/....q.v...pl..w2q6.)..T.#...\...S..."x.mJ._ ..$...^.....e........=.=g/^q...n.$$.<..:....l.k.N..B.Q...

                                                        C:\Users\user\Downloads\ZTGJILHXQB.docx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1275
                                                        Entropy (8bit):7.859273214378624
                                                        Encrypted:false
                                                        SSDEEP:24:k2MxnuHANAxopmfLje1XZbzTHp6k+qyzb+Faw+7HFE5NkHMRgtbgf6bxPlS:/MFqVfLjaXZbBWb3+0TFEAHMRgtMfeQ
                                                        MD5:5D01EE613471FF8939D87061B64A6362
                                                        SHA1:88C9A50B1C68A3127C41F45911479774C5327E80
                                                        SHA-256:1C8DDD636469605FC6528964F4630AADEFF79703906B2C221D72280775D84878
                                                        SHA-512:FAB01A5F60925844D593799B78686A4E12E6FEB3A3FF170B75FC5A616D85F135524A31460161EC1924D6B6D8A6C54DF1935AAEEBEE651C1AB000EAE3A2DEA548
                                                        Malicious:false
                                                        Preview:W f.....3:.O?.......YZ.....k_...p.w..Ed...Z.a.M.M.#._..@..=.v\8."X.PzI..h..2.h-...2}..............e..G...R..q........_...m..XA.x..<...*.[W3......"`.@.OH..13..>R..\........c.K.c.d.Z.,......Hg.0..=.9..1E";]...lo..sC1...P...o....}..>m..TI.Sj.F..jg\.i....k?^...>".\y...]...JQ..6.....k\.S*.i.Y.U$0..</.hm..@k.,.v......C.....@1'`.uo...?........(6.......u3mp2Ie....Yf(../.!..."`..$......f..I.....%..].....4{....>.>.7s.^_&]+f.......K..`...G..l. ..T.4[...y.R....j.DmO.[F........lm..g...........\.B....b.a...Dg.q8..m.=C$C...d.G.W.D...1...w.j....jBH..>..p..[&t.;...q.......v..U...0w..+..a.h....F.....Y...C...;U@.....7.g...e...b'.7..EW}.$M|YN....u...c!..ye.....'~.u..UaRf,!y..K%j.k...C.-5.....LNb..e.?..%4.E.~.d.ls.V2u..4.D\2}.y.P.....&G.<,...J.D.)h...2}...F.')......H.H.......M.....).I..f/...PVJ.....JW.....DT.H...T...4...5..2...1.5.L...<+..E.....V...n......R...0...G...6.E../Y>{.}......N..{...}..W..}.w.&...~wvYn..k\.C.-....c.."......h...8ZGg.I..c...z{

                                                        C:\Users\user\Downloads\ZTGJILHXQB.xlsx.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1274
                                                        Entropy (8bit):7.874239848076014
                                                        Encrypted:false
                                                        SSDEEP:24:21SrzYZIxVCgFLxMtnP38AxJt63tn4Are+tDHuXtXZXiiCS56f6bxPlS:dfOITCALSF380A3zBHuXtXZXiJbfeQ
                                                        MD5:B6204C9B43ED149A80E3D546672DFA78
                                                        SHA1:98F9158D38CBE47074998D93645CB52EABCE8F2F
                                                        SHA-256:0E09685C61AB6E86FEA361EA90EB0107572CC3094120D0793F352A7A85211C68
                                                        SHA-512:FA2D3350E9D4FACBD3C2180BB6A7D24594AC42DE24B7D615E64AD68C42D08887C0FBA663C96104A5AD4B7C84A6B6D30A413A06975C5691B84E5A452DA1A9676A
                                                        Malicious:false
                                                        Preview:7;.'..e.m.*..Y=..M......sy..Ap......5{...R-..w..o..+.D.1f,......}w...wY..A...q.. ...gBE.yh.a......4..V&..#..z....M.....U.J...1N.,..Q......k.0..l.P....<-. ......lL...I.....Y.HNy.J.ke...5.eS^..........^..Jl+5....qR...T. .9.....1...(.v...E .....J.+a....i..7.l../.....g.w...2j..k........LsmU...$(!.H..b...6G.U..v0lZ.h.v\.(......*.7m..g'7.Bg.E....q.@..' 5).....VO..W."..........%R..\.d...uH.z.G ..=..'..<j/-Y..c.F.....G.y... p:.wA{..+4..0x..>F.~..{d.....~..h..g.../.`e.3|..c7B...\.....NO.%.....3RW(..T......d..z8.X..'.)...k0j......>.]...1..|}}...F...t.[.k/^.&~V.....2.[...N.J=..M....:.....D."..C..vZ....W.~....h....M.... ....K.....$se..'..H+...`m'.;.....0...t.}E4.wz5.1c...`.L......5.x...".S.\e.._?8...f.Q.I.r.9?..B...T[..}A.S.....q.Rp...|.......i.`.[.....N.x.. _!g4.#RW[....7.BK...nJjU?v..g...C..z....3.C..,D.Df...V*4,....#..k8.;U~!#.u8.k...U....g.\'.Q.I....I.if.R.+.....L...%...oh.-.z...s<z`(..5.aH...L^:@..F|4....FG..782.(...E...R......m.2.!i.nE.G...

                                                        C:\Users\user\Favorites\Amazon.url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):350
                                                        Entropy (8bit):7.405594621878371
                                                        Encrypted:false
                                                        SSDEEP:6:jb53OF2+eH60pok7Gu5aK8Jjer4jZXccozTfREfcdRmdEjf61aBDE6txWw+DdP9Q:53OF2tHfpokqu5WErUNzkmksEjf61a+8
                                                        MD5:964FA137CC5220FF14AA047165084F99
                                                        SHA1:A2D9C9B476425413707C0E494DDCAFE84F9EA2E1
                                                        SHA-256:F718C366EE7AE6E1928B0A4F88D160B29463AEC4DB5527D3B4ED2EC4B6A226FD
                                                        SHA-512:B09FD0B01996C57C3212BC67E848289EE382D39D19594073019751DC164FE1B78E43D7DE1348FFD056DE210D9D58C68478C88D812597710113BD14B20512D2C8
                                                        Malicious:false
                                                        Preview:J).(G.V.....*...r.G.;...`.B..9.4<..JY.c..Z{.y.e.!.7S...$....Q~...A>v.`..ye.....x....F[..W..xfYY..*.....c...&qE...g..Z.W.....\)[...n.0..../e."._...q........6......d{.'./.."N8......{..>..-....]....L..&.e..Ri....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\Favorites\Bing.url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):443
                                                        Entropy (8bit):7.556628521758687
                                                        Encrypted:false
                                                        SSDEEP:12:CyvzD9QJEcGG2gAQmGQf61a+6KxPlu6nW:jvzEE3GjAQrQf6bxPlS
                                                        MD5:783914666D3DC703C1AF550799887075
                                                        SHA1:3A528379E4DEB7B06CDA200D62B8341372FFB832
                                                        SHA-256:524996EFB8B842A14F619832B93C41C39757A3859606192643F459BDFC9AA2E6
                                                        SHA-512:8A24031DD26D0CA34A52626584F6832BACAF94F1E47E257C162DE50CC0D317E63205C4DC421AB8B69E28AE38C9D1D0CCC16E4B65316DFD1FDD85615E483820C9
                                                        Malicious:false
                                                        Preview:..0..)"......JzJ:siU. ..+.....f(..;..,.....*.0D+...'."&q..+e8.Y.]....KgF..uK... .sQ..]0.._....!.Q*...2.Bm.!?.n.n(.B$}.....W....[.@.../O.G.3.....Be...wQ/._Pe.V.w...0f.\..z...c.B.k:X"J(...fS{.4w.O...&~E..Hg.PZ.V>z.*.^)....n.0..../e.h..L=.....b.v.cNR.>...pv.7mf..V7y...@..4:.r:..P..@us...Np.S..{e....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\Favorites\Facebook.url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):355
                                                        Entropy (8bit):7.407545522719771
                                                        Encrypted:false
                                                        SSDEEP:6:PdEFZ0j4CqY+sTxweZb0I06yFQs9jdEUKaMf61aBDE6txWw+DdP9l49aUSnW:FE/a49cTxwHXP96Rjf61a+6KxPlu6nW
                                                        MD5:54E8A3E400B40FED3139326B52361C1D
                                                        SHA1:EBC1EF2CF3EC513B6F11469B6278E64CAA7E15E2
                                                        SHA-256:18AF5EDF1F4B03840F6765E6615F49A4368FFEA3E5F2BBFA4662AE79748743A4
                                                        SHA-512:03D6725EF53C33901E0B25EC474B3EA404B91251505B70367912EC3DCF5C50665F7F10381BE299171F480A617AE8670444144D72C41B6ADC9C41B20C303DCC58
                                                        Malicious:false
                                                        Preview:=J.!...<E.M.a..@.d.[..~!gv.aJ..jR............g^:k.z"..........e...Sk....p...X.s..\.a......qRy=.M.PbZ....&sE...g.'.....K.22N...n.b..../f.".\..1h.`.M..Ajn......1.;..V...4...h....#......6.|....!..w........l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\Favorites\Google.url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):347
                                                        Entropy (8bit):7.4214686449658505
                                                        Encrypted:false
                                                        SSDEEP:6:jY4uRWuog0T0WucKUK6u+wo94AMcl+h/wobPcSeWqVQfaMf61aBDE6txWw+DdP9Q:a/o3T0pbzo94ysNrcWCKaMf61a+6KxPQ
                                                        MD5:1D20202F75B521AFF43E25CE4AF77393
                                                        SHA1:28525CE2AC77C425D53D0FE2B5DBA9BF1FC2EAFF
                                                        SHA-256:6E448AA520A86B8306F666F5E5D16EDE787752E2A09276D7FF24020E70C32E5C
                                                        SHA-512:BD2A183162C6AC593FB6B081FC30784971A05073155902A784B93B09738BAE8E01BECCE99E2D679747E357CDFE18E6613AC5DBB5277076515FA61C186500F76A
                                                        Malicious:false
                                                        Preview:.%E.Aq}..0O=.3./.|0X.P..=.9y.c......H7..E.d..fS.}..NO..T..S@.A.N5`..kn.].....9.....l.X........mo.....%Zw.....d.h.t,...9.^)L...n.3..../e..(6....D.>/ .c).:x.QN4...8. .......j....].[...P.lD..I.5}.S.Jvf....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\Favorites\Links\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Favorites\Live.url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):344
                                                        Entropy (8bit):7.419996149849671
                                                        Encrypted:false
                                                        SSDEEP:6:x2zAknT4hNOv9U31mEgPfYWPrGVmIIC/f61aBDE6txWw+DdP9l49aUSnW:7kSOv9zEgPggrKmU/f61a+6KxPlu6nW
                                                        MD5:E618036A12D26F24213BE39B067874DC
                                                        SHA1:B3D3AEFB2F7FA9FCEA63F0B80AC1FFDCA0616471
                                                        SHA-256:99F855443C0A13D0EAEE41686C89073890AE57CFD2B76963EFAE243A57220A7A
                                                        SHA-512:2BAF196658CDE02E1CA14C0C262702C83BD862AB1B46F006E231B69D5BB822AB6607F137208B37E800CD513E7456B72D1B5B54B560AED1C4EAC8C42D1FC06314
                                                        Malicious:false
                                                        Preview:%....R.#..-"."...vRZTAu+.2.!...O4..2/........[jZ..........a+4._.5......6....oL.Uv:...(..tM.P..F.8.o.%....6^...&fE..Hg.PZ.V>z.*.^)....n.0..../e.?.8......JZbw..Tc.S@9.I>....5..c...|...0.&..X8<~.|...}.J+..e....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\Favorites\NYTimes.url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):353
                                                        Entropy (8bit):7.443041557434406
                                                        Encrypted:false
                                                        SSDEEP:6:QVE0GJjQDEkKtGdh+Lmxnxlbg6kCFR3rou3j19EDa/oDXnvf61aBDE6txWw+DdPq:QVdGxry0QeFm7N19cLLvf61a+6KxPlu5
                                                        MD5:108F0089109DED29D56077A2EA277D83
                                                        SHA1:F2FBA2EAE72F5D96131E288EC5F3B37A0A8EF621
                                                        SHA-256:85A7099B3043CE2126F8447701762FC4A817132F005228E234BD7BD8F2EC052E
                                                        SHA-512:DF722CD3B49E320FF565FD23120BBD776FD988B589BFF441239CE5503A98E0C32BC561AE5F481628B5E7EE3295120AA2997431303651B88BE4799E10B3BB18F7
                                                        Malicious:false
                                                        Preview:,.JD<.4z...Q....wS..8..u.b.g]1A....!..U...D......2..\.>...^.I......T....Q.....u].js;3..d..R...%..........&DE...g.QZ.W......N...n.0....,e."._...M.j..V0^...&.c.....N.a..k}..e.....I.Cb.C@.n...p..?.M.u...h..k....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\Favorites\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Favorites\Reddit.url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):349
                                                        Entropy (8bit):7.355906938369648
                                                        Encrypted:false
                                                        SSDEEP:6:8hWObzGrCrgc+2hY3C6cxvQp37CcA5NIaf61aBDE6txWw+DdP9l49aUSnW:41bzGGsc+pHcpCrCcWaaf61a+6KxPlu5
                                                        MD5:7BBDB41EBC85CA2A841E65045F72B864
                                                        SHA1:4371068599456ECB26ADC5957C83013BED06B3BE
                                                        SHA-256:CCBB78973D55B2063B012600BB92D24242AFFC746999C15B03C8E1F462A4BC14
                                                        SHA-512:9173D5CF3A4D7CA5C3BCED316351B8C959E675B29E1FDB8D1B1148006ED76B561C73EBE1051181F0423F91A65F7549BFCFF3F1FA1459DA344636BBEBD7C733B7
                                                        Malicious:false
                                                        Preview:jr&..QXM..\....r.5...5.h40$.w.3...*6.."&e.Rzywp.m|.............$......'..L.~....;..P...w.@.....x...()...&tko.h.t,....;.^?L....n.0..../f."..'z.`U.GY.P.yO........7.h..3.^.....n..).}.r....%..).m'u1"9s^h.h....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\Favorites\Twitter.url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):350
                                                        Entropy (8bit):7.357152854900134
                                                        Encrypted:false
                                                        SSDEEP:6:EazRTpZt+1lYYozKbhHvBMdAh4tKhYjf3+TZ9lz24v6f61aBDE6txWw+DdP9l495:E4ptSY9KNHZMs43f3+TDof61a+6KxPlS
                                                        MD5:60D88EC4F5060B8A742D507282BEE804
                                                        SHA1:6F5D16224D01240B899CF03FC5E0A2C883A167E8
                                                        SHA-256:902E964E0737C197C9E7E31875B643303F31208FA5020369C242A22ECC3050C0
                                                        SHA-512:D5F4F2480F6FA3500FCD87E6E134F96533E4870FB1E84B03389751F4895C9C46CFE97DBBC44971D06950E28FE05D854FFA74DAB0778EA08E5EAEA366EF13C060
                                                        Malicious:false
                                                        Preview:Y..v....7Y..!......7.....!:"...O..Tok.y|'..[...E.C..x.}.5...n.n.w-.....................E...#.r}........&yE.3c.(,....J..^?L....n.0..../f.".....Z..OQw.>..h.).P..,V>_.mA..C..{.<..PSO...V..>....ZB...)....h....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\Favorites\Wikipedia.url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):356
                                                        Entropy (8bit):7.354878314365705
                                                        Encrypted:false
                                                        SSDEEP:6:G7J9r2wdRtabkvwJ0bV6PnhpC9GnrOcde9X7+JXiYVBRYj2f61aBDE6txWw+DdPq:G7J9r2c/agvy0bVEoGmtb2f61a+6KxPQ
                                                        MD5:A07590DE98BAB3A9C09BEEA10D3BCEDA
                                                        SHA1:529A6E56318260F8319A6B81B40E5D64FA350C40
                                                        SHA-256:721B5EFA8D8269E5681FDE212187FF92F7562B7FEBD365FF7DDFEC7682614E30
                                                        SHA-512:3A0E3FB54BB853374DF7128A8C56FDD419FB63AF4678A7CC8E352F9E5C6647576463ABE2BC18CFBF6666D5749A7DD47A1ECE255D9701C369138EA368FCC9E1D0
                                                        Malicious:false
                                                        Preview:.TS.T...J.j*<...E.z.K0c&...!=."...o...|....#.{a..0A.o.|....f..E....|<...$...o.B.....".px..*.^..e.....e......R...&{kc.h.>3.w.n.KKR2.....n.b..../f.".\..1..f.%!...Hg..H....zo.........g&BV....H..$...c.......5a.N....l....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\Favorites\Youtube.url.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):350
                                                        Entropy (8bit):7.314636899125167
                                                        Encrypted:false
                                                        SSDEEP:6:4BcKhnuUuReXhIlthTg7NAQ6Vs4tKhYjuGmwsh+2YRFlOPQyMf61aBDE6txWw+D4:iNhnqReXhczsys43hABYv26f61a+6Kx4
                                                        MD5:4CD72A6DEF13F8B158A5E6F35276FEE5
                                                        SHA1:FD478358365CDCB83176E8165C7A8F819A117A9A
                                                        SHA-256:87C64F520F6A555C95878F602EEF2BA86ED0CA429554A9F149595957D52CA532
                                                        SHA-512:A4D3E29E5C64B12DCE61FD6BC92C1E33FE8F74F1FD1D5D0A16AE0B36F5C1560B40F0E3699ACF0561972853B454FC8809479FE168E4C722C9D98028F2426A6D45
                                                        Malicious:false
                                                        Preview:...o..lL.......gz....M.w.Hs7.3......]3gK..<.B.j...g.l1.6.&"L.w"0\...<...N.....+Pg... .z8Yw..k.....gA{..^J.K....&eE.3o.?....n.J..^?L....n.0..../f."...<...G...U..t...........b...!..e-.<.1D.*.e.t..=...~Y.Nt..b..h....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Users\user\Links\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Music\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\OneDrive\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Pictures\Camera Roll\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Pictures\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Pictures\Saved Pictures\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Recent\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Saved Games\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Searches\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1174
                                                        Entropy (8bit):7.821701294722402
                                                        Encrypted:false
                                                        SSDEEP:24:g+O22ymbZJQk3Gcwbc9kMYa0QnPqDQyXzA9pTGIRpOewIJzH7f6bxPlS:tO2FKkkWNbcDGMw3IFbfeQ
                                                        MD5:8504F9774EB8FD950254B893D046C921
                                                        SHA1:539F5E4173AC943866156F7A4DC325F6F4829956
                                                        SHA-256:ECD937F4B268BE0DF55D96B79A8012E297193A5CF59D695A337A8EC81E03733C
                                                        SHA-512:FC0181B33460E3CBD8533BE0B910419A986E4E90D9F51143A685686E1992909453964D6D6266C8D448B34A339D0019302D9D3DD6555BF68157768E20230D4BC1
                                                        Malicious:false
                                                        Preview:...b...1m.e5...X@._....O.aG..HkPB!Y..O)....ah.a.|..7`==.5i}l.?.......7......<.T((...k,..,..dJ..=1.cp.~...@T..._.\.V1AH....Uv.]!...]...!H.S...m.........3.ta.._\.K.Ar..!.........!U..-..NO-.....AD....J.fa.(OY@k....;ha....A..mh.......7...].|.<....y6.l.5.....6S....M.<x........Z{"....b.4...q...........ttos....,L../.f.\.k.3f.S..=...}....)......`k.....*....[N.t...C....+....$.&....0. ......{..e......}.Z.....1B.aC...J..E..m..i8...Qz.c0...k.h..%....JHTM....Y....|.\..y2......3D.p`..y......|q.H....xt..g.I......-#G..*.a..St5m...{...(s.E......g-cz.Q2._.r!....:.;...2y .{.j..H.........7.......\. ;?G.6..#'e!....n..Q].L.T........?u.l..LP`..$.#.'.}.nI.Pa>..8.p....KI.c......l.....a...B ..iV..B............/.A}..f.U.52.[.?...\...l.x..{....,{..Q.......^..._p..#%8..b.Z.1|s.}rK.s...3.R..F.8......~.^..{E....G/...H....$Q.Q...&~E...g..'...Ic0...F....c.(.._%..4..fp....Mi...r.q.A..U........k-.y.<..H.5}..r....I....Y..uSly..66..+..."FUVZ.w...FQ.t2...N+W..M..l.J3

                                                        C:\Users\user\Videos\OC9oMrMV8.README.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):343
                                                        Entropy (8bit):5.326104743113389
                                                        Encrypted:false
                                                        SSDEEP:6:LC100FjNdRdZAgfo0LR6s0HLCjeq3FXFuo5cAlYzzzBHLCED06INSNovnJfw9rHa:LbONdfZAgfo0Ys16Moo5jq0ED0nNE642
                                                        MD5:A8864AA0987B12BC59008A02C3DDDA88
                                                        SHA1:54327DBA296F734AAE7BA65FAF0B3DD8CB73B714
                                                        SHA-256:168C71031668B64E0CCF26E81353F6EACB3599EDBAF62F7AA62C55B8075A5A8F
                                                        SHA-512:5A94B41A4F74354978C32DBE18D505BDA8DB0A0195F1DF1749F81478C0BC0E022B744972F0C491A33B595FC9B21C7B5B59252EC5451B14CF15CBB6C936954DD8
                                                        Malicious:false
                                                        Preview:YOUR FILES ARE ENCRYPTED!..........The only way to decrypt them is to buy our decryptor..........Contact us on TOX messenger and decrypt one file for free, for proof of our working decryptor...........Download TOX messenger: https://tox.chat/.........Add TOX ID: 82EB02C9FE8B50B794181CCD14F851EB23428FD265C609CD2054DA2A640008154B1FBDE043D7....

                                                        C:\Users\user\_curlrc.OC9oMrMV8

                                                        Download File
                                                        Process:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):239
                                                        Entropy (8bit):7.123930236813174
                                                        Encrypted:false
                                                        SSDEEP:6:Rw12lOr7nJZVJBIOoQf61aBDE6txWw+DdP9l49aUSnW:KcOrrJH/zHf61a+6KxPlu6nW
                                                        MD5:7B03CC39E5104946546F2C22A0358CC6
                                                        SHA1:A63854A8A56DE2E34109B249958023ABE87FBF47
                                                        SHA-256:DAFC7E0832EC0E5F82F32B55F228474808E56847E7136AA3085775100B0A1DC7
                                                        SHA-512:C947CF674C3DC2145A6A28C7BFD2CCA3EFF1EC112A792B3FF5ED37C1F475AF3013A7C323EC8CA372E685D042D537062F036F5A08784FEA16EACA910BC8FD7F12
                                                        Malicious:false
                                                        Preview:...\...N...&eE...\.NB....x.k.^)L....n.0...y.....\].....t.....K+Y.?.@`l.l_{..c.ks.N.U@"../]r...S6...<a....?(......6.%.%......k.~3O.oL....E.$.,+=n....<..1x.]......R.%.T.`.K..>.\.d..M...j....B..K.."z..[;...g..[....qE.n.r.r......o'%.

                                                        C:\Windows\System32\spool\PRINTERS\00002.SPL

                                                        Download File
                                                        Process:C:\Windows\splwow64.exe
                                                        File Type:Microsoft OOXML
                                                        Category:dropped
                                                        Size (bytes):13634266
                                                        Entropy (8bit):7.8919190481499735
                                                        Encrypted:false
                                                        SSDEEP:393216:KnhdMOe2ZPaw59X8pEPojVeSr0s02XW1ALwdc6EbILPpHzhCxvufSiX5MobDalh4:KnBZPMVeSr0s0wW1Mwi6EbILPpHz/Si/
                                                        MD5:437FFD647837B648CBDDC1B77BE823CC
                                                        SHA1:38DAF971FC83F6EDD481DF4471B0756C85C7C4DA
                                                        SHA-256:69A46DA9124F508C08ACC8660B5B4897257C11E2B9096F89F4224CA4FEBBA5A4
                                                        SHA-512:36E964338186A22982D66012CE624DE372B0B3F0DDD729DECAB7AA79E7A77CCB70870EA9F4C0EF7BF36DCFDF8F09DFE9A91C4E5B5A47A602EB61F04CA8708469
                                                        Malicious:false
                                                        Preview:PK........d.ZY................[Content_Types].xml/[0].piece.....0..W..o.x .....e.(....Ql!..<...S^.MMw....#Nr.9....p..:..J.z..`3..DM....T.n..J..-c...3....&a#......PK....X.j...q...PK........d.ZY................[Content_Types].xml/[1].piece..1..0....eE$....{e.C.&..X.........H\., .....o.T..i.."...K.s..4..VW...i+.Ak.....}....\.+..O?PK..K..jb...l...PK........d.ZY................_rels/.rels/[0].pieceM.A..!.E.B.w...1.....9@...C!...?,].......f..4.qp.,.._^I...y?\`.....Cc.jF". .^...#g.T.A.e.c.........3.....PK...BpJl...y...PK........d.ZY................_rels/.rels/[1].piece..K..0....9@&.....nk/.....O3S...s....L/'.UN...'.......P....UO:....=X......B..gD...c]...[..[..3..9.9a.... .....N.PK..4...u.......PK........d.ZY................[Content_Types].xml/[2].piece-.A.. .F....p.u.q.&....!...m..[.n_^..kA.......>|.......f....`........}..F..(v.6.t...0-.n.C|@.N-.Z...PK....[Pm...{...PK........d.ZY............%...FixedDocumentSequence.fdseq/[0].pieceU.M..0.F..fo&.....H.`..2.....H.o..p

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Entropy (8bit):7.199366398101067
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.94%
                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:bZRL0uttVu.exe
                                                        File size:149'504 bytes
                                                        MD5:a7be144ff0b871ddd45e1e0bef06faa6
                                                        SHA1:811797d3e0ce7c5ed76ff656156a2c066f306032
                                                        SHA256:22a164ed481ba88df26ce7e819f2240d7fafa5b6ee2cd2993cb5fae3d566be7f
                                                        SHA512:caeec8ed5080f00fe1134b968c81f13660ac1a9312d1f151b676f2a0b3670b2c0440e00c8a5e398d91707be5989d34e547ff3d5b4facbba81705c41f52bb3367
                                                        SSDEEP:3072:46glyuxE4GsUPnliByocWep0AMmr7fTP+Gldf:46gDBGpvEByocWeRMa3P
                                                        TLSH:9EE37E21F212D0B3C87718F13736B5B2F39E8E6C19A56807DAD80F59BCA48136F45A97
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e..c............................o.............@.......................................@...........@....................

                                                        File Icon

                                                        Icon Hash:90cececece8e8eb0

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x41946f
                                                        Entrypoint Section:.itext
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x631A9665 [Fri Sep 9 01:27:01 2022 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:5
                                                        OS Version Minor:1
                                                        File Version Major:5
                                                        File Version Minor:1
                                                        Subsystem Version Major:5
                                                        Subsystem Version Minor:1
                                                        Import Hash:41fb8cb2943df6de998b35a9d28668e8

                                                        Entrypoint Preview

                                                        Instruction
                                                        nop
                                                        nop word ptr [eax+eax+00000000h]
                                                        call 00007FF8D4F14ED7h
                                                        nop dword ptr [eax+00h]
                                                        call 00007FF8D4F0226Ah
                                                        nop
                                                        call 00007FF8D4F05857h
                                                        nop dword ptr [eax+00h]
                                                        call 00007FF8D4F13316h
                                                        nop word ptr [eax+eax+00h]
                                                        push 00000000h
                                                        call dword ptr [004255C8h]
                                                        nop word ptr [eax+eax+00000000h]
                                                        call 00007FF8D4F14C76h
                                                        call 00007FF8D4F14C65h
                                                        call 00007FF8D4F14C54h
                                                        call 00007FF8D4F14C61h
                                                        call 00007FF8D4F14C4Ah
                                                        call 00007FF8D4F14C45h
                                                        call 00007FF8D4F14C46h
                                                        call 00007FF8D4F14C5Fh
                                                        call 00007FF8D4F14C54h
                                                        call 00007FF8D4F14C1Fh
                                                        call 00007FF8D4F14BFCh
                                                        call 00007FF8D4F14C09h
                                                        call 00007FF8D4F14BF8h
                                                        call 00007FF8D4F14C11h
                                                        call 00007FF8D4F14C12h
                                                        call 00007FF8D4F14BFBh
                                                        call 00007FF8D4F14BEAh
                                                        call 00007FF8D4F14BCDh
                                                        call 00007FF8D4F14BC8h
                                                        call 00007FF8D4F14BE7h
                                                        call 00007FF8D4F14BCAh
                                                        call 00007FF8D4F14BB3h
                                                        call 00007FF8D4F14BBAh
                                                        call 00007FF8D4F13745h
                                                        call 00007FF8D4F1374Ch
                                                        call 00007FF8D4F13729h
                                                        call 00007FF8D4F13730h

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1a2300x50.rdata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x270000xfd0.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x1a1200x1c.rdata
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x1a0000x70.rdata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x17de80x17e00cfbda2c44e51b3b0b00bcbbc767c62a2False0.48375122709424084data6.634079266913224IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .itext0x190000x5460x6006f4cd57381bb5584c0a0755384d25180False0.251953125data2.9337361310958805IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rdata0x1a0000x4920x600bd829aa493ecd52fe5bec776d207f206False0.3671875data3.5366359784052652IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .data0x1b0000xadc80xa000cd9b1fb17e0f7864c33c42e0a7efa697False0.9827392578125SysEx File -7.986834280072312IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .pdata0x260000x80f0xa00ef19fdf31c841d205dc79f7aaadc634bFalse0.8296875data7.062131182501236IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .reloc0x270000xfd00x10003f87e4c23650dfad0bee7da98889ba94False0.843505859375GLS_BINARY_LSB_FIRST6.738987246879603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Imports

                                                        DLLImport
                                                        gdi32.dllSetPixel, SetDCBrushColor, SelectPalette, GetTextColor, GetDeviceCaps, CreateSolidBrush
                                                        USER32.dllDefWindowProcW, CreateMenu, EndDialog, GetDlgItem, GetKeyNameTextW, GetMessageW, GetWindowTextW, IsDlgButtonChecked, LoadImageW, LoadMenuW, DialogBoxParamW
                                                        KERNEL32.dllSetLastError, LoadLibraryW, GetTickCount, GetLastError, GetCommandLineW, GetCommandLineA, FreeLibrary

                                                        Network Behavior

                                                        No network behavior found

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:01:26:16
                                                        Start date:26/10/2024
                                                        Path:C:\Users\user\Desktop\bZRL0uttVu.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\bZRL0uttVu.exe"
                                                        Imagebase:0x5a0000
                                                        File size:149'504 bytes
                                                        MD5 hash:A7BE144FF0B871DDD45E1E0BEF06FAA6
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                        • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                        • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000000.1860540154.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                        • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000000.1860540154.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                        • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.2533339573.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:4
                                                        Start time:01:27:06
                                                        Start date:26/10/2024
                                                        Path:C:\Windows\splwow64.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\splwow64.exe 12288
                                                        Imagebase:0x7ff6afd00000
                                                        File size:163'840 bytes
                                                        MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:8
                                                        Start time:01:27:22
                                                        Start date:26/10/2024
                                                        Path:C:\ProgramData\B0BE.tmp
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\ProgramData\B0BE.tmp"
                                                        Imagebase:0x400000
                                                        File size:14'336 bytes
                                                        MD5 hash:294E9F64CB1642DD89229FFF0592856B
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:9
                                                        Start time:01:27:23
                                                        Start date:26/10/2024
                                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                        Wow64 process (32bit):true
                                                        Commandline:/insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{F24807AC-C25F-4B66-96E7-E0E93A319590}.xps" 133743940273530000
                                                        Imagebase:0x7c0000
                                                        File size:2'191'768 bytes
                                                        MD5 hash:0061760D72416BCF5F2D9FA6564F0BEA
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:false

                                                        General

                                                        Target ID:10
                                                        Start time:01:27:24
                                                        Start date:26/10/2024
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B0BE.tmp >> NUL
                                                        Imagebase:0x240000
                                                        File size:236'544 bytes
                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:11
                                                        Start time:01:27:24
                                                        Start date:26/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:22.1%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:16.6%
                                                          Total number of Nodes:1723
                                                          Total number of Limit Nodes:12
                                                          execution_graph 11251 5afedb 11255 5afd52 11251->11255 11252 5a686c RtlFreeHeap 11252->11255 11253 5a69e0 RtlAllocateHeap 11253->11255 11254 5af59c NtSetInformationThread NtClose 11254->11255 11255->11252 11255->11253 11255->11254 11257 5aff71 11255->11257 11263 5af6d8 NtSetInformationThread NtClose 11255->11263 11264 5ab3c0 2 API calls 11255->11264 11256 5affdb 11259 5affe9 11256->11259 11260 5a686c RtlFreeHeap 11256->11260 11257->11256 11258 5a686c RtlFreeHeap 11257->11258 11258->11256 11261 5afff7 11259->11261 11262 5a686c RtlFreeHeap 11259->11262 11260->11259 11262->11261 11263->11255 11264->11255 11552 5addca 11558 5add81 11552->11558 11553 5addf0 11555 5ade3d 11553->11555 11556 5a686c RtlFreeHeap 11553->11556 11554 5add9d 11554->11553 11559 5adb90 NtTerminateProcess 11554->11559 11560 5adc60 NtTerminateProcess 11554->11560 11556->11555 11557 5a6894 RtlReAllocateHeap 11557->11558 11558->11554 11558->11557 11559->11554 11560->11554 11269 5ab6c8 11270 5ab715 11269->11270 11271 5ab71a 11270->11271 11272 5ab71c RtlAdjustPrivilege 11270->11272 11272->11270 11272->11271 11561 5addf2 11563 5addde 11561->11563 11562 5addf0 11564 5ade3d 11562->11564 11565 5a686c RtlFreeHeap 11562->11565 11563->11562 11566 5adb90 NtTerminateProcess 11563->11566 11567 5adc60 NtTerminateProcess 11563->11567 11565->11564 11566->11563 11567->11563 11289 5af8f0 11291 5af8d2 11289->11291 11290 5a6844 RtlAllocateHeap 11290->11291 11291->11290 11295 5af8ee 11291->11295 11293 5afa12 CoUninitialize 11294 5afc77 11293->11294 11295->11293 11296 5a6844 RtlAllocateHeap 11295->11296 11296->11295 11214 5a782a 11215 5a782c CoInitialize 11214->11215 11216 5a7c9f 11215->11216 11218 5a7861 11215->11218 11219 5a7b6a CoSetProxyBlanket 11218->11219 11220 5a7ac6 CoUninitialize 11218->11220 11219->11220 11220->11216 9261 5b946f 9262 5b947e 9261->9262 9269 5a639c 9262->9269 9266 5b948e 9365 5b7458 9266->9365 9410 5a5aec 9269->9410 9272 5a654d 9320 5a9990 9272->9320 9273 5a63b6 RtlCreateHeap 9273->9272 9274 5a63d1 9273->9274 9275 5a5aec 3 API calls 9274->9275 9276 5a63ed 9275->9276 9276->9272 9418 5a5da0 9276->9418 9279 5a5da0 8 API calls 9280 5a6419 9279->9280 9281 5a5da0 8 API calls 9280->9281 9282 5a642a 9281->9282 9283 5a5da0 8 API calls 9282->9283 9284 5a643b 9283->9284 9285 5a5da0 8 API calls 9284->9285 9286 5a644c 9285->9286 9287 5a5da0 8 API calls 9286->9287 9288 5a645d 9287->9288 9289 5a5da0 8 API calls 9288->9289 9290 5a646e 9289->9290 9291 5a5da0 8 API calls 9290->9291 9292 5a647f 9291->9292 9293 5a5da0 8 API calls 9292->9293 9294 5a6490 9293->9294 9295 5a5da0 8 API calls 9294->9295 9296 5a64a1 9295->9296 9297 5a5da0 8 API calls 9296->9297 9298 5a64b2 9297->9298 9299 5a5da0 8 API calls 9298->9299 9300 5a64c3 9299->9300 9301 5a5da0 8 API calls 9300->9301 9302 5a64d4 9301->9302 9303 5a5da0 8 API calls 9302->9303 9304 5a64e5 9303->9304 9305 5a5da0 8 API calls 9304->9305 9306 5a64f6 9305->9306 9307 5a5da0 8 API calls 9306->9307 9308 5a6507 9307->9308 9309 5a5da0 8 API calls 9308->9309 9310 5a6518 9309->9310 9311 5a5da0 8 API calls 9310->9311 9312 5a6529 9311->9312 9313 5a5da0 8 API calls 9312->9313 9314 5a653a 9313->9314 9424 5ab444 9314->9424 9316 5a6541 9427 5b7738 9316->9427 9321 5a9995 9320->9321 9474 5a6f48 9321->9474 9323 5a999a 9507 5ab4dc CheckTokenMembership 9323->9507 9325 5a99d7 9508 5a6d40 9325->9508 9327 5a99e6 9328 5a99f4 9327->9328 9511 5abb70 9327->9511 9328->9266 9329 5a99b9 9329->9325 9569 5ab4fc 9329->9569 9332 5a9a00 9514 5ab708 9332->9514 9339 5a9a13 9345 5a9a9f 9339->9345 9527 5ab1ac 9339->9527 9343 5a9a3c 9343->9339 9582 5aae74 9343->9582 9350 5ab674 NtQueryInformationToken 9345->9350 9360 5a9ade 9345->9360 9356 5a9acc 9350->9356 9356->9360 9606 5b31e8 9356->9606 9357 5a9a7a 9357->9345 9359 5a686c RtlFreeHeap 9357->9359 9361 5a9a89 9359->9361 9541 5ac3f8 9360->9541 9362 5a686c RtlFreeHeap 9361->9362 9363 5a9a94 9362->9363 9364 5a686c RtlFreeHeap 9363->9364 9364->9345 9367 5b7482 9365->9367 9366 5b7498 31 API calls 9367->9366 9368 5b74a3 9367->9368 9378 5b74b2 9367->9378 9669 5a9bb0 9368->9669 9372 5b7631 9375 5b7637 9372->9375 9376 5b7646 9372->9376 9373 5b7624 9738 5b205c 9373->9738 9377 5a9bb0 14 API calls 9375->9377 9379 5b764c 9376->9379 9380 5b7656 9376->9380 9383 5b763c 9377->9383 9378->9372 9378->9373 9822 5b73ac 9379->9822 9381 5b765c 9380->9381 9382 5b7675 9380->9382 9833 5b6fa0 9381->9833 9386 5b767b 9382->9386 9387 5b7685 9382->9387 9789 5b1ef4 9383->9789 9860 5b390c 9386->9860 9391 5b768b 9387->9391 9392 5b76d8 9387->9392 9396 5b76ba 9391->9396 9867 5b6da8 9391->9867 9394 5b76de 9392->9394 9395 5b76e7 9392->9395 9397 5b6bbc 2 API calls 9394->9397 9912 5aa338 9395->9912 9396->9366 9881 5b04b4 9396->9881 9397->9366 9402 5b771c 9916 5b2428 9402->9916 9404 5aa338 2 API calls 9405 5b770b 9404->9405 9405->9402 9406 5b7710 9405->9406 9407 5a9bb0 14 API calls 9406->9407 9408 5b7715 9407->9408 9409 5b7034 140 API calls 9408->9409 9409->9366 9411 5a5afe 9410->9411 9412 5a5b18 9410->9412 9413 5a5aec 3 API calls 9411->9413 9414 5a5aec 3 API calls 9412->9414 9416 5a5b40 9412->9416 9413->9412 9414->9416 9415 5a5c0a 9415->9272 9415->9273 9416->9415 9438 5a5a84 9416->9438 9453 5a5c24 9418->9453 9420 5a5db5 9421 5a5dcb 9420->9421 9422 5a5aec 3 API calls 9420->9422 9421->9279 9423 5a5ddb RtlAllocateHeap 9422->9423 9423->9420 9425 5ab458 NtSetInformationThread 9424->9425 9425->9316 9428 5b7754 9427->9428 9468 5a6844 9428->9468 9430 5a6548 9433 5ab470 9430->9433 9432 5b7764 9432->9430 9471 5a686c 9432->9471 9434 5a5aec 3 API calls 9433->9434 9435 5ab495 9434->9435 9436 5ab49e NtProtectVirtualMemory 9435->9436 9437 5ab4bb 9435->9437 9436->9437 9437->9272 9439 5a5ae2 9438->9439 9440 5a5ab0 9438->9440 9439->9416 9440->9439 9445 5a5a20 9440->9445 9442 5a5ac4 9442->9439 9443 5a5ad8 9442->9443 9448 5a59d4 9443->9448 9446 5a5a37 9445->9446 9447 5a5a65 LdrLoadDll 9446->9447 9447->9442 9449 5a59e3 9448->9449 9450 5a5a04 LdrGetProcedureAddress 9448->9450 9452 5a59ef LdrGetProcedureAddress 9449->9452 9451 5a5a16 9450->9451 9451->9439 9452->9451 9454 5a5c51 9453->9454 9455 5a5c37 9453->9455 9457 5a5c79 9454->9457 9458 5a5aec 3 API calls 9454->9458 9456 5a5aec 3 API calls 9455->9456 9456->9454 9459 5a5aec 3 API calls 9457->9459 9460 5a5ca1 9457->9460 9458->9457 9459->9460 9461 5a5ce9 FindFirstFileW 9460->9461 9462 5a5d5a 9460->9462 9463 5a5d19 FindClose 9460->9463 9464 5a5d37 FindNextFileW 9460->9464 9461->9460 9462->9420 9465 5a5a20 LdrLoadDll 9463->9465 9464->9460 9466 5a5d4b FindClose 9464->9466 9467 5a5d30 9465->9467 9466->9460 9467->9420 9469 5a684c 9468->9469 9470 5a685a RtlAllocateHeap 9469->9470 9470->9432 9472 5a6874 9471->9472 9473 5a6882 RtlFreeHeap 9472->9473 9473->9430 9610 5a6de8 9474->9610 9476 5a6f60 9477 5a7237 9476->9477 9478 5a6844 RtlAllocateHeap 9476->9478 9477->9323 9483 5a6f7d 9478->9483 9479 5a722f 9480 5a686c RtlFreeHeap 9479->9480 9480->9477 9481 5a7221 9482 5a686c RtlFreeHeap 9481->9482 9482->9479 9483->9479 9483->9481 9484 5a7000 9483->9484 9485 5a6844 RtlAllocateHeap 9483->9485 9486 5a6844 RtlAllocateHeap 9484->9486 9487 5a7033 9484->9487 9485->9484 9486->9487 9488 5a7066 9487->9488 9489 5a6844 RtlAllocateHeap 9487->9489 9490 5a6844 RtlAllocateHeap 9488->9490 9492 5a7099 9488->9492 9489->9488 9490->9492 9491 5a7132 9498 5a6844 RtlAllocateHeap 9491->9498 9499 5a7169 9491->9499 9493 5a70cc 9492->9493 9494 5a6844 RtlAllocateHeap 9492->9494 9495 5a6844 RtlAllocateHeap 9493->9495 9496 5a70ff 9493->9496 9494->9493 9495->9496 9496->9491 9497 5a6844 RtlAllocateHeap 9496->9497 9497->9491 9498->9499 9499->9481 9500 5a6844 RtlAllocateHeap 9499->9500 9501 5a71a4 9500->9501 9501->9481 9613 5a6ee4 9501->9613 9503 5a71cc 9504 5a6844 RtlAllocateHeap 9503->9504 9505 5a71eb 9504->9505 9505->9481 9506 5a686c RtlFreeHeap 9505->9506 9506->9481 9507->9329 9509 5a6844 RtlAllocateHeap 9508->9509 9510 5a6d55 9509->9510 9510->9327 9512 5a6844 RtlAllocateHeap 9511->9512 9513 5abb81 9512->9513 9513->9332 9515 5ab715 9514->9515 9516 5a9a0a 9515->9516 9517 5ab71c RtlAdjustPrivilege 9515->9517 9518 5ab674 9516->9518 9517->9515 9517->9516 9519 5ab68b 9518->9519 9520 5ab68f NtQueryInformationToken 9519->9520 9521 5a9a0f 9519->9521 9520->9521 9521->9339 9522 5ab388 9521->9522 9622 5a97d8 9522->9622 9524 5ab3a5 9525 5a9a29 9524->9525 9632 5a9880 9524->9632 9525->9339 9581 5ab4dc CheckTokenMembership 9525->9581 9528 5ab1ca 9527->9528 9529 5a6844 RtlAllocateHeap 9528->9529 9531 5ab1d5 9529->9531 9530 5a9a58 9530->9345 9599 5ab5b8 9530->9599 9531->9530 9532 5a686c RtlFreeHeap 9531->9532 9535 5ab1f6 9532->9535 9533 5ab350 9534 5a686c RtlFreeHeap 9533->9534 9534->9530 9535->9533 9639 5a6e18 9535->9639 9537 5ab306 9538 5a6e18 RtlAllocateHeap 9537->9538 9539 5ab32b 9538->9539 9540 5a6e18 RtlAllocateHeap 9539->9540 9540->9533 9542 5a9af3 9541->9542 9543 5ac418 9541->9543 9563 5ae2b8 9542->9563 9544 5a6de8 RtlAllocateHeap 9543->9544 9545 5ac429 9544->9545 9545->9542 9546 5a6844 RtlAllocateHeap 9545->9546 9550 5ac445 9546->9550 9547 5ac645 9548 5a686c RtlFreeHeap 9547->9548 9548->9542 9549 5a686c RtlFreeHeap 9549->9547 9550->9547 9551 5ac499 CreateFileW 9550->9551 9554 5ac636 9550->9554 9552 5ac4ed WriteFile 9551->9552 9551->9554 9553 5ac508 RegCreateKeyExW 9552->9553 9552->9554 9553->9554 9555 5ac531 RegSetValueExW 9553->9555 9554->9549 9557 5ac62d NtClose 9555->9557 9558 5ac563 RegCreateKeyExW 9555->9558 9557->9554 9558->9557 9560 5ac5de RegSetValueExW 9558->9560 9560->9557 9562 5ac612 SHChangeNotify 9560->9562 9562->9557 9564 5ae2d4 9563->9564 9642 5ae350 9564->9642 9566 5ae32a 9567 5a9af8 9566->9567 9568 5a686c RtlFreeHeap 9566->9568 9567->9266 9568->9567 9571 5ab511 9569->9571 9570 5a99ce 9570->9325 9575 5ababc 9570->9575 9571->9570 9572 5a6844 RtlAllocateHeap 9571->9572 9574 5ab54a 9572->9574 9573 5a686c RtlFreeHeap 9573->9570 9574->9570 9574->9573 9577 5abad1 9575->9577 9576 5abb66 9576->9325 9577->9576 9646 5a9740 9577->9646 9580 5a686c RtlFreeHeap 9580->9576 9581->9343 9583 5aaebf 9582->9583 9598 5ab074 9583->9598 9650 5aac28 9583->9650 9585 5aaecd 9586 5aafbb 9585->9586 9587 5ab0cf 9585->9587 9585->9598 9589 5a6de8 RtlAllocateHeap 9586->9589 9586->9598 9588 5a6de8 RtlAllocateHeap 9587->9588 9587->9598 9590 5ab0fe 9588->9590 9591 5aafee 9589->9591 9592 5a686c RtlFreeHeap 9590->9592 9590->9598 9593 5a686c RtlFreeHeap 9591->9593 9591->9598 9592->9598 9594 5ab010 9593->9594 9595 5a6de8 RtlAllocateHeap 9594->9595 9594->9598 9596 5ab056 9595->9596 9597 5a686c RtlFreeHeap 9596->9597 9596->9598 9597->9598 9598->9339 9601 5ab5cd 9599->9601 9600 5a9a71 9600->9345 9605 5ab4dc CheckTokenMembership 9600->9605 9601->9600 9602 5a6844 RtlAllocateHeap 9601->9602 9604 5ab606 9602->9604 9603 5a686c RtlFreeHeap 9603->9600 9604->9600 9604->9603 9605->9357 9607 5b31f8 9606->9607 9609 5b3256 9607->9609 9659 5b2f58 9607->9659 9609->9360 9611 5a6844 RtlAllocateHeap 9610->9611 9612 5a6df9 9611->9612 9612->9476 9614 5a6f0b 9613->9614 9619 5a6e8c 9614->9619 9616 5a6f2b 9617 5a686c RtlFreeHeap 9616->9617 9618 5a6f3f 9617->9618 9618->9503 9620 5a6844 RtlAllocateHeap 9619->9620 9621 5a6eaf 9620->9621 9621->9616 9623 5a6844 RtlAllocateHeap 9622->9623 9625 5a97f6 9623->9625 9624 5a97f9 NtQuerySystemInformation 9624->9625 9629 5a980f 9624->9629 9625->9624 9626 5a982c 9625->9626 9636 5a6894 9625->9636 9628 5a686c RtlFreeHeap 9626->9628 9628->9629 9629->9524 9630 5a686c RtlFreeHeap 9629->9630 9631 5a9872 9630->9631 9631->9524 9633 5a98a5 9632->9633 9634 5a996e NtClose 9633->9634 9635 5a9977 9633->9635 9634->9635 9635->9525 9637 5a689c 9636->9637 9638 5a68aa RtlReAllocateHeap 9637->9638 9638->9625 9640 5a6844 RtlAllocateHeap 9639->9640 9641 5a6e2a 9640->9641 9641->9537 9643 5ae35c 9642->9643 9645 5ae369 9642->9645 9644 5a6844 RtlAllocateHeap 9643->9644 9643->9645 9644->9645 9645->9566 9647 5a9752 9646->9647 9649 5a977a 9646->9649 9648 5a6844 RtlAllocateHeap 9647->9648 9648->9649 9649->9580 9651 5a6844 RtlAllocateHeap 9650->9651 9652 5aac4d 9651->9652 9653 5aac83 9652->9653 9654 5a6894 RtlReAllocateHeap 9652->9654 9658 5aac66 9652->9658 9655 5a686c RtlFreeHeap 9653->9655 9654->9652 9655->9658 9656 5a686c RtlFreeHeap 9657 5aadb0 9656->9657 9657->9585 9658->9585 9658->9656 9660 5b2f69 9659->9660 9662 5b30f7 9660->9662 9663 5ab3c0 9660->9663 9662->9609 9664 5ab3cf 9663->9664 9665 5ab3d2 9663->9665 9664->9662 9665->9664 9666 5ab419 NtSetInformationThread 9665->9666 9667 5ab42e 9666->9667 9668 5ab42f NtClose 9666->9668 9667->9668 9668->9664 9670 5a9c5e 9669->9670 9671 5a9bc3 9669->9671 9678 5b7034 9670->9678 9953 5a7fbc 9671->9953 9674 5a9c11 9675 5a9c31 CreateMutexW 9674->9675 9957 5a68ec 9675->9957 9676 5b04b4 13 API calls 9676->9674 9691 5b7051 9678->9691 9679 5b70ff 9680 5b711a CreateThread 9679->9680 9681 5b7145 CreateThread CreateThread 9679->9681 9680->9681 9685 5b7135 9680->9685 10490 5a8f68 RtlAdjustPrivilege 9680->10490 9682 5b717e 9681->9682 9683 5b7183 9681->9683 10474 5a7468 GetLogicalDriveStringsW 9681->10474 10479 5a782c CoInitialize 9681->10479 9963 5a7ca4 OpenSCManagerW 9682->9963 9687 5b718c CreateThread 9683->9687 9688 5b71a4 9683->9688 9684 5b70bc 9684->9679 9690 5a9c64 3 API calls 9684->9690 9685->9681 9687->9688 10464 5a7e58 9687->10464 9698 5b7221 9688->9698 9971 5ab734 9688->9971 9690->9679 9691->9679 9691->9684 10101 5a9c64 9691->10101 9693 5b726b NtTerminateThread 9694 5b727f 9693->9694 9696 5b7288 CreateThread 9694->9696 9697 5b72a3 9694->9697 9696->9697 10485 5a9628 9696->10485 9702 5b72c3 9697->9702 9703 5b7392 9697->9703 9698->9693 9698->9694 9701 5b7201 9705 5b7214 9701->9705 9710 5ae2b8 2 API calls 9701->9710 9706 5b72cc CreateThread 9702->9706 9729 5b72e7 9702->9729 10126 5b1934 9703->10126 9717 5ae2b8 2 API calls 9705->9717 9706->9729 10435 5ac064 9706->10435 9709 5b7339 9715 5ab674 NtQueryInformationToken 9709->9715 9714 5b720f 9710->9714 9713 5ae2b8 2 API calls 9718 5b71f2 9713->9718 10025 5afc88 9714->10025 9720 5b733e 9715->9720 9717->9698 9994 5b0a38 9718->9994 9721 5b7349 9720->9721 9722 5b7342 9720->9722 10062 5a8230 9721->10062 10122 5a8960 9722->10122 9726 5b7390 9726->9366 9728 5b71f7 9730 5ae2b8 2 API calls 9728->9730 9729->9709 10047 5ada00 9729->10047 9731 5b71fc 9730->9731 10001 5b0be4 9731->10001 9733 5b7347 9733->9726 10095 5a9640 9733->10095 9737 5b04b4 13 API calls 9737->9726 9739 5a6934 RtlAllocateHeap 9738->9739 9740 5b2074 9739->9740 9741 5b2096 9740->9741 9742 5b20a5 9740->9742 9788 5b210d 9740->9788 10643 5b0000 9741->10643 10669 5a7428 9742->10669 9746 5b2105 9747 5a686c RtlFreeHeap 9746->9747 9747->9788 9748 5b2122 9750 5a686c RtlFreeHeap 9748->9750 9749 5a6844 RtlAllocateHeap 9782 5b20ea 9749->9782 9750->9788 9751 5b2196 9755 5a686c RtlFreeHeap 9751->9755 9752 5aa338 2 API calls 9752->9782 9753 5aa280 NtSetInformationThread NtClose 9753->9782 9754 5b236f 9756 5a686c RtlFreeHeap 9754->9756 9755->9788 9756->9788 9757 5b228e 9758 5a686c RtlFreeHeap 9757->9758 9758->9788 9759 5b22a1 10681 5aa3dc 9759->10681 9760 5b2271 9763 5a686c RtlFreeHeap 9760->9763 9761 5b23a1 9766 5a6984 RtlAllocateHeap 9761->9766 9762 5a686c RtlFreeHeap 9762->9782 9763->9788 9764 5b22c5 9768 5b232d 9764->9768 9769 5b2323 9764->9769 9765 5b2382 9765->9761 9770 5b2397 9765->9770 9771 5b23fa 9766->9771 10685 5a6a74 9768->10685 9775 5a6984 RtlAllocateHeap 9769->9775 9777 5a686c RtlFreeHeap 9770->9777 9778 5a686c RtlFreeHeap 9771->9778 9774 5b22b8 9779 5a686c RtlFreeHeap 9774->9779 9780 5b232b 9775->9780 9777->9788 9781 5b2403 9778->9781 9779->9788 9783 5a686c RtlFreeHeap 9780->9783 9785 5b096c 11 API calls 9781->9785 9781->9788 9782->9746 9782->9748 9782->9749 9782->9751 9782->9752 9782->9753 9782->9754 9782->9757 9782->9759 9782->9760 9782->9761 9782->9762 9782->9764 9782->9765 9784 5aab68 NtSetInformationThread NtClose 9782->9784 9782->9788 10675 5aa958 9782->10675 9786 5b233e 9783->9786 9784->9782 9785->9788 9786->9788 10689 5b096c 9786->10689 9788->9366 9790 5b1d28 2 API calls 9789->9790 9791 5b1f02 9790->9791 9792 5b1f27 9791->9792 9793 5b1f06 9791->9793 9795 5a9640 2 API calls 9792->9795 9794 5b1f22 9793->9794 9796 5b04b4 13 API calls 9793->9796 9794->9366 9797 5b1f2c 9795->9797 9796->9794 9798 5b1f3a 9797->9798 9799 5b1f30 9797->9799 10698 5ab4dc CheckTokenMembership 9798->10698 9800 5b7034 140 API calls 9799->9800 9802 5b1f35 9800->9802 9802->9366 9803 5b2056 9803->9366 9804 5b1fb5 9805 5b1ffe 9804->9805 9810 5a9c64 3 API calls 9804->9810 10699 5b0e30 9805->10699 9806 5a9c64 3 API calls 9806->9804 9808 5b1f3f 9808->9803 9808->9804 9808->9806 9810->9805 9815 5b0e98 3 API calls 9816 5b2043 9815->9816 10747 5b1170 9816->10747 9819 5a8230 14 API calls 9820 5b204f 9819->9820 9821 5b16ac 2 API calls 9820->9821 9821->9803 10786 5b1be8 9822->10786 9825 5a8230 14 API calls 9826 5b73bf 9825->9826 9827 5ab674 NtQueryInformationToken 9826->9827 9829 5b73d8 9827->9829 9828 5b7450 9828->9366 9829->9828 9830 5a9640 2 API calls 9829->9830 9831 5b7430 9830->9831 9832 5b04b4 13 API calls 9831->9832 9832->9828 9834 5b3954 RtlAllocateHeap 9833->9834 9838 5b6fb2 9834->9838 9835 5b7021 9836 5b702f 9835->9836 9837 5a686c RtlFreeHeap 9835->9837 9848 5b6bbc 9836->9848 9837->9836 9838->9835 9839 5b6ff6 9838->9839 10800 5b6490 9838->10800 10818 5b3ea0 9839->10818 9845 5b7017 9847 5b3ea0 2 API calls 9845->9847 9847->9835 9849 5b6d9f 9848->9849 9850 5b6bd0 9848->9850 9849->9366 9851 5b3954 RtlAllocateHeap 9850->9851 9856 5b6be0 9851->9856 9852 5b6d91 9852->9849 9854 5a686c RtlFreeHeap 9852->9854 9853 5a686c RtlFreeHeap 9853->9852 9854->9849 9855 5b6c86 9855->9852 9855->9853 9856->9855 9857 5a6844 RtlAllocateHeap 9856->9857 9858 5b6ca8 9857->9858 9858->9855 11126 5b6688 9858->11126 9861 5b3954 RtlAllocateHeap 9860->9861 9865 5b391e 9861->9865 9862 5b3942 9863 5b3950 9862->9863 9864 5a686c RtlFreeHeap 9862->9864 9863->9366 9864->9863 9865->9862 11136 5b3784 9865->11136 9868 5b6dc4 9867->9868 9869 5a6de8 RtlAllocateHeap 9868->9869 9870 5b6ed5 9869->9870 9871 5a6de8 RtlAllocateHeap 9870->9871 9880 5b6ede 9870->9880 9872 5b6eef 9871->9872 9877 5a6de8 RtlAllocateHeap 9872->9877 9872->9880 9873 5b6f7b 9875 5b6f89 9873->9875 9878 5a686c RtlFreeHeap 9873->9878 9874 5a686c RtlFreeHeap 9874->9873 9876 5b6f97 9875->9876 9879 5a686c RtlFreeHeap 9875->9879 9876->9396 9877->9880 9878->9875 9879->9876 9880->9873 9880->9874 9882 5b04e9 9881->9882 9883 5a6de8 RtlAllocateHeap 9882->9883 9884 5b0562 9883->9884 9885 5a6844 RtlAllocateHeap 9884->9885 9911 5b056b 9884->9911 9888 5b0582 9885->9888 9886 5b0930 9887 5b093e 9886->9887 9890 5a686c RtlFreeHeap 9886->9890 9891 5b094c 9887->9891 9893 5a686c RtlFreeHeap 9887->9893 9888->9911 11154 5b0338 9888->11154 9889 5a686c RtlFreeHeap 9889->9886 9890->9887 9894 5b095a 9891->9894 9896 5a686c RtlFreeHeap 9891->9896 9893->9891 9894->9366 9895 5b05b3 9897 5b05d4 GetTempFileNameW CreateFileW 9895->9897 9895->9911 9896->9894 9898 5b0619 WriteFile 9897->9898 9897->9911 9899 5b0635 CreateProcessW 9898->9899 9898->9911 9901 5b069f NtQueryInformationProcess 9899->9901 9899->9911 9902 5b06c3 NtReadVirtualMemory 9901->9902 9901->9911 9903 5b06ea 9902->9903 9902->9911 9904 5a6de8 RtlAllocateHeap 9903->9904 9905 5b06f4 9904->9905 9906 5b0758 NtProtectVirtualMemory 9905->9906 9905->9911 9907 5b0784 NtWriteVirtualMemory 9906->9907 9906->9911 9908 5b079e 9907->9908 9907->9911 9909 5b0829 CreateNamedPipeW 9908->9909 9908->9911 9910 5b0895 ResumeThread ConnectNamedPipe 9909->9910 9909->9911 9910->9911 9911->9886 9911->9889 9913 5aa35b 9912->9913 9914 5aa375 9913->9914 9915 5ab3c0 2 API calls 9913->9915 9914->9402 9914->9404 9915->9914 9917 5a6934 RtlAllocateHeap 9916->9917 9930 5b2440 9917->9930 9918 5aa338 2 API calls 9918->9930 9919 5aa280 NtSetInformationThread NtClose 9919->9930 9920 5b25bc 9921 5a686c RtlFreeHeap 9920->9921 9946 5b24c6 9921->9946 9922 5b24db 9923 5a686c RtlFreeHeap 9922->9923 9923->9946 9924 5b24ee 9927 5aa3dc 2 API calls 9924->9927 9925 5b24be 9928 5a686c RtlFreeHeap 9925->9928 9926 5b25ee 9932 5a6984 RtlAllocateHeap 9926->9932 9934 5b2501 9927->9934 9928->9946 9929 5b2512 9935 5b257a 9929->9935 9936 5b2570 9929->9936 9930->9918 9930->9919 9930->9920 9930->9922 9930->9924 9930->9925 9930->9926 9930->9929 9931 5b25cf 9930->9931 9930->9946 9948 5aab68 NtSetInformationThread NtClose 9930->9948 9950 5a686c RtlFreeHeap 9930->9950 9931->9926 9937 5b25e4 9931->9937 9933 5b2647 9932->9933 9938 5a686c RtlFreeHeap 9933->9938 9934->9929 9939 5b2505 9934->9939 9941 5a6a74 RtlAllocateHeap 9935->9941 9940 5a6984 RtlAllocateHeap 9936->9940 9942 5a686c RtlFreeHeap 9937->9942 9943 5b2650 9938->9943 9944 5a686c RtlFreeHeap 9939->9944 9945 5b2578 9940->9945 9941->9945 9942->9946 9943->9946 9949 5b096c 11 API calls 9943->9949 9944->9946 9947 5a686c RtlFreeHeap 9945->9947 9946->9366 9951 5b258b 9947->9951 9948->9930 9949->9946 9950->9930 9951->9946 9952 5b096c 11 API calls 9951->9952 9952->9946 9954 5a7fd5 9953->9954 9956 5a808e 9954->9956 9960 5a68c0 9954->9960 9956->9674 9956->9676 9958 5a686c RtlFreeHeap 9957->9958 9959 5a68fb 9958->9959 9959->9670 9961 5a6844 RtlAllocateHeap 9960->9961 9962 5a68d6 9961->9962 9962->9956 9964 5a7dda 9963->9964 9965 5a7cd2 9963->9965 9966 5a7df7 9964->9966 9967 5a686c RtlFreeHeap 9964->9967 9968 5a6844 RtlAllocateHeap 9965->9968 9966->9683 9967->9966 9969 5a7d01 9968->9969 9969->9964 10155 5adc60 9969->10155 9972 5a68c0 RtlAllocateHeap 9971->9972 9973 5ab73c 9972->9973 9974 5ab742 NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess 9973->9974 9975 5ab784 9973->9975 9976 5a68ec RtlFreeHeap 9974->9976 9977 5ae1e8 9975->9977 9976->9975 9978 5ae1f5 9977->9978 9979 5ae22a CreateThread 9978->9979 9980 5ae25a 9978->9980 9981 5ab444 NtSetInformationThread 9978->9981 9979->9978 10159 5ade78 SetThreadPriority 9979->10159 9980->9698 9980->9701 9983 5aa68c 9980->9983 9982 5ae24b NtClose 9981->9982 9982->9978 9984 5aa6b3 GetVolumeNameForVolumeMountPointW 9983->9984 9986 5aa6f6 FindFirstVolumeW 9984->9986 9989 5aa947 9986->9989 9993 5aa712 9986->9993 9987 5aa72b GetVolumePathNamesForVolumeNameW 9987->9993 9988 5aa75c GetDriveTypeW 9988->9993 9989->9713 9990 5aa7fd CreateFileW 9991 5aa823 DeviceIoControl 9990->9991 9990->9993 9991->9993 9992 5aa600 6 API calls 9992->9993 9993->9987 9993->9988 9993->9989 9993->9990 9993->9992 9995 5b0a92 9994->9995 9998 5b0b08 9995->9998 10000 5b0b63 9995->10000 10167 5ab4dc CheckTokenMembership 9995->10167 9997 5b0b0c 9997->9728 9998->9997 10168 5a6984 9998->10168 10000->9728 10002 5b0bf9 10001->10002 10172 5aa488 CreateThread 10002->10172 10004 5b0c0b 10005 5b0c11 10004->10005 10006 5a6844 RtlAllocateHeap 10004->10006 10007 5b0e0a 10005->10007 10009 5a686c RtlFreeHeap 10005->10009 10008 5b0c23 10006->10008 10010 5b0e18 10007->10010 10012 5a686c RtlFreeHeap 10007->10012 10008->10005 10011 5aa488 6 API calls 10008->10011 10009->10007 10013 5b0e26 10010->10013 10015 5a686c RtlFreeHeap 10010->10015 10014 5b0c40 10011->10014 10012->10010 10013->9701 10014->10005 10016 5a6844 RtlAllocateHeap 10014->10016 10015->10013 10017 5b0c5b 10016->10017 10017->10005 10018 5a6844 RtlAllocateHeap 10017->10018 10021 5b0c76 10018->10021 10020 5a6984 RtlAllocateHeap 10022 5b0cd2 CreateThread 10020->10022 10021->10005 10021->10020 10023 5a6984 RtlAllocateHeap 10021->10023 10024 5ab3c0 2 API calls 10021->10024 10180 5aa1c0 CreateThread 10021->10180 10022->10021 10190 5af308 GetFileAttributesW 10022->10190 10023->10021 10024->10021 10026 5afcb4 10025->10026 10027 5a6844 RtlAllocateHeap 10026->10027 10028 5afcc1 10027->10028 10041 5afcca 10028->10041 10352 5af82c CoInitialize 10028->10352 10030 5affdb 10033 5affe9 10030->10033 10035 5a686c RtlFreeHeap 10030->10035 10032 5a686c RtlFreeHeap 10032->10030 10036 5afff7 10033->10036 10038 5a686c RtlFreeHeap 10033->10038 10034 5a6844 RtlAllocateHeap 10037 5afcf7 10034->10037 10035->10033 10036->9705 10039 5a6844 RtlAllocateHeap 10037->10039 10037->10041 10038->10036 10046 5afd12 10039->10046 10040 5af59c NtSetInformationThread NtClose 10040->10046 10041->10030 10041->10032 10043 5af6d8 NtSetInformationThread NtClose 10043->10046 10044 5a686c RtlFreeHeap 10044->10046 10045 5ab3c0 2 API calls 10045->10046 10046->10040 10046->10041 10046->10043 10046->10044 10046->10045 10360 5a69e0 10046->10360 10364 5acedc 10047->10364 10049 5adb6a 10052 5a686c RtlFreeHeap 10049->10052 10053 5adb78 10049->10053 10050 5ada39 10055 5a6de8 RtlAllocateHeap 10050->10055 10057 5ada42 10050->10057 10051 5a686c RtlFreeHeap 10051->10049 10052->10053 10054 5adb86 10053->10054 10056 5a686c RtlFreeHeap 10053->10056 10054->9709 10058 5ada8f 10055->10058 10056->10054 10057->10049 10057->10051 10058->10057 10059 5a6844 RtlAllocateHeap 10058->10059 10060 5adac5 10059->10060 10060->10057 10368 5acfcc 10060->10368 10063 5a828b 10062->10063 10064 5a8290 10062->10064 10065 5a8909 10063->10065 10066 5a686c RtlFreeHeap 10063->10066 10064->10063 10407 5b0e98 10064->10407 10067 5a686c RtlFreeHeap 10065->10067 10069 5a8917 10065->10069 10066->10065 10067->10069 10069->9733 10070 5a82ed 10070->10063 10071 5a6844 RtlAllocateHeap 10070->10071 10072 5a83cf 10071->10072 10072->10063 10073 5a8401 10072->10073 10074 5a83e7 10072->10074 10075 5a6de8 RtlAllocateHeap 10073->10075 10076 5a6de8 RtlAllocateHeap 10074->10076 10077 5a83f1 10075->10077 10076->10077 10077->10063 10078 5a8434 10077->10078 10080 5a8448 10077->10080 10079 5a686c RtlFreeHeap 10078->10079 10079->10063 10080->10063 10081 5a84fb DrawTextW 10080->10081 10081->10063 10082 5a8523 10081->10082 10082->10063 10083 5a865d CreateFileW 10082->10083 10083->10063 10084 5a8686 WriteFile 10083->10084 10084->10063 10085 5a86a7 WriteFile 10084->10085 10085->10063 10086 5a86c5 WriteFile 10085->10086 10086->10063 10087 5a86e3 10086->10087 10414 5a6c98 10087->10414 10089 5a8705 10089->10063 10090 5a8788 RegCreateKeyExW 10089->10090 10090->10063 10091 5a87b9 10090->10091 10092 5a87f2 RegSetValueExW 10091->10092 10092->10063 10093 5a881f 10092->10093 10094 5a887e RegSetValueExW 10093->10094 10094->10063 10098 5a9669 10095->10098 10096 5a9735 10096->9737 10097 5a686c RtlFreeHeap 10097->10096 10100 5a9698 10098->10100 10420 5ac8c4 10098->10420 10100->10096 10100->10097 10103 5a9c96 10101->10103 10102 5a9c9a 10102->9684 10103->10102 10426 5b3954 10103->10426 10105 5aa04a 10107 5aa05e 10105->10107 10108 5a686c RtlFreeHeap 10105->10108 10106 5a686c RtlFreeHeap 10106->10105 10109 5aa072 10107->10109 10110 5a686c RtlFreeHeap 10107->10110 10108->10107 10111 5aa086 10109->10111 10112 5a686c RtlFreeHeap 10109->10112 10110->10109 10111->9684 10112->10111 10113 5a9e11 10114 5ab674 NtQueryInformationToken 10113->10114 10119 5a9e20 10113->10119 10115 5a9ee2 10114->10115 10116 5a6de8 RtlAllocateHeap 10115->10116 10115->10119 10117 5a9f25 10116->10117 10118 5a6de8 RtlAllocateHeap 10117->10118 10117->10119 10120 5a9f45 10118->10120 10119->10105 10119->10106 10120->10119 10121 5a6de8 RtlAllocateHeap 10120->10121 10121->10119 10124 5a8971 10122->10124 10123 5a8b6c 10123->9733 10124->10123 10125 5ab3c0 2 API calls 10124->10125 10125->10123 10127 5a6de8 RtlAllocateHeap 10126->10127 10129 5b1967 10127->10129 10128 5b1aa8 10131 5b1ab6 10128->10131 10133 5a686c RtlFreeHeap 10128->10133 10140 5b1970 10129->10140 10429 5b18b8 10129->10429 10130 5a686c RtlFreeHeap 10130->10128 10134 5b1ac4 10131->10134 10135 5a686c RtlFreeHeap 10131->10135 10133->10131 10143 5b1d28 10134->10143 10135->10134 10136 5b19a4 10137 5a6934 RtlAllocateHeap 10136->10137 10136->10140 10138 5b19bf 10137->10138 10139 5a6de8 RtlAllocateHeap 10138->10139 10138->10140 10141 5b1a25 10139->10141 10140->10128 10140->10130 10142 5a686c RtlFreeHeap 10141->10142 10142->10140 10144 5b1e2c 10143->10144 10147 5b1e5a 10144->10147 10432 5b1c34 10144->10432 10146 5b1eeb 10149 5b16ac 10146->10149 10147->10146 10148 5a686c RtlFreeHeap 10147->10148 10148->10146 10150 5b16c4 10149->10150 10151 5a6de8 RtlAllocateHeap 10150->10151 10152 5b16fe 10151->10152 10153 5b1707 10152->10153 10154 5a686c RtlFreeHeap 10152->10154 10153->9726 10154->10153 10156 5adcba 10155->10156 10157 5adcd2 10156->10157 10158 5adcbe NtTerminateProcess 10156->10158 10157->9969 10158->10157 10166 5ade8f 10159->10166 10160 5adef1 ReadFile 10160->10166 10161 5ae0aa WriteFile 10161->10166 10162 5ae150 NtClose 10162->10166 10163 5adee2 10164 5a686c RtlFreeHeap 10164->10166 10165 5ae031 WriteFile 10165->10166 10166->10160 10166->10161 10166->10162 10166->10163 10166->10164 10166->10165 10167->9998 10169 5a699c 10168->10169 10170 5a69b2 10169->10170 10171 5a6844 RtlAllocateHeap 10169->10171 10170->10000 10171->10170 10173 5aa524 10172->10173 10175 5aa4c8 10172->10175 10188 5aa470 GetLogicalDriveStringsW 10172->10188 10173->10004 10174 5aa4fa ResumeThread 10177 5aa50e GetExitCodeThread 10174->10177 10175->10174 10176 5ab3c0 2 API calls 10175->10176 10178 5aa4d9 10176->10178 10177->10173 10178->10174 10179 5aa4dd 10178->10179 10179->10004 10181 5aa24f 10180->10181 10182 5aa1f3 10180->10182 10189 5aa1b0 GetDriveTypeW 10180->10189 10181->10021 10183 5aa225 ResumeThread 10182->10183 10184 5ab3c0 2 API calls 10182->10184 10186 5aa239 GetExitCodeThread 10183->10186 10185 5aa204 10184->10185 10185->10183 10187 5aa208 10185->10187 10186->10181 10187->10021 10191 5af37f SetThreadPriority 10190->10191 10192 5af321 10190->10192 10195 5af38e 10191->10195 10193 5af371 10192->10193 10272 5aa094 FindFirstFileExW 10192->10272 10196 5a686c RtlFreeHeap 10193->10196 10198 5a6844 RtlAllocateHeap 10195->10198 10199 5af379 10196->10199 10204 5af3ad 10198->10204 10200 5af34b 10201 5ac19c 10 API calls 10200->10201 10203 5af355 10201->10203 10206 5aef6c 14 API calls 10203->10206 10207 5a686c RtlFreeHeap 10204->10207 10210 5a686c RtlFreeHeap 10204->10210 10211 5af54c 10204->10211 10213 5af514 FindNextFileW 10204->10213 10216 5af1c8 RtlAllocateHeap 10204->10216 10218 5ac19c 10204->10218 10237 5af164 10204->10237 10241 5aef6c 10204->10241 10208 5af36b 10206->10208 10209 5af3dd FindFirstFileExW 10207->10209 10209->10204 10210->10204 10212 5a686c RtlFreeHeap 10211->10212 10214 5af56f 10212->10214 10213->10204 10215 5af52c FindClose 10213->10215 10215->10204 10216->10204 10219 5ac1b8 10218->10219 10234 5ac1b3 10218->10234 10275 5a6934 10219->10275 10222 5ac1d0 GetFileAttributesW 10223 5ac1e0 10222->10223 10224 5ac23e 10223->10224 10225 5ac225 10223->10225 10227 5ac246 10224->10227 10228 5ac255 GetFileAttributesW 10224->10228 10226 5ac28c 5 API calls 10225->10226 10229 5ac22d 10226->10229 10279 5ac28c CreateFileW 10227->10279 10231 5ac26e CopyFileW 10228->10231 10232 5ac262 10228->10232 10233 5a686c RtlFreeHeap 10229->10233 10236 5a686c RtlFreeHeap 10231->10236 10235 5a686c RtlFreeHeap 10232->10235 10233->10234 10234->10204 10235->10227 10236->10234 10238 5af17c 10237->10238 10239 5a6844 RtlAllocateHeap 10238->10239 10240 5af192 10238->10240 10239->10240 10240->10204 10242 5aef8d 10241->10242 10243 5af155 10241->10243 10290 5ae3ac 10242->10290 10243->10204 10246 5af14d 10248 5a686c RtlFreeHeap 10246->10248 10248->10243 10249 5aefa5 10249->10246 10250 5aefb9 10249->10250 10251 5aefcc 10249->10251 10303 5aec00 10250->10303 10327 5aece4 10251->10327 10254 5aefe7 MoveFileExW 10255 5aeff9 10254->10255 10260 5aefc7 10254->10260 10258 5af051 CreateFileW 10255->10258 10267 5af075 10255->10267 10256 5af034 10259 5a686c RtlFreeHeap 10256->10259 10257 5a686c RtlFreeHeap 10257->10260 10261 5af07a 10258->10261 10258->10267 10259->10255 10260->10246 10260->10254 10260->10255 10260->10256 10260->10257 10262 5aece4 RtlAllocateHeap 10260->10262 10307 5aed30 10261->10307 10262->10260 10263 5a686c RtlFreeHeap 10263->10246 10266 5af0a3 CreateIoCompletionPort 10268 5af0ba 10266->10268 10269 5af0dc 10266->10269 10267->10246 10267->10263 10270 5a686c RtlFreeHeap 10268->10270 10269->10267 10271 5a686c RtlFreeHeap 10269->10271 10270->10267 10271->10267 10273 5aa0e5 10272->10273 10274 5aa0c5 FindClose 10272->10274 10273->10193 10273->10200 10274->10273 10276 5a694a 10275->10276 10277 5a6844 RtlAllocateHeap 10276->10277 10278 5a6961 10276->10278 10277->10278 10278->10222 10278->10234 10280 5ac3ed 10279->10280 10281 5ac2bd 10279->10281 10280->10234 10282 5ac2f5 WriteFile 10281->10282 10283 5ac31a 10282->10283 10284 5ac32c WriteFile 10282->10284 10283->10234 10285 5ac353 10284->10285 10286 5ac365 WriteFile 10284->10286 10285->10234 10287 5ac38a 10286->10287 10288 5ac39c WriteFile 10286->10288 10287->10234 10288->10281 10289 5ac3c3 10288->10289 10289->10234 10291 5ae3c5 SetFileAttributesW CreateFileW 10290->10291 10293 5ae3f3 10291->10293 10294 5ae40b 10291->10294 10293->10291 10293->10294 10331 5ade48 10293->10331 10294->10246 10295 5ae45c SetFileAttributesW CreateFileW 10294->10295 10296 5ae49c SetFilePointerEx 10295->10296 10297 5ae508 10295->10297 10296->10297 10298 5ae4bb ReadFile 10296->10298 10297->10249 10298->10297 10299 5ae4da 10298->10299 10300 5ae350 RtlAllocateHeap 10299->10300 10301 5ae4eb 10300->10301 10301->10297 10302 5a686c RtlFreeHeap 10301->10302 10302->10297 10304 5aec0d 10303->10304 10305 5a6934 RtlAllocateHeap 10304->10305 10306 5aec19 10305->10306 10306->10260 10308 5aed60 10307->10308 10309 5aed91 10308->10309 10310 5ae2b8 2 API calls 10308->10310 10311 5a6844 RtlAllocateHeap 10309->10311 10310->10309 10318 5aed9d 10311->10318 10312 5aef39 10314 5aef47 10312->10314 10315 5a686c RtlFreeHeap 10312->10315 10313 5a686c RtlFreeHeap 10313->10312 10316 5aef55 10314->10316 10317 5a686c RtlFreeHeap 10314->10317 10315->10314 10316->10266 10316->10267 10317->10316 10319 5a6844 RtlAllocateHeap 10318->10319 10326 5aeee4 10318->10326 10320 5aedfa 10319->10320 10321 5a6844 RtlAllocateHeap 10320->10321 10320->10326 10322 5aee29 10321->10322 10323 5a6844 RtlAllocateHeap 10322->10323 10322->10326 10324 5aeedb 10323->10324 10325 5a686c RtlFreeHeap 10324->10325 10324->10326 10325->10326 10326->10312 10326->10313 10328 5aecf2 10327->10328 10329 5a6934 RtlAllocateHeap 10328->10329 10330 5aed01 10329->10330 10330->10260 10332 5ade53 10331->10332 10333 5ade60 10332->10333 10337 5adce4 10332->10337 10334 5ade71 10333->10334 10335 5ade66 Sleep 10333->10335 10334->10293 10335->10334 10338 5add1b 10337->10338 10341 5addf0 10338->10341 10342 5a6844 RtlAllocateHeap 10338->10342 10339 5ade3d 10339->10333 10340 5a686c RtlFreeHeap 10340->10339 10341->10339 10341->10340 10343 5add74 10342->10343 10343->10341 10344 5a6894 RtlReAllocateHeap 10343->10344 10345 5add9d 10343->10345 10344->10343 10345->10341 10347 5adc60 NtTerminateProcess 10345->10347 10348 5adb90 10345->10348 10347->10345 10350 5adbb0 10348->10350 10349 5adc2d 10349->10345 10350->10349 10351 5adc60 NtTerminateProcess 10350->10351 10351->10349 10353 5afc77 10352->10353 10357 5af869 10352->10357 10353->10034 10353->10041 10354 5afa12 CoUninitialize 10354->10353 10356 5af8ee 10356->10354 10359 5a6844 RtlAllocateHeap 10356->10359 10357->10356 10358 5a6844 RtlAllocateHeap 10357->10358 10358->10357 10359->10356 10361 5a69f9 10360->10361 10362 5a6844 RtlAllocateHeap 10361->10362 10363 5a6a19 10362->10363 10363->10046 10366 5acef8 10364->10366 10365 5acf7d 10365->10050 10366->10365 10367 5a6844 RtlAllocateHeap 10366->10367 10367->10365 10369 5ad024 10368->10369 10372 5ad01f 10368->10372 10370 5a6844 RtlAllocateHeap 10369->10370 10369->10372 10381 5ad065 10370->10381 10371 5ad45e 10374 5ad46c 10371->10374 10376 5a686c RtlFreeHeap 10371->10376 10372->10371 10373 5a686c RtlFreeHeap 10372->10373 10373->10371 10375 5ad47a 10374->10375 10377 5a686c RtlFreeHeap 10374->10377 10378 5ad488 10375->10378 10379 5a686c RtlFreeHeap 10375->10379 10376->10374 10377->10375 10380 5ad496 10378->10380 10382 5a686c RtlFreeHeap 10378->10382 10379->10378 10383 5ad4a4 10380->10383 10385 5a686c RtlFreeHeap 10380->10385 10381->10372 10395 5ad67c 10381->10395 10382->10380 10383->10057 10385->10383 10386 5ad08e 10386->10372 10399 5ad4b0 10386->10399 10388 5ad0a1 10388->10372 10403 5ad638 10388->10403 10391 5a6de8 RtlAllocateHeap 10392 5ad0cc 10391->10392 10392->10372 10393 5a6844 RtlAllocateHeap 10392->10393 10394 5a686c RtlFreeHeap 10392->10394 10393->10392 10394->10392 10396 5ad6a7 10395->10396 10397 5a6844 RtlAllocateHeap 10396->10397 10398 5ad7a4 10397->10398 10398->10386 10400 5ad540 10399->10400 10401 5a6844 RtlAllocateHeap 10400->10401 10402 5ad57e 10401->10402 10402->10388 10404 5ad657 10403->10404 10405 5a6de8 RtlAllocateHeap 10404->10405 10406 5ad0b4 10405->10406 10406->10372 10406->10391 10408 5b0edf 10407->10408 10409 5b0fee RegCreateKeyExW 10408->10409 10413 5b0f2c 10408->10413 10410 5b101b RegQueryValueExW 10409->10410 10409->10413 10411 5b104a 10410->10411 10412 5b1096 RegDeleteKeyExW 10411->10412 10411->10413 10412->10413 10413->10070 10415 5a6cd2 NtQueryInformationToken 10414->10415 10417 5a6cbb 10414->10417 10416 5a6ccd 10415->10416 10418 5a6d24 10416->10418 10419 5a686c RtlFreeHeap 10416->10419 10417->10415 10417->10416 10418->10089 10419->10418 10421 5ac8e5 10420->10421 10422 5a6844 RtlAllocateHeap 10421->10422 10424 5ac8f5 10422->10424 10423 5ac917 10423->10100 10424->10423 10425 5a686c RtlFreeHeap 10424->10425 10425->10423 10427 5a6844 RtlAllocateHeap 10426->10427 10428 5b396b 10427->10428 10428->10113 10430 5a6844 RtlAllocateHeap 10429->10430 10431 5b18ce 10430->10431 10431->10136 10433 5a6844 RtlAllocateHeap 10432->10433 10434 5b1c4e 10433->10434 10434->10147 10436 5a6de8 RtlAllocateHeap 10435->10436 10437 5ac080 10436->10437 10438 5ac16b 10437->10438 10440 5a6844 RtlAllocateHeap 10437->10440 10439 5ac179 10438->10439 10441 5a686c RtlFreeHeap 10438->10441 10442 5ac187 10439->10442 10443 5a686c RtlFreeHeap 10439->10443 10446 5ac097 10440->10446 10441->10439 10444 5ac195 10442->10444 10445 5a686c RtlFreeHeap 10442->10445 10443->10442 10445->10444 10446->10438 10447 5a686c RtlFreeHeap 10446->10447 10448 5ac0c5 10447->10448 10449 5a6844 RtlAllocateHeap 10448->10449 10450 5ac0d5 10449->10450 10450->10438 10451 5a6ee4 2 API calls 10450->10451 10452 5ac0eb 10451->10452 10453 5a686c RtlFreeHeap 10452->10453 10454 5ac108 10453->10454 10505 5abf94 10454->10505 10457 5ac14a 10459 5abf94 8 API calls 10457->10459 10458 5ab3c0 2 API calls 10458->10457 10460 5ac155 10459->10460 10461 5abf94 8 API calls 10460->10461 10462 5ac160 10461->10462 10463 5abf94 8 API calls 10462->10463 10463->10438 10473 5a7e60 10464->10473 10465 5a6844 RtlAllocateHeap 10465->10473 10466 5a7e72 NtQuerySystemInformation 10466->10473 10467 5a7ea5 10469 5a686c RtlFreeHeap 10467->10469 10468 5a6894 RtlReAllocateHeap 10468->10473 10470 5a7ead 10469->10470 10471 5a686c RtlFreeHeap 10472 5a7f40 Sleep 10471->10472 10472->10473 10473->10465 10473->10466 10473->10467 10473->10468 10473->10471 10475 5a748b 10474->10475 10476 5a74b3 10474->10476 10475->10476 10477 5a7494 GetDriveTypeW 10475->10477 10536 5a74bc 10475->10536 10477->10475 10480 5a7c9f 10479->10480 10482 5a7861 10479->10482 10483 5a7b6a CoSetProxyBlanket 10482->10483 10484 5a7ac6 CoUninitialize 10482->10484 10483->10484 10484->10480 10596 5a91c8 10485->10596 10487 5a963c 10488 5a962d 10488->10487 10613 5a90bc 10488->10613 10491 5a97d8 4 API calls 10490->10491 10492 5a8fa0 10491->10492 10493 5a9010 10492->10493 10494 5a9880 NtClose 10492->10494 10496 5a9035 10493->10496 10640 5a8ecc 10493->10640 10495 5a8fae 10494->10495 10495->10493 10497 5a8fb7 NtSetInformationThread 10495->10497 10497->10493 10499 5a8fcb 10497->10499 10625 5a8da8 10499->10625 10502 5a9880 NtClose 10503 5a8fee 10502->10503 10503->10493 10634 5a8be0 10503->10634 10506 5abfb9 10505->10506 10507 5ac04f 10506->10507 10508 5a6844 RtlAllocateHeap 10506->10508 10509 5ac05d 10507->10509 10510 5a686c RtlFreeHeap 10507->10510 10511 5abfcb 10508->10511 10509->10457 10509->10458 10510->10509 10511->10507 10514 5abed0 10511->10514 10519 5abc38 10511->10519 10515 5a6934 RtlAllocateHeap 10514->10515 10518 5abeec 10515->10518 10516 5abf8a 10516->10511 10517 5a686c RtlFreeHeap 10517->10516 10518->10516 10518->10517 10520 5abc60 10519->10520 10522 5a6844 RtlAllocateHeap 10520->10522 10532 5abc64 10520->10532 10521 5abea1 DeleteDC 10524 5abeaa 10521->10524 10526 5abc8d 10522->10526 10523 5abeb8 10523->10511 10524->10523 10525 5a686c RtlFreeHeap 10524->10525 10525->10523 10527 5abce0 CreateDCW 10526->10527 10526->10532 10528 5abcfd 10527->10528 10527->10532 10529 5abd9e StartDocW 10528->10529 10529->10532 10533 5abdce 10529->10533 10530 5abdec 10531 5abe6c EndDoc 10530->10531 10531->10532 10532->10521 10532->10524 10533->10530 10534 5abe18 DrawTextA 10533->10534 10535 5abe5a EndPage 10534->10535 10535->10531 10535->10533 10544 5a7590 10536->10544 10538 5a74d4 10539 5a7506 FindFirstFileExW 10538->10539 10541 5a7580 10538->10541 10539->10541 10542 5a752e 10539->10542 10540 5a756c FindNextFileW 10540->10541 10540->10542 10541->10475 10542->10540 10550 5a766c 10542->10550 10545 5a75b0 FindFirstFileExW 10544->10545 10547 5a7662 10545->10547 10549 5a760e FindClose 10545->10549 10547->10538 10549->10547 10551 5a768e 10550->10551 10552 5a7822 10551->10552 10553 5a6844 RtlAllocateHeap 10551->10553 10552->10540 10557 5a76a6 10553->10557 10554 5a77fd 10555 5a7814 10554->10555 10556 5a686c RtlFreeHeap 10554->10556 10555->10552 10558 5a686c RtlFreeHeap 10555->10558 10556->10555 10557->10554 10559 5a76de FindFirstFileExW 10557->10559 10558->10552 10559->10554 10566 5a7706 10559->10566 10560 5a77e5 FindNextFileW 10560->10554 10560->10566 10561 5a6844 RtlAllocateHeap 10561->10566 10562 5a7780 GetFileAttributesW 10562->10566 10564 5a766c 12 API calls 10564->10566 10565 5a686c RtlFreeHeap 10565->10566 10566->10560 10566->10561 10566->10562 10566->10564 10566->10565 10567 5a6668 10566->10567 10568 5a667e 10567->10568 10568->10568 10569 5aa094 2 API calls 10568->10569 10570 5a6695 10569->10570 10571 5a66a5 CreateFileW 10570->10571 10572 5a67a5 10570->10572 10571->10572 10575 5a66cd 10571->10575 10574 5a67d4 NtFreeVirtualMemory 10572->10574 10576 5a67f9 10572->10576 10573 5a66d2 NtAllocateVirtualMemory 10573->10575 10584 5a6703 10573->10584 10574->10572 10575->10573 10575->10584 10577 5a6808 10576->10577 10578 5a67ff NtClose 10576->10578 10587 5a6550 10577->10587 10578->10577 10581 5a6763 WriteFile 10581->10584 10585 5a677d SetFilePointerEx 10581->10585 10582 5a6821 10583 5a6836 10582->10583 10586 5a686c RtlFreeHeap 10582->10586 10583->10566 10584->10572 10584->10581 10585->10581 10585->10584 10586->10583 10588 5a6934 RtlAllocateHeap 10587->10588 10589 5a656a 10588->10589 10590 5a6573 10589->10590 10591 5a6934 RtlAllocateHeap 10589->10591 10592 5a661e DeleteFileW 10590->10592 10593 5a686c RtlFreeHeap 10590->10593 10594 5a6582 10591->10594 10592->10582 10593->10592 10594->10590 10595 5a65df MoveFileExW 10594->10595 10595->10590 10595->10594 10597 5a92a9 10596->10597 10598 5a946d RegCreateKeyExW 10597->10598 10599 5a94c7 RegCreateKeyExW 10598->10599 10609 5a94a1 RegEnumKeyW 10598->10609 10602 5a95bc RegEnumKeyW 10599->10602 10603 5a95e2 10599->10603 10602->10603 10607 5a95e4 OpenEventLogW 10602->10607 10603->10488 10604 5a94cc RegCreateKeyExW 10606 5a94fa RegSetValueExW 10604->10606 10604->10609 10608 5a951c RegSetValueExW 10606->10608 10606->10609 10607->10602 10610 5a95fc ClearEventLogW 10607->10610 10608->10609 10611 5a953a OpenEventLogW 10608->10611 10609->10599 10609->10604 10610->10602 10611->10609 10612 5a9552 ClearEventLogW 10611->10612 10612->10609 10620 5a903c RtlAdjustPrivilege 10613->10620 10615 5a9194 10616 5a91ac CloseServiceHandle 10615->10616 10617 5a91b5 10615->10617 10616->10617 10617->10487 10618 5a90d5 10618->10615 10619 5adc60 NtTerminateProcess 10618->10619 10619->10615 10621 5a97d8 4 API calls 10620->10621 10622 5a9074 10621->10622 10623 5a9880 NtClose 10622->10623 10624 5a9082 10622->10624 10623->10624 10624->10618 10626 5a97d8 4 API calls 10625->10626 10627 5a8dd3 10626->10627 10628 5a8ec2 10627->10628 10629 5a8de0 OpenSCManagerW 10627->10629 10628->10493 10628->10502 10633 5a8df9 10629->10633 10630 5a8eaa CloseServiceHandle 10631 5a8eb3 10630->10631 10631->10628 10632 5a8eb9 CloseServiceHandle 10631->10632 10632->10628 10633->10630 10633->10631 10635 5a8c11 10634->10635 10637 5a6844 RtlAllocateHeap 10635->10637 10639 5a8c4d 10635->10639 10636 5a8d9c 10636->10493 10637->10639 10638 5a686c RtlFreeHeap 10638->10636 10639->10636 10639->10638 10641 5a97d8 4 API calls 10640->10641 10642 5a8ee5 10641->10642 10642->10496 10694 5af59c 10643->10694 10646 5af59c 2 API calls 10648 5b0080 10646->10648 10647 5b0313 10650 5b0321 10647->10650 10652 5a686c RtlFreeHeap 10647->10652 10651 5b00a8 10648->10651 10653 5af59c 2 API calls 10648->10653 10649 5a686c RtlFreeHeap 10649->10647 10654 5b032f 10650->10654 10656 5a686c RtlFreeHeap 10650->10656 10655 5a6844 RtlAllocateHeap 10651->10655 10664 5b00d1 10651->10664 10652->10650 10653->10651 10654->9366 10657 5b00c8 10655->10657 10656->10654 10658 5a6844 RtlAllocateHeap 10657->10658 10657->10664 10659 5b00e3 10658->10659 10660 5ae1e8 9 API calls 10659->10660 10659->10664 10668 5b00f6 10660->10668 10661 5a69e0 RtlAllocateHeap 10661->10668 10662 5b028d 10663 5a686c RtlFreeHeap 10662->10663 10662->10664 10663->10664 10664->10647 10664->10649 10665 5af6d8 NtSetInformationThread NtClose 10665->10668 10666 5a686c RtlFreeHeap 10666->10668 10667 5ab3c0 2 API calls 10667->10668 10668->10661 10668->10662 10668->10665 10668->10666 10668->10667 10670 5a7433 10669->10670 10671 5a6934 RtlAllocateHeap 10670->10671 10673 5a7441 10671->10673 10672 5a7464 10672->9782 10673->10672 10674 5a686c RtlFreeHeap 10673->10674 10674->10672 10676 5aa983 10675->10676 10677 5aa488 6 API calls 10676->10677 10678 5aa99a 10677->10678 10679 5aa9c9 10678->10679 10680 5a6844 RtlAllocateHeap 10678->10680 10679->9782 10680->10679 10682 5aa3ff 10681->10682 10683 5ab3c0 2 API calls 10682->10683 10684 5aa419 10682->10684 10683->10684 10684->9764 10684->9774 10686 5a6a8d 10685->10686 10687 5a6844 RtlAllocateHeap 10686->10687 10688 5a6aa3 10686->10688 10687->10688 10688->9780 10690 5ae1e8 9 API calls 10689->10690 10691 5b0977 10690->10691 10692 5ab3c0 2 API calls 10691->10692 10693 5b09c8 10691->10693 10692->10693 10693->9788 10695 5af5f6 10694->10695 10696 5ab3c0 2 API calls 10695->10696 10697 5af610 10695->10697 10696->10697 10697->10646 10697->10651 10698->9808 10700 5b0e48 10699->10700 10701 5b0e8d 10699->10701 10702 5ac8c4 2 API calls 10700->10702 10701->9803 10705 5b1400 10701->10705 10704 5b0e4d 10702->10704 10703 5a686c RtlFreeHeap 10703->10701 10704->10701 10704->10703 10757 5b1240 10705->10757 10707 5b1441 10708 5a6de8 RtlAllocateHeap 10707->10708 10709 5b1445 10707->10709 10717 5b1454 10708->10717 10710 5b15e0 10709->10710 10711 5a686c RtlFreeHeap 10709->10711 10712 5b15ee 10710->10712 10713 5a686c RtlFreeHeap 10710->10713 10711->10710 10714 5b15fc 10712->10714 10715 5a686c RtlFreeHeap 10712->10715 10713->10712 10716 5b160a 10714->10716 10718 5a686c RtlFreeHeap 10714->10718 10715->10714 10716->9803 10734 5b1760 10716->10734 10717->10709 10779 5b1611 10717->10779 10718->10716 10721 5a6de8 RtlAllocateHeap 10722 5b149b 10721->10722 10722->10709 10723 5b1611 RtlFreeHeap 10722->10723 10724 5b14d4 10723->10724 10725 5a6de8 RtlAllocateHeap 10724->10725 10726 5b14de 10725->10726 10726->10709 10727 5b1611 RtlFreeHeap 10726->10727 10728 5b1521 10727->10728 10729 5a6de8 RtlAllocateHeap 10728->10729 10730 5b152b 10729->10730 10730->10709 10731 5b1611 RtlFreeHeap 10730->10731 10732 5b156b 10731->10732 10733 5a6de8 RtlAllocateHeap 10732->10733 10733->10709 10735 5a6de8 RtlAllocateHeap 10734->10735 10739 5b1791 10735->10739 10736 5b1890 10738 5b189e 10736->10738 10740 5a686c RtlFreeHeap 10736->10740 10737 5a686c RtlFreeHeap 10737->10736 10738->9803 10738->9815 10741 5b18b8 RtlAllocateHeap 10739->10741 10744 5b179a 10739->10744 10740->10738 10742 5b17ce 10741->10742 10743 5a6de8 RtlAllocateHeap 10742->10743 10742->10744 10745 5b1809 10743->10745 10744->10736 10744->10737 10746 5a686c RtlFreeHeap 10745->10746 10746->10744 10748 5b1190 10747->10748 10749 5a6de8 RtlAllocateHeap 10748->10749 10756 5b1195 10748->10756 10754 5b11a1 10749->10754 10750 5b1219 10752 5b1227 10750->10752 10753 5a686c RtlFreeHeap 10750->10753 10751 5a686c RtlFreeHeap 10751->10750 10752->9819 10753->10752 10755 5a6de8 RtlAllocateHeap 10754->10755 10754->10756 10755->10756 10756->10750 10756->10751 10758 5b126f 10757->10758 10761 5b1282 10757->10761 10760 5a6de8 RtlAllocateHeap 10758->10760 10758->10761 10759 5b130f 10759->10707 10762 5b128d 10760->10762 10761->10759 10783 5b10cc 10761->10783 10762->10761 10763 5a6de8 RtlAllocateHeap 10762->10763 10765 5b12a5 10763->10765 10765->10761 10767 5b12b4 10765->10767 10766 5b1336 10769 5a6934 RtlAllocateHeap 10766->10769 10768 5a6de8 RtlAllocateHeap 10767->10768 10770 5b12bd 10768->10770 10771 5b1345 10769->10771 10770->10707 10771->10759 10772 5a6934 RtlAllocateHeap 10771->10772 10773 5b1377 10772->10773 10773->10759 10774 5a686c RtlFreeHeap 10773->10774 10776 5b13bd 10773->10776 10774->10776 10775 5b13cb 10775->10759 10778 5a686c RtlFreeHeap 10775->10778 10776->10775 10777 5a686c RtlFreeHeap 10776->10777 10777->10775 10778->10759 10780 5b1617 10779->10780 10782 5b1491 10779->10782 10781 5a686c RtlFreeHeap 10780->10781 10781->10782 10782->10721 10784 5a6844 RtlAllocateHeap 10783->10784 10785 5b10e2 10784->10785 10785->10766 10787 5b1bef 10786->10787 10790 5b1b50 10787->10790 10789 5b1c07 10789->9825 10791 5a6844 RtlAllocateHeap 10790->10791 10792 5b1b67 10791->10792 10793 5b1b9d 10792->10793 10794 5a6894 RtlReAllocateHeap 10792->10794 10797 5b1b80 10792->10797 10795 5a686c RtlFreeHeap 10793->10795 10794->10792 10796 5b1ba5 10795->10796 10796->10789 10798 5a686c RtlFreeHeap 10797->10798 10799 5b1be0 10798->10799 10799->10789 10803 5b64b6 10800->10803 10801 5b65f0 10801->9839 10802 5a686c RtlFreeHeap 10802->10801 10817 5b64ce 10803->10817 10852 5b6124 10803->10852 10817->10801 10817->10802 10819 5b3fa4 10818->10819 10821 5b3fd5 10819->10821 11113 5b3d98 10819->11113 10822 5b4066 10821->10822 10823 5a686c RtlFreeHeap 10821->10823 10822->9835 10824 5b4508 10822->10824 10823->10822 10825 5b452e 10824->10825 10843 5b4532 10825->10843 11116 5b2af8 10825->11116 10827 5b4684 10830 5b4692 10827->10830 10832 5a686c RtlFreeHeap 10827->10832 10829 5a686c RtlFreeHeap 10829->10827 10833 5b46a0 10830->10833 10835 5a686c RtlFreeHeap 10830->10835 10831 5a6844 RtlAllocateHeap 10834 5b4553 10831->10834 10832->10830 10833->9845 10844 5b46a8 10833->10844 10836 5a9640 2 API calls 10834->10836 10834->10843 10835->10833 10837 5b4566 10836->10837 10838 5af82c 3 API calls 10837->10838 10839 5b457f 10838->10839 10840 5a6844 RtlAllocateHeap 10839->10840 10839->10843 10841 5b459d 10840->10841 10842 5a6844 RtlAllocateHeap 10841->10842 10841->10843 10842->10843 10843->10827 10843->10829 10845 5b46b9 10844->10845 10846 5b48ba 10845->10846 10847 5a9640 2 API calls 10845->10847 10846->9845 10848 5b46c7 10847->10848 10848->10846 10849 5a6de8 RtlAllocateHeap 10848->10849 10851 5b46e1 10849->10851 10850 5a686c RtlFreeHeap 10850->10846 10851->10846 10851->10850 11084 5b60a8 10852->11084 10854 5b616c 10855 5b6450 10854->10855 10856 5a686c RtlFreeHeap 10854->10856 10857 5b645e 10855->10857 10858 5a686c RtlFreeHeap 10855->10858 10856->10855 10859 5b646c 10857->10859 10861 5a686c RtlFreeHeap 10857->10861 10858->10857 10862 5b647a 10859->10862 10863 5a686c RtlFreeHeap 10859->10863 10861->10859 10864 5b6488 10862->10864 10866 5a686c RtlFreeHeap 10862->10866 10863->10862 10864->10817 10875 5b5d28 10864->10875 10865 5a6844 RtlAllocateHeap 10867 5b61a8 10865->10867 10866->10864 10867->10854 10868 5a6844 RtlAllocateHeap 10867->10868 10869 5b6249 10868->10869 10869->10854 10870 5a6844 RtlAllocateHeap 10869->10870 10871 5b6299 10870->10871 10871->10854 10872 5a6844 RtlAllocateHeap 10871->10872 10873 5b6344 10872->10873 10873->10854 10874 5a686c RtlFreeHeap 10873->10874 10874->10854 10876 5b5d8f 10875->10876 10877 5a6de8 RtlAllocateHeap 10876->10877 10878 5b5da4 10876->10878 10883 5b5e1b 10877->10883 10879 5a686c RtlFreeHeap 10878->10879 10881 5b608f 10878->10881 10879->10881 10880 5b609d 10880->10817 10885 5b4c60 10880->10885 10881->10880 10882 5a686c RtlFreeHeap 10881->10882 10882->10880 10883->10878 10884 5a6de8 RtlAllocateHeap 10883->10884 10884->10878 10886 5a6844 RtlAllocateHeap 10885->10886 10888 5b4c93 10886->10888 10887 5b4e1b 10890 5b4e29 10887->10890 10891 5a686c RtlFreeHeap 10887->10891 10893 5a6844 RtlAllocateHeap 10888->10893 10897 5b4c9c 10888->10897 10889 5a686c RtlFreeHeap 10889->10887 10892 5b4e37 10890->10892 10894 5a686c RtlFreeHeap 10890->10894 10891->10890 10892->10817 10898 5b5a84 10892->10898 10895 5b4cc6 10893->10895 10894->10892 10896 5a6844 RtlAllocateHeap 10895->10896 10895->10897 10896->10897 10897->10887 10897->10889 10899 5a6844 RtlAllocateHeap 10898->10899 10902 5b5add 10899->10902 10900 5b5caa 10901 5b5cb8 10900->10901 10904 5a686c RtlFreeHeap 10900->10904 10905 5b5cc6 10901->10905 10907 5a686c RtlFreeHeap 10901->10907 10934 5b5ae6 10902->10934 11090 5b497c 10902->11090 10903 5a686c RtlFreeHeap 10903->10900 10904->10901 10908 5b5cd4 10905->10908 10909 5a686c RtlFreeHeap 10905->10909 10907->10905 10910 5a686c RtlFreeHeap 10908->10910 10911 5b5ce2 10908->10911 10909->10908 10910->10911 10912 5b5cf0 10911->10912 10914 5a686c RtlFreeHeap 10911->10914 10915 5b5cfe 10912->10915 10916 5a686c RtlFreeHeap 10912->10916 10913 5b5b0e 10913->10934 11093 5b4a30 10913->11093 10914->10912 10917 5b5d0c 10915->10917 10918 5a686c RtlFreeHeap 10915->10918 10916->10915 10917->10817 10937 5b57b4 10917->10937 10918->10917 10920 5b5b3a 10921 5a686c RtlFreeHeap 10920->10921 10920->10934 10922 5b5b5c 10921->10922 10923 5b4a30 RtlAllocateHeap 10922->10923 10924 5b5b75 10923->10924 10924->10934 11096 5b4aa8 10924->11096 10926 5b5bbd 10926->10934 11099 5b4c08 10926->11099 10929 5a6844 RtlAllocateHeap 10930 5b5bf2 10929->10930 10931 5a6de8 RtlAllocateHeap 10930->10931 10930->10934 10932 5b5c0a 10931->10932 10933 5a6844 RtlAllocateHeap 10932->10933 10932->10934 10935 5b5c33 10933->10935 10934->10900 10934->10903 10935->10934 10936 5a686c RtlFreeHeap 10935->10936 10936->10935 10938 5a6844 RtlAllocateHeap 10937->10938 10939 5b57fc 10938->10939 10940 5a6844 RtlAllocateHeap 10939->10940 10961 5b5805 10939->10961 10951 5b5814 10940->10951 10941 5b5a22 10943 5b5a30 10941->10943 10944 5a686c RtlFreeHeap 10941->10944 10942 5a686c RtlFreeHeap 10942->10941 10945 5b5a3e 10943->10945 10946 5a686c RtlFreeHeap 10943->10946 10944->10943 10947 5b5a4c 10945->10947 10948 5a686c RtlFreeHeap 10945->10948 10946->10945 10949 5b5a5a 10947->10949 10950 5a686c RtlFreeHeap 10947->10950 10948->10947 10949->10817 10962 5b4e50 10949->10962 10950->10949 10952 5a6844 RtlAllocateHeap 10951->10952 10951->10961 10953 5b5943 10952->10953 10954 5a6de8 RtlAllocateHeap 10953->10954 10953->10961 10955 5b595b 10954->10955 10956 5a686c RtlFreeHeap 10955->10956 10955->10961 10957 5b59a4 10956->10957 10958 5a6844 RtlAllocateHeap 10957->10958 10959 5b59bd 10958->10959 10960 5a6de8 RtlAllocateHeap 10959->10960 10959->10961 10960->10961 10961->10941 10961->10942 10963 5a6844 RtlAllocateHeap 10962->10963 10965 5b4e98 10963->10965 10964 5b5065 10967 5b5073 10964->10967 10969 5a686c RtlFreeHeap 10964->10969 10968 5b497c RtlAllocateHeap 10965->10968 10999 5b4ea1 10965->10999 10966 5a686c RtlFreeHeap 10966->10964 10970 5b5081 10967->10970 10971 5a686c RtlFreeHeap 10967->10971 10981 5b4ec9 10968->10981 10969->10967 10972 5b508f 10970->10972 10973 5a686c RtlFreeHeap 10970->10973 10971->10970 10974 5b509d 10972->10974 10975 5a686c RtlFreeHeap 10972->10975 10973->10972 10976 5b50ab 10974->10976 10977 5a686c RtlFreeHeap 10974->10977 10975->10974 10978 5b50b9 10976->10978 10979 5a686c RtlFreeHeap 10976->10979 10977->10976 10980 5b50c7 10978->10980 10982 5a686c RtlFreeHeap 10978->10982 10979->10978 10980->10817 11001 5b50e0 10980->11001 10981->10999 11104 5b4920 10981->11104 10982->10980 10984 5b4ef5 10985 5a686c RtlFreeHeap 10984->10985 10984->10999 10986 5b4f17 10985->10986 10987 5b4920 RtlAllocateHeap 10986->10987 10988 5b4f30 10987->10988 10989 5b4aa8 RtlAllocateHeap 10988->10989 10988->10999 10990 5b4f78 10989->10990 10991 5b4c08 RtlAllocateHeap 10990->10991 10990->10999 10992 5b4f8d 10991->10992 10993 5a6844 RtlAllocateHeap 10992->10993 10992->10999 10994 5b4fad 10993->10994 10995 5a6de8 RtlAllocateHeap 10994->10995 10994->10999 10996 5b4fc5 10995->10996 10997 5a6844 RtlAllocateHeap 10996->10997 10996->10999 10998 5b4fee 10997->10998 10998->10999 11000 5a686c RtlFreeHeap 10998->11000 10999->10964 10999->10966 11000->10998 11002 5a6844 RtlAllocateHeap 11001->11002 11010 5b5143 11002->11010 11003 5b571b 11005 5b5729 11003->11005 11006 5a686c RtlFreeHeap 11003->11006 11004 5a686c RtlFreeHeap 11004->11003 11007 5b5737 11005->11007 11008 5a686c RtlFreeHeap 11005->11008 11006->11005 11009 5b5745 11007->11009 11011 5a686c RtlFreeHeap 11007->11011 11008->11007 11012 5b5753 11009->11012 11013 5a686c RtlFreeHeap 11009->11013 11024 5a6844 RtlAllocateHeap 11010->11024 11071 5b514c 11010->11071 11011->11009 11014 5b5761 11012->11014 11016 5a686c RtlFreeHeap 11012->11016 11013->11012 11015 5b576f 11014->11015 11017 5a686c RtlFreeHeap 11014->11017 11018 5b577d 11015->11018 11019 5a686c RtlFreeHeap 11015->11019 11016->11014 11017->11015 11020 5b578b 11018->11020 11021 5a686c RtlFreeHeap 11018->11021 11019->11018 11022 5b5799 11020->11022 11023 5a686c RtlFreeHeap 11020->11023 11021->11020 11022->10817 11023->11022 11025 5b51ff 11024->11025 11026 5b497c RtlAllocateHeap 11025->11026 11025->11071 11027 5b5230 11026->11027 11027->11071 11107 5b48c4 11027->11107 11029 5b525c 11030 5a686c RtlFreeHeap 11029->11030 11029->11071 11031 5b527e 11030->11031 11032 5b48c4 RtlAllocateHeap 11031->11032 11033 5b5297 11032->11033 11034 5b4aa8 RtlAllocateHeap 11033->11034 11033->11071 11035 5b52df 11034->11035 11036 5b4c08 RtlAllocateHeap 11035->11036 11035->11071 11037 5b52f4 11036->11037 11038 5a6844 RtlAllocateHeap 11037->11038 11037->11071 11039 5b533d 11038->11039 11040 5a6de8 RtlAllocateHeap 11039->11040 11039->11071 11041 5b5355 11040->11041 11042 5a6844 RtlAllocateHeap 11041->11042 11041->11071 11043 5b5381 11042->11043 11044 5a686c RtlFreeHeap 11043->11044 11043->11071 11045 5b5427 11044->11045 11046 5b5435 11045->11046 11048 5a686c RtlFreeHeap 11045->11048 11047 5b544a 11046->11047 11049 5a686c RtlFreeHeap 11046->11049 11050 5b545f 11047->11050 11051 5a686c RtlFreeHeap 11047->11051 11048->11046 11049->11047 11052 5b5474 11050->11052 11053 5a686c RtlFreeHeap 11050->11053 11051->11050 11054 5b5489 11052->11054 11056 5a686c RtlFreeHeap 11052->11056 11053->11052 11055 5b549e 11054->11055 11057 5a686c RtlFreeHeap 11054->11057 11058 5b54b3 11055->11058 11059 5a686c RtlFreeHeap 11055->11059 11056->11054 11057->11055 11060 5b54c8 11058->11060 11061 5a686c RtlFreeHeap 11058->11061 11059->11058 11062 5a6844 RtlAllocateHeap 11060->11062 11061->11060 11063 5b54ef 11062->11063 11064 5b497c RtlAllocateHeap 11063->11064 11063->11071 11065 5b5520 11064->11065 11065->11071 11110 5b49c0 11065->11110 11067 5b554c 11068 5a686c RtlFreeHeap 11067->11068 11067->11071 11069 5b5579 11068->11069 11070 5b49c0 RtlAllocateHeap 11069->11070 11072 5b5587 11070->11072 11071->11003 11071->11004 11072->11071 11073 5b4aa8 RtlAllocateHeap 11072->11073 11074 5b55cf 11073->11074 11074->11071 11075 5b4c08 RtlAllocateHeap 11074->11075 11076 5b55e4 11075->11076 11076->11071 11077 5a6844 RtlAllocateHeap 11076->11077 11078 5b565b 11077->11078 11078->11071 11079 5a6de8 RtlAllocateHeap 11078->11079 11080 5b5673 11079->11080 11080->11071 11081 5a6844 RtlAllocateHeap 11080->11081 11082 5b569c 11081->11082 11082->11071 11083 5a686c RtlFreeHeap 11082->11083 11083->11071 11085 5b60c8 11084->11085 11086 5b6108 11085->11086 11087 5a6934 RtlAllocateHeap 11085->11087 11086->10854 11086->10865 11088 5b60f1 11087->11088 11088->11086 11089 5a6934 RtlAllocateHeap 11088->11089 11089->11086 11091 5a6844 RtlAllocateHeap 11090->11091 11092 5b4985 11091->11092 11092->10913 11094 5a6844 RtlAllocateHeap 11093->11094 11095 5b4a3c 11094->11095 11095->10920 11097 5a6844 RtlAllocateHeap 11096->11097 11098 5b4ab8 11097->11098 11098->10926 11100 5a6844 RtlAllocateHeap 11099->11100 11102 5b4c27 11100->11102 11101 5a6844 RtlAllocateHeap 11101->11102 11102->11101 11103 5b4c54 11102->11103 11103->10929 11103->10934 11105 5a6844 RtlAllocateHeap 11104->11105 11106 5b492c 11105->11106 11106->10984 11108 5a6844 RtlAllocateHeap 11107->11108 11109 5b48d0 11108->11109 11109->11029 11111 5a6844 RtlAllocateHeap 11110->11111 11112 5b49cc 11111->11112 11112->11067 11114 5a6844 RtlAllocateHeap 11113->11114 11115 5b3db2 11114->11115 11115->10821 11119 5b2b21 11116->11119 11117 5b2b25 11117->10831 11119->11117 11120 5b2954 11119->11120 11121 5b297b 11120->11121 11122 5a97d8 4 API calls 11121->11122 11123 5b298b 11122->11123 11124 5b299f 11123->11124 11125 5a97d8 4 API calls 11123->11125 11124->11117 11125->11124 11131 5b66b6 11126->11131 11127 5b6ba4 11129 5b6bb2 11127->11129 11130 5a686c RtlFreeHeap 11127->11130 11128 5a686c RtlFreeHeap 11128->11127 11129->9855 11130->11129 11132 5a6de8 RtlAllocateHeap 11131->11132 11135 5b6714 11131->11135 11133 5b67ec 11132->11133 11134 5a6844 RtlAllocateHeap 11133->11134 11133->11135 11134->11135 11135->11127 11135->11128 11137 5b37a7 11136->11137 11138 5b2af8 4 API calls 11137->11138 11153 5b37ab 11137->11153 11139 5b37c2 11138->11139 11141 5a6844 RtlAllocateHeap 11139->11141 11140 5b38e9 11143 5b38f7 11140->11143 11145 5a686c RtlFreeHeap 11140->11145 11144 5b37cc 11141->11144 11142 5a686c RtlFreeHeap 11142->11140 11146 5b3905 11143->11146 11147 5a686c RtlFreeHeap 11143->11147 11148 5af82c 3 API calls 11144->11148 11144->11153 11145->11143 11146->9862 11147->11146 11149 5b37e4 11148->11149 11150 5a6844 RtlAllocateHeap 11149->11150 11149->11153 11151 5b3802 11150->11151 11152 5a6844 RtlAllocateHeap 11151->11152 11151->11153 11152->11153 11153->11140 11153->11142 11155 5b0350 11154->11155 11156 5a6844 RtlAllocateHeap 11155->11156 11157 5b0371 11156->11157 11157->9895 11460 5a8ea2 11465 5a8e63 11460->11465 11461 5a8eaa CloseServiceHandle 11462 5a8eb3 11461->11462 11463 5a8eb9 CloseServiceHandle 11462->11463 11464 5a8ec2 11462->11464 11463->11464 11465->11461 11465->11462

                                                          Executed Functions

                                                          Function 005B04B4 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 342COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 9 5b04b4-5b0569 call 5a164c call 5a6de8 18 5b056b 9->18 19 5b0570-5b0589 call 5a6844 9->19 20 5b08e9-5b08f0 18->20 27 5b058b 19->27 28 5b0590-5b05a3 call 5b8c34 19->28 22 5b08fe-5b0905 20->22 23 5b08f2 20->23 25 5b0913-5b0917 22->25 26 5b0907 22->26 23->22 30 5b0919 25->30 31 5b0922-5b0926 25->31 26->25 27->20 37 5b05aa-5b05ba call 5b0338 28->37 38 5b05a5 28->38 30->31 33 5b0928-5b092b call 5a686c 31->33 34 5b0930-5b0934 31->34 33->34 35 5b093e-5b0942 34->35 36 5b0936-5b0939 call 5a686c 34->36 41 5b094c-5b0950 35->41 42 5b0944-5b0947 call 5a686c 35->42 36->35 48 5b05bc 37->48 49 5b05c1-5b0612 GetTempFileNameW CreateFileW 37->49 38->20 45 5b095a-5b0960 41->45 46 5b0952-5b0955 call 5a686c 41->46 42->41 46->45 48->20 52 5b0619-5b062e WriteFile 49->52 53 5b0614 49->53 54 5b0630 52->54 55 5b0635-5b064e 52->55 53->20 54->20 57 5b0650-5b0655 55->57 58 5b0659-5b065b 57->58 59 5b0657-5b0698 CreateProcessW 57->59 58->57 61 5b069a 59->61 62 5b069f-5b06bc NtQueryInformationProcess 59->62 61->20 63 5b06be 62->63 64 5b06c3-5b06e3 NtReadVirtualMemory 62->64 63->20 65 5b06ea-5b06fb call 5a6de8 64->65 66 5b06e5 64->66 69 5b06fd 65->69 70 5b0702-5b077d call 5b92f4 call 5b9348 call 5b941c NtProtectVirtualMemory 65->70 66->20 69->20 77 5b077f 70->77 78 5b0784-5b0797 NtWriteVirtualMemory 70->78 77->20 79 5b0799 78->79 80 5b079e-5b07fa 78->80 79->20 82 5b07fc 80->82 83 5b0801-5b0822 80->83 82->20 85 5b0829-5b0891 CreateNamedPipeW 83->85 86 5b0824 83->86 87 5b0893 85->87 88 5b0895-5b08ae ResumeThread ConnectNamedPipe 85->88 86->20 87->20 89 5b08bf-5b08dc 88->89 90 5b08b0-5b08bb 88->90 93 5b08de 89->93 94 5b08e0 89->94 90->89 91 5b08bd 90->91 91->20 93->20 94->20
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: D
                                                          • API String ID: 0-2746444292
                                                          • Opcode ID: e00aed59a82d927322a0ab5cf70979821c9b05fc6a3fb300c18c740318ca0373
                                                          • Instruction ID: e582ad4bfe53ec4cf2f448abcf21eef3662ab4ecb456a020f6a9fbfff2173fb7
                                                          • Opcode Fuzzy Hash: e00aed59a82d927322a0ab5cf70979821c9b05fc6a3fb300c18c740318ca0373
                                                          • Instruction Fuzzy Hash: 9AE11A71900619EFEF209F90DC49FEEBBB9FB04305F1050A5E209A61E1DB756A88DF91
                                                          Function 005A91C8 Relevance: 16.7, APIs: 11, Instructions: 241registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 233 5a91c8-5a949b call 5a1240 * 5 RegCreateKeyExW 244 5a957d-5a9581 233->244 245 5a94a1 233->245 246 5a958c-5a95ba RegCreateKeyExW 244->246 247 5a9583 244->247 248 5a94a8-5a94c5 RegEnumKeyW 245->248 249 5a95bc 246->249 250 5a9615-5a9619 246->250 247->246 251 5a94cc-5a94f8 RegCreateKeyExW 248->251 252 5a94c7 248->252 255 5a95c3-5a95e0 RegEnumKeyW 249->255 253 5a961b 250->253 254 5a9624-5a9627 250->254 256 5a94fa-5a951a RegSetValueExW 251->256 257 5a9575-5a9578 251->257 252->244 253->254 258 5a95e2 255->258 259 5a95e4-5a95fa OpenEventLogW 255->259 260 5a951c-5a9538 RegSetValueExW 256->260 261 5a9566-5a956a 256->261 257->248 258->250 263 5a95fc-5a9607 ClearEventLogW 259->263 264 5a9610-5a9613 259->264 260->261 265 5a953a-5a9550 OpenEventLogW 260->265 261->257 262 5a956c 261->262 262->257 263->264 264->255 265->261 266 5a9552-5a955d ClearEventLogW 265->266 266->261
                                                          APIs
                                                          • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000,?,00000007,?,00000004,?,00000019,?), ref: 005A9493
                                                          • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 005A94BA
                                                          • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 005A94F0
                                                          • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000004,00000000,00000004), ref: 005A9512
                                                          • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000001,?,00000064), ref: 005A9530
                                                          • OpenEventLogW.ADVAPI32(00000000,?), ref: 005A9543
                                                          • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 005A9557
                                                          • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 005A95B2
                                                          • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 005A95D5
                                                          • OpenEventLogW.ADVAPI32(00000000,?), ref: 005A95ED
                                                          • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 005A9601
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Event$Create$ClearEnumOpenValue
                                                          • String ID:
                                                          • API String ID: 1260815474-0
                                                          • Opcode ID: c53c5e055d1586adadd102ff05b8dffbbf7266aa96e360c913487f0807584f43
                                                          • Instruction ID: a514bc52f54de0eb6103eeb1fddbaa097d3b566ae9829146c60b29ff3208e4f1
                                                          • Opcode Fuzzy Hash: c53c5e055d1586adadd102ff05b8dffbbf7266aa96e360c913487f0807584f43
                                                          • Instruction Fuzzy Hash: 56C1F3B8840706EFDB208F51D849F997F78BF05744F528088E6145F2B2D77A9A84CF56
                                                          Function 005A6668 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 161filenativememoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 267 5a6668-5a667b 268 5a667e-5a6683 267->268 268->268 269 5a6685-5a6699 call 5aa094 268->269 272 5a669b-5a669f 269->272 273 5a66a5-5a66c7 CreateFileW 269->273 272->273 274 5a67ca-5a67cc 272->274 273->274 275 5a66cd-5a66cf 273->275 277 5a67cf-5a67d2 274->277 276 5a66d2-5a66fb NtAllocateVirtualMemory 275->276 278 5a66fd-5a6708 276->278 279 5a6703 276->279 280 5a67f3-5a67f7 277->280 281 5a67d4-5a67ed NtFreeVirtualMemory 277->281 285 5a670a-5a6719 278->285 286 5a671b-5a671e 278->286 283 5a6733-5a6738 279->283 280->277 284 5a67f9-5a67fd 280->284 281->280 287 5a673b-5a6746 283->287 288 5a6808-5a681f call 5a6550 DeleteFileW 284->288 289 5a67ff-5a6802 NtClose 284->289 290 5a672d-5a6731 285->290 286->290 291 5a6720-5a6728 call 5a6628 286->291 292 5a6748-5a6752 287->292 293 5a6754 287->293 299 5a6828-5a682c 288->299 300 5a6821 288->300 289->288 290->276 290->283 291->290 296 5a6759-5a6760 292->296 293->296 298 5a6763-5a6779 WriteFile 296->298 303 5a677b 298->303 304 5a677d-5a679a SetFilePointerEx 298->304 301 5a682e-5a6831 call 5a686c 299->301 302 5a6836-5a683f 299->302 300->299 301->302 305 5a679c-5a67a3 303->305 304->298 304->305 307 5a67a7-5a67c5 305->307 308 5a67a5 305->308 307->287 308->274
                                                          APIs
                                                          • CreateFileW.KERNELBASE(005A77D6,40000000,00000003,00000000,00000003,80000000,00000000,005A77D6,?,?,00000000,?), ref: 005A66BA
                                                          • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004,?,00000000,?), ref: 005A66F3
                                                          • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000,?,00000000,?), ref: 005A6771
                                                          • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001,?,00000000,?), ref: 005A678D
                                                          • NtFreeVirtualMemory.NTDLL(000000FF,?,00010000,00008000,?,00000000,?), ref: 005A67ED
                                                          • NtClose.NTDLL(000000FF,?,00000000,?), ref: 005A6802
                                                          • DeleteFileW.KERNELBASE(?,000000FF,?,?,00000000,?), ref: 005A6817
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$MemoryVirtual$AllocateCloseCreateDeleteFreePointerWrite
                                                          • String ID: luZ
                                                          • API String ID: 3569053182-1736105487
                                                          • Opcode ID: 5a20b9498451e83a06a7709943a44342ef7cde79720ec4c3f7c3b4cf476b2515
                                                          • Instruction ID: bfda6421791f2c7a1054837f7d33b5c7e3088f716ef49749dc834fa7869f36bb
                                                          • Opcode Fuzzy Hash: 5a20b9498451e83a06a7709943a44342ef7cde79720ec4c3f7c3b4cf476b2515
                                                          • Instruction Fuzzy Hash: 4B515D71900609AFDF11CFA4CC84BEEBFB9FB05729F240225F611B6090D7B55A89DB51
                                                          Function 005AA68C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 190fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 310 5aa68c-5aa70c GetVolumeNameForVolumeMountPointW FindFirstVolumeW 314 5aa712-5aa718 310->314 315 5aa950-5aa955 310->315 316 5aa71e-5aa725 314->316 317 5aa91f-5aa941 314->317 316->317 318 5aa72b-5aa742 GetVolumePathNamesForVolumeNameW 316->318 317->314 326 5aa947 317->326 318->317 319 5aa748-5aa74c 318->319 319->317 321 5aa752-5aa756 319->321 321->317 322 5aa75c-5aa766 GetDriveTypeW 321->322 324 5aa768-5aa76b 322->324 325 5aa771-5aa779 call 5a1564 322->325 324->317 324->325 329 5aa77b-5aa7c3 325->329 330 5aa7f7-5aa81d call 5a16f0 CreateFileW 325->330 326->315 340 5aa7e3-5aa7e7 329->340 341 5aa7c5-5aa7de call 5aa600 329->341 334 5aa823-5aa849 DeviceIoControl 330->334 335 5aa916 330->335 334->335 336 5aa84f-5aa856 334->336 335->317 338 5aa858-5aa864 336->338 339 5aa8bc-5aa8c3 336->339 345 5aa883-5aa889 338->345 346 5aa866-5aa86d 338->346 339->335 344 5aa8c5-5aa8cc 339->344 342 5aa7e9 340->342 343 5aa7f2 340->343 341->340 342->343 343->317 344->335 347 5aa8ce-5aa8d5 344->347 350 5aa88b-5aa892 345->350 351 5aa8a8-5aa8b5 call 5a16c0 call 5aa600 345->351 346->345 348 5aa86f-5aa876 346->348 347->335 354 5aa8d7-5aa8f1 call 5a16c0 347->354 348->345 355 5aa878-5aa87f 348->355 350->351 352 5aa894-5aa89b 350->352 364 5aa8ba 351->364 352->351 357 5aa89d-5aa8a4 352->357 366 5aa90a-5aa911 call 5aa600 354->366 367 5aa8f3-5aa8fa 354->367 355->345 360 5aa881 355->360 357->351 361 5aa8a6 357->361 360->364 361->364 364->335 366->335 368 5aa908 367->368 369 5aa8fc-5aa903 call 5aa600 367->369 368->335 369->368
                                                          APIs
                                                          • GetVolumeNameForVolumeMountPointW.KERNELBASE(?,?,00000104), ref: 005AA6D6
                                                          • FindFirstVolumeW.KERNELBASE(?,00000104), ref: 005AA6FF
                                                          • GetVolumePathNamesForVolumeNameW.KERNELBASE(?,?,00000040,00000000), ref: 005AA73A
                                                          • GetDriveTypeW.KERNELBASE(?), ref: 005AA75D
                                                          • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?), ref: 005AA810
                                                          • DeviceIoControl.KERNELBASE(000000FF,00070048,00000000,00000000,?,00000090,00000001,00000000), ref: 005AA841
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Volume$Name$ControlCreateDeviceDriveFileFindFirstMountNamesPathPointType
                                                          • String ID: '
                                                          • API String ID: 754975672-1997036262
                                                          • Opcode ID: e0a3c4f79091885fd5c8db16969f1ca972581e9d14efafd4fb969462f96d1d27
                                                          • Instruction ID: bce3a332ba45b959abc68b7296dbaa28ada2b6db8207604e27ea245432922489
                                                          • Opcode Fuzzy Hash: e0a3c4f79091885fd5c8db16969f1ca972581e9d14efafd4fb969462f96d1d27
                                                          • Instruction Fuzzy Hash: A9715D30900A15EEDB319B90DC09F9EBFB8FF12316F158095E205A60A1E7746AC9DF66
                                                          Function 005AC3F8 Relevance: 12.2, APIs: 8, Instructions: 173registryfilenativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 372 5ac3f8-5ac412 373 5ac64b-5ac654 372->373 374 5ac418-5ac42d call 5a6de8 372->374 374->373 377 5ac433-5ac449 call 5a6844 374->377 380 5ac44f-5ac460 call 5b8c34 377->380 381 5ac645-5ac646 call 5a686c 377->381 385 5ac63f-5ac640 call 5a686c 380->385 386 5ac466-5ac4e7 call 5a16c0 CreateFileW 380->386 381->373 385->381 386->385 392 5ac4ed-5ac502 WriteFile 386->392 393 5ac508-5ac52b RegCreateKeyExW 392->393 394 5ac636 392->394 393->394 395 5ac531-5ac55d RegSetValueExW 393->395 394->385 397 5ac62d-5ac630 NtClose 395->397 398 5ac563-5ac5dc RegCreateKeyExW 395->398 397->394 398->397 401 5ac5de-5ac610 RegSetValueExW 398->401 401->397 403 5ac612-5ac626 SHChangeNotify 401->403 403->397
                                                          APIs
                                                            • Part of subcall function 005A6844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,005B7764,?,00000000,00000000), ref: 005A6860
                                                          • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 005AC4DA
                                                          • WriteFile.KERNELBASE(000000FF,00000000,000000FF,?,00000000), ref: 005AC4FA
                                                          • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 005AC523
                                                          • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 005AC555
                                                          • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 005AC5D4
                                                          • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 005AC608
                                                          • SHChangeNotify.SHELL32(08000000,00001000,00000000,00000000), ref: 005AC620
                                                          • NtClose.NTDLL(?), ref: 005AC630
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Create$FileValue$AllocateChangeCloseHeapNotifyWrite
                                                          • String ID:
                                                          • API String ID: 1108940941-0
                                                          • Opcode ID: 8a81b66616a8ccc712dd70559c03d107ff07a08f36e28c342541bc4cbdbc9ca9
                                                          • Instruction ID: 71fddb3ee9194325bf28a66ab881379db2f9339800fff7a6ec3ac1c03d5abbe4
                                                          • Opcode Fuzzy Hash: 8a81b66616a8ccc712dd70559c03d107ff07a08f36e28c342541bc4cbdbc9ca9
                                                          • Instruction Fuzzy Hash: 9A519070A00609BFEB20CFA4DC49FAE7FB8FB10705F504114F605AA1D0E7B1AA98DB94
                                                          Function 005B7034 Relevance: 10.7, APIs: 7, Instructions: 248threadnativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 404 5b7034-5b7053 406 5b7059-5b7060 404->406 407 5b7111-5b7118 404->407 408 5b708b-5b7092 406->408 409 5b7062-5b7088 call 5a6ae8 406->409 410 5b711a-5b7133 CreateThread 407->410 411 5b7145-5b717c CreateThread * 2 407->411 414 5b70ce-5b70d5 408->414 415 5b7094-5b709b 408->415 409->408 410->411 416 5b7135-5b713e 410->416 412 5b717e call 5a7ca4 411->412 413 5b7183-5b718a 411->413 412->413 419 5b718c-5b71a1 CreateThread 413->419 420 5b71a4-5b71ab 413->420 414->407 418 5b70d7-5b70de 414->418 415->414 422 5b709d-5b70c7 call 5a9c64 415->422 416->411 418->407 423 5b70e0-5b710a call 5a9c64 418->423 419->420 424 5b71ad-5b71b4 420->424 425 5b71b6-5b71dd call 5ab734 call 5ae1e8 420->425 422->414 423->407 424->425 429 5b722e-5b7232 424->429 454 5b71df-5b71e6 425->454 455 5b7221-5b7225 425->455 432 5b7248-5b724c 429->432 433 5b7234-5b723f 429->433 439 5b724e-5b7259 432->439 440 5b7262-5b7269 432->440 433->432 439->440 442 5b726b-5b7276 NtTerminateThread 440->442 443 5b727f-5b7286 440->443 442->443 447 5b7288-5b72a1 CreateThread 443->447 448 5b72b3-5b72bd 443->448 447->448 451 5b72a3-5b72ac 447->451 459 5b72c3-5b72ca 448->459 460 5b7392-5b73a0 call 5b1934 call 5b1d28 call 5b16ac 448->460 451->448 456 5b71e8-5b71fc call 5aa68c call 5ae2b8 call 5b0a38 call 5ae2b8 call 5b0be4 454->456 457 5b7201-5b7208 454->457 455->429 456->457 462 5b720a-5b720f call 5ae2b8 call 5afc88 457->462 463 5b7214-5b721c call 5ae270 call 5ae2b8 457->463 464 5b72cc-5b72e5 CreateThread 459->464 465 5b72f7-5b72fe 459->465 494 5b73a5-5b73a9 460->494 462->463 463->455 464->465 472 5b72e7-5b72f0 464->472 469 5b7339-5b7340 call 5ab674 465->469 470 5b7300-5b7304 465->470 487 5b7349-5b734b call 5a8230 469->487 488 5b7342-5b7347 call 5a8960 469->488 477 5b731a-5b7334 call 5a6ae8 call 5ada00 470->477 478 5b7306-5b7311 470->478 472->465 477->469 478->477 499 5b7350-5b7357 487->499 488->499 502 5b736b-5b738b call 5a9640 call 5b04b4 499->502 503 5b7359-5b7360 499->503 509 5b7390 502->509 503->502 506 5b7362-5b7369 503->506 506->502 506->509 509->494
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,005A8F68,00000000,00000000,00000000), ref: 005B7129
                                                          • CreateThread.KERNELBASE(00000000,00000000,005A7468,00000000,00000000,00000000), ref: 005B7154
                                                          • CreateThread.KERNELBASE(00000000,00000000,005A782C,00000000,00000000,00000000), ref: 005B716C
                                                          • CreateThread.KERNELBASE(00000000,00000000,005A7E58,00000000,00000000,00000000), ref: 005B719B
                                                          • NtTerminateThread.NTDLL(?,00000000), ref: 005B7270
                                                          • CreateThread.KERNELBASE(00000000,00000000,005A9628,00000000,00000000,00000000), ref: 005B7297
                                                          • CreateThread.KERNELBASE(00000000,00000000,005AC064,00000000,00000000,00000000), ref: 005B72DB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Thread$Create$Terminate
                                                          • String ID:
                                                          • API String ID: 1922322686-0
                                                          • Opcode ID: 39602bf21874fec340783314338edea3164cb1f0021ac572737a7f6755873a54
                                                          • Instruction ID: 2aa4ef9ae55817f5769905872ba3c04fddae775121cd83c4692567fbf8e6b1c9
                                                          • Opcode Fuzzy Hash: 39602bf21874fec340783314338edea3164cb1f0021ac572737a7f6755873a54
                                                          • Instruction Fuzzy Hash: BE919370948F05AEEB116BE4DC4EFAD7EA5BB69702F280114F251640F1EBB439C8EB14
                                                          Function 005ADE78 Relevance: 7.8, APIs: 5, Instructions: 256filethreadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 563 5ade78-5ade89 SetThreadPriority 564 5ade8f-5adeae 563->564 566 5adede-5adee0 564->566 567 5adeb0-5adeb8 564->567 568 5adee2-5adee5 566->568 569 5adee6-5adeeb 566->569 567->566 570 5adeba 567->570 572 5adfa0-5adfa3 569->572 573 5adef1-5adf23 ReadFile 569->573 571 5adec1-5aded6 570->571 585 5adeda 571->585 586 5aded8-5adedc 571->586 574 5adfa9-5adfee call 5a20ac 572->574 575 5ae0a1-5ae0a4 572->575 576 5adf96 573->576 577 5adf25-5adf30 573->577 617 5adff0-5ae005 574->617 618 5ae007-5ae00f 574->618 578 5ae0aa-5ae0e9 WriteFile 575->578 579 5ae131-5ae134 575->579 581 5ae180-5ae19f 576->581 577->576 582 5adf32-5adf3a 577->582 583 5ae0eb-5ae0f6 578->583 584 5ae12d 578->584 579->581 587 5ae136-5ae13a 579->587 598 5ae1a3-5ae1ab 581->598 599 5ae1a1 581->599 589 5adf58-5adf7f 582->589 590 5adf3c-5adf56 582->590 583->584 592 5ae0f8-5ae116 583->592 584->581 585->571 586->564 594 5ae13c-5ae142 587->594 595 5ae150-5ae16e NtClose call 5a1074 call 5a686c 587->595 619 5adf92 589->619 620 5adf81-5adf8c 589->620 590->576 628 5ae118-5ae123 592->628 629 5ae129 592->629 601 5ae146-5ae14e 594->601 602 5ae144 594->602 622 5ae173-5ae17e 595->622 608 5ae1ad 598->608 609 5ae1d1 598->609 605 5ae1d3-5ae1d5 599->605 601->594 602->595 613 5ae1db 605->613 614 5ae1d7-5ae1da 605->614 616 5ae1b4-5ae1c9 608->616 609->581 609->605 613->569 637 5ae1cb-5ae1cf 616->637 638 5ae1cd 616->638 623 5ae031-5ae04d WriteFile 617->623 624 5ae01e-5ae02a 618->624 625 5ae011-5ae013 618->625 619->576 626 5adf8e 620->626 627 5adf90 620->627 622->581 640 5ae1e0 622->640 632 5ae04f-5ae05a 623->632 633 5ae097 623->633 624->623 625->624 631 5ae015-5ae01c 625->631 626->576 627->589 634 5ae127 628->634 635 5ae125 628->635 629->584 631->623 632->633 639 5ae05c-5ae080 632->639 633->581 634->592 635->584 637->581 638->616 644 5ae082-5ae08d 639->644 645 5ae093 639->645 640->564 646 5ae08f 644->646 647 5ae091 644->647 645->633 646->633 647->639
                                                          APIs
                                                          • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 005ADE89
                                                          • ReadFile.KERNELBASE(?,?,?,?,?), ref: 005ADF1B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FilePriorityReadThread
                                                          • String ID:
                                                          • API String ID: 3643687941-0
                                                          • Opcode ID: 28c489937c6b8b38cde741969c82c5b9afd3e94fe53dd3a56fb409e20bebe837
                                                          • Instruction ID: bbd5b38b13ad4e8f785419bf678edbfde344b92910e9d197ece30e666d8ce7e6
                                                          • Opcode Fuzzy Hash: 28c489937c6b8b38cde741969c82c5b9afd3e94fe53dd3a56fb409e20bebe837
                                                          • Instruction Fuzzy Hash: 4BA16C71500A04EFDF219F90CCC9FAE3FBCFB16714F204562E90689195E774AA88DB61
                                                          Function 005AF308 Relevance: 7.7, APIs: 5, Instructions: 175filethreadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 648 5af308-5af31f GetFileAttributesW 649 5af37f-5af391 SetThreadPriority call 5a1564 648->649 650 5af321-5af32d call 5abbf4 648->650 657 5af39c 649->657 658 5af393-5af39a 649->658 655 5af32f-5af33d call 5aa094 650->655 656 5af371-5af37c call 5a686c 650->656 655->656 665 5af33f-5af343 655->665 660 5af3a3-5af3b6 call 5a6844 657->660 658->660 669 5af3bd-5af3fd call 5ac19c call 5af164 call 5a686c FindFirstFileExW 660->669 667 5af34b-5af36e call 5ac19c call 5a7290 call 5aef6c 665->667 668 5af345-5af349 665->668 668->656 668->667 682 5af403-5af411 669->682 683 5af535-5af54a call 5a686c 669->683 687 5af416-5af41f 682->687 688 5af54e-5af562 683->688 689 5af54c-5af56a call 5a686c 683->689 691 5af429 687->691 692 5af421-5af427 687->692 688->669 696 5af56f-5af572 689->696 695 5af514-5af526 FindNextFileW 691->695 692->691 694 5af42e-5af438 692->694 697 5af43a 694->697 698 5af43f-5af446 694->698 695->687 699 5af52c-5af52f FindClose 695->699 697->695 700 5af448-5af44c 698->700 701 5af453-5af457 698->701 699->683 700->701 702 5af44e 700->702 703 5af459-5af461 call 5af2b4 701->703 704 5af481-5af489 call 5af21c 701->704 702->695 711 5af47c 703->711 712 5af463-5af467 call 5af1c8 703->712 709 5af48b 704->709 710 5af490-5af497 704->710 709->695 713 5af499-5af4a0 710->713 714 5af4a4-5af4ae call 5abbf4 710->714 711->695 716 5af46c-5af47a 712->716 713->714 717 5af4a2 713->717 720 5af4b2-5af4d0 call 5af1c8 call 5a7290 call 5aef6c 714->720 721 5af4b0 714->721 716->711 717->695 727 5af4d5-5af4dc 720->727 721->695 727->695 728 5af4de-5af4e0 727->728 729 5af509 728->729 730 5af4e2-5af507 728->730 729->695 730->695
                                                          APIs
                                                          • GetFileAttributesW.KERNELBASE(?), ref: 005AF314
                                                          • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 005AF383
                                                          • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000,?,?,?,005C5180,003D0900), ref: 005AF3F0
                                                          • FindNextFileW.KERNELBASE(000000FF,?), ref: 005AF51E
                                                          • FindClose.KERNELBASE(000000FF), ref: 005AF52F
                                                            • Part of subcall function 005AA094: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 005AA0B6
                                                            • Part of subcall function 005AA094: FindClose.KERNELBASE(000000FF), ref: 005AA0DC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Find$File$CloseFirst$AttributesNextPriorityThread
                                                          • String ID:
                                                          • API String ID: 3755735135-0
                                                          • Opcode ID: c3bdc21667440cc27e46f39e07007e3f1e98f4752d2381948722a9f6767d5599
                                                          • Instruction ID: f687a59570464cd8955f33afc8ce0a54f45bdbedf9d971c48566a40231ed667c
                                                          • Opcode Fuzzy Hash: c3bdc21667440cc27e46f39e07007e3f1e98f4752d2381948722a9f6767d5599
                                                          • Instruction Fuzzy Hash: 3A618830C0060AAFDF21AFE0DC49BAEBFB5BF4A304F144175E904651A2E7315A95EB95
                                                          Function 005A766C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 816 5a766c-5a7693 818 5a7699-5a76ad call 5a6844 816->818 819 5a7822-5a7827 816->819 822 5a76b3-5a7700 call 5a16c0 FindFirstFileExW 818->822 823 5a7806-5a780a 818->823 822->823 833 5a7706-5a770f 822->833 824 5a780c-5a780f call 5a686c 823->824 825 5a7814-5a7818 823->825 824->825 825->819 827 5a781a-5a781d call 5a686c 825->827 827->819 834 5a77e5-5a77f7 FindNextFileW 833->834 835 5a7715-5a771b 833->835 834->833 837 5a77fd 834->837 835->834 836 5a7721-5a774f call 5a6844 835->836 836->834 842 5a7755-5a7791 GetFileAttributesW 836->842 837->823 846 5a77ce-5a77d1 call 5a6668 842->846 847 5a7793-5a779e 842->847 849 5a77d6-5a77de call 5a686c 846->849 852 5a77a2-5a77ad 847->852 853 5a77a0 847->853 849->834 856 5a77b9 852->856 857 5a77af-5a77bb call 5a766c 852->857 855 5a77bd-5a77cc call 5a686c 853->855 855->834 856->855 857->847
                                                          APIs
                                                            • Part of subcall function 005A6844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,005B7764,?,00000000,00000000), ref: 005A6860
                                                          • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 005A76F3
                                                          • GetFileAttributesW.KERNELBASE(00000000), ref: 005A7786
                                                          • FindNextFileW.KERNELBASE(000000FF,?), ref: 005A77EF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$Find$AllocateAttributesFirstHeapNext
                                                          • String ID: luZ
                                                          • API String ID: 2400493143-1736105487
                                                          • Opcode ID: c890b84d0c48e7fd89d9284bc0c6c1e220c8f0b55c9dfdcbb513013a5c13af6f
                                                          • Instruction ID: 07112cc06092a819026c88800c7b8607ad42f1d6202683caaaeeffff888c1370
                                                          • Opcode Fuzzy Hash: c890b84d0c48e7fd89d9284bc0c6c1e220c8f0b55c9dfdcbb513013a5c13af6f
                                                          • Instruction Fuzzy Hash: 9041377080451EEFDF119FA0DC4DBAEBF79FF15306F044460E412A50A1E77A5AA8EB91
                                                          Function 005A5C24 Relevance: 6.1, APIs: 4, Instructions: 99fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 863 5a5c24-5a5c35 864 5a5c56-5a5c5d 863->864 865 5a5c37-5a5c51 call 5a5aec 863->865 867 5a5c7e-5a5c85 864->867 868 5a5c5f-5a5c79 call 5a5aec 864->868 865->864 871 5a5ca6-5a5cad call 5a1658 867->871 872 5a5c87-5a5ca1 call 5a5aec 867->872 868->867 876 5a5cb2-5a5cb6 871->876 872->871 878 5a5cb8-5a5ce2 call 5a1240 876->878 879 5a5cdd-5a5ce0 876->879 883 5a5ce9-5a5d04 FindFirstFileW 878->883 879->876 884 5a5d06-5a5d17 call 5a11c4 883->884 885 5a5d54-5a5d58 883->885 895 5a5d19-5a5d2b FindClose call 5a5a20 884->895 896 5a5d37-5a5d49 FindNextFileW 884->896 886 5a5d5a-5a5d9c 885->886 887 5a5d5c-5a5d66 885->887 890 5a5d8b-5a5d8e 887->890 891 5a5d68-5a5d6d 887->891 890->883 893 5a5d6f-5a5d84 call 5a1240 891->893 894 5a5d86-5a5d89 891->894 893->890 894->891 901 5a5d30-5a5d34 895->901 896->884 899 5a5d4b-5a5d4e FindClose 896->899 899->885
                                                          APIs
                                                          • FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 005A5CF7
                                                          • FindClose.KERNELBASE(000000FF,?,00000000), ref: 005A5D1C
                                                          • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 005A5D41
                                                          • FindClose.KERNELBASE(000000FF), ref: 005A5D4E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Find$CloseFile$FirstNext
                                                          • String ID:
                                                          • API String ID: 1164774033-0
                                                          • Opcode ID: 75d7476b2841a88fb70f99cafdf59dc848f1bc1a5047f664d7807bebb4c32ba0
                                                          • Instruction ID: b5f24b84e8dc088ec0af378561158532dd25e16ee324fb6906376b5bb3ae1cb8
                                                          • Opcode Fuzzy Hash: 75d7476b2841a88fb70f99cafdf59dc848f1bc1a5047f664d7807bebb4c32ba0
                                                          • Instruction Fuzzy Hash: 5B416A70800E08EECF209FA0DD89F9D7F78BB62312F6081A1E5059A165F7345AC9EB55
                                                          Function 005AB734 Relevance: 4.5, APIs: 3, Instructions: 31nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtSetInformationProcess.NTDLL(000000FF,00000021,00000000,00000004,00000004,00000000,005B71D1), ref: 005AB751
                                                          • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002), ref: 005AB763
                                                          • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004), ref: 005AB778
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InformationProcess
                                                          • String ID:
                                                          • API String ID: 1801817001-0
                                                          • Opcode ID: 96e793c773868c0ee17fcfd6bc0d65af98e30f908969b12d72f2e21e11f4604c
                                                          • Instruction ID: 48974a9fdee24e24060842e805ab2eeafe6f42c28917012b3a3349b3e746d0d3
                                                          • Opcode Fuzzy Hash: 96e793c773868c0ee17fcfd6bc0d65af98e30f908969b12d72f2e21e11f4604c
                                                          • Instruction Fuzzy Hash: 85F01CB1240A21AFFF21ABD4DCCAF153B9CAB16721F140360B331DD0D6D7B494889752
                                                          Function 005AB470 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?,9870B143), ref: 005AB4B1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-3916222277
                                                          • Opcode ID: 04e7ef6cd4e6cda150ec0affdc60f5ecc2caa6d756f3e0d55d86ad4ed2f48053
                                                          • Instruction ID: 395ea02ea4a32512ef1cbe8e49056b4f8c62f5003f12bbcee8f60a4970e73a17
                                                          • Opcode Fuzzy Hash: 04e7ef6cd4e6cda150ec0affdc60f5ecc2caa6d756f3e0d55d86ad4ed2f48053
                                                          • Instruction Fuzzy Hash: E6F09070900308BBEB10CFA4CC88F9EB7BCBB05315F504264A524A71C2E7755B448760
                                                          Function 005A7E58 Relevance: 3.1, APIs: 2, Instructions: 73sleepnativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 005A6844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,005B7764,?,00000000,00000000), ref: 005A6860
                                                          • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 005A7E7E
                                                          • Sleep.KERNELBASE(000007D0,?), ref: 005A7F45
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeapInformationQuerySleepSystem
                                                          • String ID:
                                                          • API String ID: 3184523392-0
                                                          • Opcode ID: 4167e8bff08ad0dd53886231ec4b3aeb3510c3bdeb5d38bd1d6e37f35b2b692e
                                                          • Instruction ID: 89ec20b791da8e8bdc934d1cead9322d747db194dc9f6bbcca3e67493abe010a
                                                          • Opcode Fuzzy Hash: 4167e8bff08ad0dd53886231ec4b3aeb3510c3bdeb5d38bd1d6e37f35b2b692e
                                                          • Instruction Fuzzy Hash: CF212A7190460DAFDF019FA0DC88BDEBFB8FF09305F208095E914AA161E7769A85DF90
                                                          Function 005A8F66 Relevance: 3.1, APIs: 2, Instructions: 70nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 005A8F8A
                                                            • Part of subcall function 005A97D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 005A9805
                                                            • Part of subcall function 005A9880: NtClose.NTDLL(00000000), ref: 005A9971
                                                          • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,D1F935A5), ref: 005A8FC1
                                                            • Part of subcall function 005A8DA8: OpenSCManagerW.SECHOST(00000000,00000000,00000001,7DDDCD9C), ref: 005A8DE6
                                                            • Part of subcall function 005A8DA8: CloseServiceHandle.SECHOST(00000000), ref: 005A8EAD
                                                            • Part of subcall function 005A8DA8: CloseServiceHandle.ADVAPI32(00000000), ref: 005A8EBC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close$HandleInformationService$AdjustManagerOpenPrivilegeQuerySystemThread
                                                          • String ID:
                                                          • API String ID: 4089816224-0
                                                          • Opcode ID: b1c12ebf18b2bf51576c03cfc6c9ef8ddc263557aade2048bcc96298148e12ec
                                                          • Instruction ID: b204c74c82ff33784a5797eb453b650e422f06392385d38353877f33e481f7c4
                                                          • Opcode Fuzzy Hash: b1c12ebf18b2bf51576c03cfc6c9ef8ddc263557aade2048bcc96298148e12ec
                                                          • Instruction Fuzzy Hash: 7C216F70900319BEEF20ABA0CC4EFDE7EB8BB46342F204054B604A61D5EB748A84DB60
                                                          Function 005A8F68 Relevance: 3.1, APIs: 2, Instructions: 69nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 005A8F8A
                                                            • Part of subcall function 005A97D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 005A9805
                                                            • Part of subcall function 005A9880: NtClose.NTDLL(00000000), ref: 005A9971
                                                          • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,D1F935A5), ref: 005A8FC1
                                                            • Part of subcall function 005A8DA8: OpenSCManagerW.SECHOST(00000000,00000000,00000001,7DDDCD9C), ref: 005A8DE6
                                                            • Part of subcall function 005A8DA8: CloseServiceHandle.SECHOST(00000000), ref: 005A8EAD
                                                            • Part of subcall function 005A8DA8: CloseServiceHandle.ADVAPI32(00000000), ref: 005A8EBC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close$HandleInformationService$AdjustManagerOpenPrivilegeQuerySystemThread
                                                          • String ID:
                                                          • API String ID: 4089816224-0
                                                          • Opcode ID: 8209f0c7ddf1f16c4dd7a2dfb2bdc0ad83c7d7224039ba2b0893d32eeb72257f
                                                          • Instruction ID: 49bfcd7a0199d2cb09e745c54538323c6ad0a3c5ae7cd402cf74d45248b86e24
                                                          • Opcode Fuzzy Hash: 8209f0c7ddf1f16c4dd7a2dfb2bdc0ad83c7d7224039ba2b0893d32eeb72257f
                                                          • Instruction Fuzzy Hash: E7216F70900319BEEF20ABA0CC4EFDE7EB8BB46342F204054B604A61D5EB748A84DB60
                                                          Function 005A74BC Relevance: 3.1, APIs: 2, Instructions: 60fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 005A7590: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 005A75FF
                                                            • Part of subcall function 005A7590: FindClose.KERNELBASE(000000FF), ref: 005A765C
                                                          • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 005A751F
                                                          • FindNextFileW.KERNELBASE(000000FF,?), ref: 005A7576
                                                            • Part of subcall function 005A766C: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 005A76F3
                                                            • Part of subcall function 005A766C: GetFileAttributesW.KERNELBASE(00000000), ref: 005A7786
                                                            • Part of subcall function 005A766C: FindNextFileW.KERNELBASE(000000FF,?), ref: 005A77EF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileFind$First$Next$AttributesClose
                                                          • String ID:
                                                          • API String ID: 95010735-0
                                                          • Opcode ID: 4fef04a3afad9159187b143aaf9819848cb366c40dcfa411e90fd85baf3af981
                                                          • Instruction ID: 62fd3d665aed0ebafd402899eabbf09b1f49ce442997d226b4f4410b3b95e45b
                                                          • Opcode Fuzzy Hash: 4fef04a3afad9159187b143aaf9819848cb366c40dcfa411e90fd85baf3af981
                                                          • Instruction Fuzzy Hash: B5213BB184060DAFDB10EBA0DD4DFDDBB7CAB19301F4000A1A608D2191F730AB98DF66
                                                          Function 005A7590 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 005A75FF
                                                          • FindClose.KERNELBASE(000000FF), ref: 005A765C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Find$CloseFileFirst
                                                          • String ID:
                                                          • API String ID: 2295610775-0
                                                          • Opcode ID: aad3c3f65362c8faa8ff25f9086d023010a0ebbfddc4dd0427f5b7c479bb8721
                                                          • Instruction ID: e16d819109f1b1b861b0dc800a813a03cce7c162ee761caef10f8104a0467ae9
                                                          • Opcode Fuzzy Hash: aad3c3f65362c8faa8ff25f9086d023010a0ebbfddc4dd0427f5b7c479bb8721
                                                          • Instruction Fuzzy Hash: E52129B0800608EFDB109F94ED48F9DBFB9FB04306F1081A1E908AA161E771AA98DF55
                                                          Function 005A7E8A Relevance: 3.1, APIs: 2, Instructions: 56sleepnativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 005A7E7E
                                                          • Sleep.KERNELBASE(000007D0,?), ref: 005A7F45
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InformationQuerySleepSystem
                                                          • String ID:
                                                          • API String ID: 3518162127-0
                                                          • Opcode ID: 94104244ce79aeb0e73755bfa8b6b6f0fc952344290bc063ef18ca6b3392e40d
                                                          • Instruction ID: b6a3ce4e4ba751f5e8114346e12f7589894946ec858f4be5691b21916690684d
                                                          • Opcode Fuzzy Hash: 94104244ce79aeb0e73755bfa8b6b6f0fc952344290bc063ef18ca6b3392e40d
                                                          • Instruction Fuzzy Hash: 1C212C71904609EFDF01CFA0CD88B9DBFB8FF19305F208099E911AA151D7769A89DF90
                                                          Function 005A7EA3 Relevance: 3.1, APIs: 2, Instructions: 56sleepnativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 005A7E7E
                                                          • Sleep.KERNELBASE(000007D0,?), ref: 005A7F45
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InformationQuerySleepSystem
                                                          • String ID:
                                                          • API String ID: 3518162127-0
                                                          • Opcode ID: 830fb3a33a6493d470dd51f80af1d2d30bb09524ccfb189d2d39551dfb70193e
                                                          • Instruction ID: b6a3ce4e4ba751f5e8114346e12f7589894946ec858f4be5691b21916690684d
                                                          • Opcode Fuzzy Hash: 830fb3a33a6493d470dd51f80af1d2d30bb09524ccfb189d2d39551dfb70193e
                                                          • Instruction Fuzzy Hash: 1C212C71904609EFDF01CFA0CD88B9DBFB8FF19305F208099E911AA151D7769A89DF90
                                                          Function 005AE1E8 Relevance: 3.0, APIs: 2, Instructions: 46nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,005ADE78,00000000,00000000,00000000,?,00000000), ref: 005AE239
                                                            • Part of subcall function 005AB444: NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,005A6541,00000000,005C586C,005A6390,00000000,00000000,005C5858,005A6378,00000000,00000000,005C584C), ref: 005AB465
                                                          • NtClose.NTDLL(00000000,00000000,?,00000000), ref: 005AE24C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Thread$CloseCreateInformation
                                                          • String ID:
                                                          • API String ID: 3895992022-0
                                                          • Opcode ID: 3c29826a34a49a9482a556f53b6abad17ca5aedc13f1c3222b35fde3562eba4d
                                                          • Instruction ID: 228aa6278a9f25b518026aa232f885c17b3a3668db8f956248d4bab4e4e0abd9
                                                          • Opcode Fuzzy Hash: 3c29826a34a49a9482a556f53b6abad17ca5aedc13f1c3222b35fde3562eba4d
                                                          • Instruction Fuzzy Hash: 0E01DB70740F15AFE7106BD49C8AF9D7B68FF25711F200210FA05A61D1FBB469489555
                                                          Function 005AB3C0 Relevance: 3.0, APIs: 2, Instructions: 43nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtSetInformationThread.NTDLL(000000FE,00000005,00000008,00000004), ref: 005AB424
                                                          • NtClose.NTDLL(00000008), ref: 005AB432
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CloseInformationThread
                                                          • String ID:
                                                          • API String ID: 3167811113-0
                                                          • Opcode ID: 69ded29423c292c05d2a8fdfebd858364e1e5bdd749539ead17ca208d37454c3
                                                          • Instruction ID: cc4ea510850bf2fa2828f4411500485fab46870495acab5d29047dfda3756010
                                                          • Opcode Fuzzy Hash: 69ded29423c292c05d2a8fdfebd858364e1e5bdd749539ead17ca208d37454c3
                                                          • Instruction Fuzzy Hash: 9A012174500208AFFB10CF50DC89FAABBA8FB14305F548165E9149B1A2E7B59A58DBE0
                                                          Function 005AA094 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 005AA0B6
                                                          • FindClose.KERNELBASE(000000FF), ref: 005AA0DC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Find$CloseFileFirst
                                                          • String ID:
                                                          • API String ID: 2295610775-0
                                                          • Opcode ID: 11f0c71414be819f6c233ddac8c3fca9c6cd56562cfb03c1d029e76ccb3cede7
                                                          • Instruction ID: 230c20793c6e9fafaf2598bcdaf710dc151f5a9f61d4fa760b04d760294704a9
                                                          • Opcode Fuzzy Hash: 11f0c71414be819f6c233ddac8c3fca9c6cd56562cfb03c1d029e76ccb3cede7
                                                          • Instruction Fuzzy Hash: 47F03A74901608EFDB20DF94CC49B9CBBB5FB44310F208295A818AB2A0EB716F95DF44
                                                          Function 005A9880 Relevance: 1.6, APIs: 1, Instructions: 68nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: f3a6bc0e97fda11befac4dbefd76c34624d98d3d02fcb68a688ff6582361cb36
                                                          • Instruction ID: 763ec9beda5c3172734c82ebd88f4b4e7267c513471228ace8190a3d60ef8caa
                                                          • Opcode Fuzzy Hash: f3a6bc0e97fda11befac4dbefd76c34624d98d3d02fcb68a688ff6582361cb36
                                                          • Instruction Fuzzy Hash: A6318970900208EFEF01CF94D888BDEBFB8FB05319F608159E515BA290D77A9A49DF91
                                                          Function 005A97D8 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 005A6844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,005B7764,?,00000000,00000000), ref: 005A6860
                                                          • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 005A9805
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeapInformationQuerySystem
                                                          • String ID:
                                                          • API String ID: 3114120137-0
                                                          • Opcode ID: fe960aa21b2373ce0a389bf0280294273b35f010e5cdca4cb4fc89f1994fd54c
                                                          • Instruction ID: 5cab167aac406d061353171eda1d8d6897ca93be2dc5350e6933a5451458b37f
                                                          • Opcode Fuzzy Hash: fe960aa21b2373ce0a389bf0280294273b35f010e5cdca4cb4fc89f1994fd54c
                                                          • Instruction Fuzzy Hash: 5C114876D0011AFBCF11DFD5D884ADDBFB8FF06710F2081A2EA10AA151D7365A90EB94
                                                          Function 005A6C98 Relevance: 1.6, APIs: 1, Instructions: 56nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtQueryInformationToken.NTDLL(00000000,00000001,?,00000028,?,00000000), ref: 005A6CDF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InformationQueryToken
                                                          • String ID:
                                                          • API String ID: 4239771691-0
                                                          • Opcode ID: c48eaa0864d9dbb7bd3f03ba97608b15b0cb8686b9b3ba244d855452f76a6610
                                                          • Instruction ID: 66a1c8ed5df646bc491592739f49534b6374be63f9aec2273ea5831e52bc3d39
                                                          • Opcode Fuzzy Hash: c48eaa0864d9dbb7bd3f03ba97608b15b0cb8686b9b3ba244d855452f76a6610
                                                          • Instruction Fuzzy Hash: C6115870A00209EFDF108F90DC88FAEBFB8FF11319F584125E911A61A0E7719A98DB51
                                                          Function 005A5A20 Relevance: 1.5, APIs: 1, Instructions: 40libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 005A5A71
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: af48af1fca643474fca682da8355db07163e70fc212f06ddbf333f6c97476a75
                                                          • Instruction ID: 424f353e489e00fd250c88b536e15f2ad1fff452fb223a5509612c4832a5f1d3
                                                          • Opcode Fuzzy Hash: af48af1fca643474fca682da8355db07163e70fc212f06ddbf333f6c97476a75
                                                          • Instruction Fuzzy Hash: 1EF03C7690050DFECF10EED4D848FDEBBBCFB15355F4041A2B919A7040E230AB489BA0
                                                          Function 005ADC60 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtTerminateProcess.NTDLL(005A7DB8,00000000), ref: 005ADCC3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ProcessTerminate
                                                          • String ID:
                                                          • API String ID: 560597551-0
                                                          • Opcode ID: a055b2b176893fff5d86f8c0c287548fb43b4ebfbab266669188e29024a75ced
                                                          • Instruction ID: 46d6bf414eb0cc64f6cb2dd78841ece442a12dd104ae347df9bf31bb40c5adb9
                                                          • Opcode Fuzzy Hash: a055b2b176893fff5d86f8c0c287548fb43b4ebfbab266669188e29024a75ced
                                                          • Instruction Fuzzy Hash: DA01EC70900608EFDB00CF90C858BDEBFB8FB14319F508198E504AB291E7B79689DF91
                                                          Function 005AB674 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtQueryInformationToken.NTDLL(?,00000001,?,0000002C,?), ref: 005AB69E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InformationQueryToken
                                                          • String ID:
                                                          • API String ID: 4239771691-0
                                                          • Opcode ID: 7082e45fe5c9eafa8f978863ed43e79d35dc5ecd6318d83996a3fd09bcc1f19a
                                                          • Instruction ID: 774fb5d73c3efb14fd03275978b3d57e5115043c2460e8c2e934052efeb4b386
                                                          • Opcode Fuzzy Hash: 7082e45fe5c9eafa8f978863ed43e79d35dc5ecd6318d83996a3fd09bcc1f19a
                                                          • Instruction Fuzzy Hash: D7F09031601508AFEF10DBD4DCC5E9DBB7DFB01316FA00161F904D31A1E361AE949740
                                                          Function 005A9811 Relevance: 1.5, APIs: 1, Instructions: 31nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 005A9805
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InformationQuerySystem
                                                          • String ID:
                                                          • API String ID: 3562636166-0
                                                          • Opcode ID: 1fa0382827661fbdf99b6770e4538145954b9734c303bdfcfddfaec22694b368
                                                          • Instruction ID: 9ebec855fccfac2c6cacf4a6ffa53511b34ba75740f8905ae7a78139ed69ecaf
                                                          • Opcode Fuzzy Hash: 1fa0382827661fbdf99b6770e4538145954b9734c303bdfcfddfaec22694b368
                                                          • Instruction Fuzzy Hash: 7AF03A35A0416AEBDF10DFC5D8C0BACBFB8FF17301F204492EA01AA150D775AA90EB51
                                                          Function 005A982A Relevance: 1.5, APIs: 1, Instructions: 31nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 005A9805
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InformationQuerySystem
                                                          • String ID:
                                                          • API String ID: 3562636166-0
                                                          • Opcode ID: 45db91660fbd88fb3ae102b05b791b12f79e4193544f526221dc709a5fed7b50
                                                          • Instruction ID: 9ebec855fccfac2c6cacf4a6ffa53511b34ba75740f8905ae7a78139ed69ecaf
                                                          • Opcode Fuzzy Hash: 45db91660fbd88fb3ae102b05b791b12f79e4193544f526221dc709a5fed7b50
                                                          • Instruction Fuzzy Hash: 7AF03A35A0416AEBDF10DFC5D8C0BACBFB8FF17301F204492EA01AA150D775AA90EB51
                                                          Function 005AB444 Relevance: 1.5, APIs: 1, Instructions: 18nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,005A6541,00000000,005C586C,005A6390,00000000,00000000,005C5858,005A6378,00000000,00000000,005C584C), ref: 005AB465
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InformationThread
                                                          • String ID:
                                                          • API String ID: 4046476035-0
                                                          • Opcode ID: f13edb2cdc436786a6dfb206d5037282005182f82287a67106e539cb5b8f7647
                                                          • Instruction ID: 2b17a94622a24ecd254eb70d0d86b467223de475eb38cbff5bbc9752702dfa05
                                                          • Opcode Fuzzy Hash: f13edb2cdc436786a6dfb206d5037282005182f82287a67106e539cb5b8f7647
                                                          • Instruction Fuzzy Hash: DFD0A7325A060CAEEB009F54DC45FFA375DE316302F104624B207C6092D7F0B9D0D6E4
                                                          Function 005AA470 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLogicalDriveStringsW.KERNELBASE(?,?), ref: 005AA47B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: DriveLogicalStrings
                                                          • String ID:
                                                          • API String ID: 2022863570-0
                                                          • Opcode ID: 930451c436d5da4f8ca94c2519865f2ff954e67c3fe9238336a7fe0029fe1152
                                                          • Instruction ID: 966e8b6d0ac8bff312c619469ee55b064f7c0d4e6e30646f42b65c83d510933e
                                                          • Opcode Fuzzy Hash: 930451c436d5da4f8ca94c2519865f2ff954e67c3fe9238336a7fe0029fe1152
                                                          • Instruction Fuzzy Hash: AFC09236000608EFCB019FC8ED48C85BFEAEB28700B048061F6084B231DB32F868EB95
                                                          Function 005B946F Relevance: 47.5, APIs: 31, Instructions: 1045windowlibraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LibraryTextWindow$CreateDialogFreeLoad$BrushColorCommandErrorLastLineMenuPixelProc$ButtonCapsCheckedCountDeviceExitHeapImageItemMessageNamePaletteParamProcessSelectSolidTick
                                                          • String ID:
                                                          • API String ID: 2067994032-0
                                                          • Opcode ID: e2b64f544552a227febbdde62982ca904ebdff65201d2fe2226d9f2fed721473
                                                          • Instruction ID: 77c4514b82c2a879f3cc36bb5f06b39a778e58e905e1f99f9996c062e40aad16
                                                          • Opcode Fuzzy Hash: e2b64f544552a227febbdde62982ca904ebdff65201d2fe2226d9f2fed721473
                                                          • Instruction Fuzzy Hash: 9F01085545951BADC65137F0980FBFD6DAC7FEA311F69349BB109260E39E207500C637
                                                          Function 005A8230 Relevance: 18.0, APIs: 8, Strings: 2, Instructions: 502COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 95 5a8230-5a8289 96 5a828b 95->96 97 5a8290-5a829f 95->97 98 5a88b9-5a88bd 96->98 104 5a82a1 97->104 105 5a82a6-5a82b6 97->105 99 5a88c8-5a88cc 98->99 100 5a88bf 98->100 102 5a88ce-5a88d2 99->102 103 5a88dd-5a88e1 99->103 100->99 102->103 106 5a88d4 102->106 107 5a88ec-5a88f0 103->107 108 5a88e3 103->108 104->98 112 5a82b8 105->112 113 5a82bd-5a82cd 105->113 106->103 110 5a88fb-5a88ff 107->110 111 5a88f2 107->111 108->107 114 5a8909-5a890d 110->114 115 5a8901-5a8904 call 5a686c 110->115 111->110 112->98 125 5a82cf 113->125 126 5a82d4-5a82ef call 5b0e98 113->126 116 5a890f-5a8912 call 5a686c 114->116 117 5a8917-5a891b 114->117 115->114 116->117 120 5a891d 117->120 121 5a8926-5a892a 117->121 120->121 123 5a892c 121->123 124 5a8935-5a8939 121->124 123->124 128 5a893b 124->128 129 5a8944-5a8948 124->129 125->98 133 5a8319-5a83a9 call 5a1240 126->133 134 5a82f1-5a8316 126->134 128->129 131 5a894a-5a894d 129->131 132 5a8955-5a895b 129->132 131->132 141 5a83ab 133->141 142 5a83b0-5a83be 133->142 134->133 141->98 144 5a83c0 142->144 145 5a83c5-5a83d6 call 5a6844 142->145 144->98 148 5a83d8 145->148 149 5a83dd-5a83e5 call 5a1564 145->149 148->98 152 5a8401-5a8412 call 5a6de8 149->152 153 5a83e7-5a83f8 call 5a6de8 149->153 158 5a8419-5a8432 152->158 159 5a8414 152->159 160 5a83fa 153->160 161 5a83ff 153->161 163 5a8448-5a845b 158->163 164 5a8434-5a8443 call 5a686c 158->164 159->98 160->98 161->158 168 5a845d 163->168 169 5a8462-5a8478 163->169 164->98 168->98 171 5a847a 169->171 172 5a847f-5a848d 169->172 171->98 174 5a848f 172->174 175 5a8494-5a84e7 call 5a1564 172->175 174->98 181 5a84f8 175->181 182 5a84e9-5a84f6 175->182 183 5a84fb-5a851c DrawTextW 181->183 182->183 184 5a851e 183->184 185 5a8523-5a85cb 183->185 184->98 189 5a85cd 185->189 190 5a85d2-5a85ff 185->190 189->98 193 5a8601 190->193 194 5a8606-5a867f call 5a16c0 call 5a1240 CreateFileW 190->194 193->98 202 5a8681 194->202 203 5a8686-5a86a0 WriteFile 194->203 202->98 204 5a86a2 203->204 205 5a86a7-5a86be WriteFile 203->205 204->98 206 5a86c0 205->206 207 5a86c5-5a86dc WriteFile 205->207 206->98 208 5a86de 207->208 209 5a86e3-5a8707 call 5a6c98 207->209 208->98 213 5a8709 209->213 214 5a870e-5a87b2 call 5a16c0 call 5a1240 RegCreateKeyExW 209->214 213->98 220 5a87b9-5a8818 call 5a1240 RegSetValueExW 214->220 221 5a87b4 214->221 225 5a881a 220->225 226 5a881f-5a88a0 call 5a1240 RegSetValueExW 220->226 221->98 225->98 230 5a88a2 226->230 231 5a88a4-5a88a8 226->231 230->98 231->98 232 5a88aa-5a88b1 231->232 232->98
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ($BM
                                                          • API String ID: 0-2980357723
                                                          • Opcode ID: cced7fe4dbdc9a7bb94532d3aa967d2a8d7864ed5f77e7566c4ec1382a12731a
                                                          • Instruction ID: 17720e9428a7adb9d97fcf01833ad6333083d1ce45b22a838069faba3de44c08
                                                          • Opcode Fuzzy Hash: cced7fe4dbdc9a7bb94532d3aa967d2a8d7864ed5f77e7566c4ec1382a12731a
                                                          • Instruction Fuzzy Hash: F122487490060AEFEF209FA0CC49BADBFB4FF19305F544425E601BA1A0EB799984DF65
                                                          Function 005ABC38 Relevance: 9.2, APIs: 6, Instructions: 190COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 512 5abc38-5abc62 514 5abc69-5abc80 512->514 515 5abc64 512->515 520 5abc82 514->520 521 5abc87-5abc94 call 5a6844 514->521 516 5abe8c-5abe90 515->516 517 5abe9b-5abe9f 516->517 518 5abe92 516->518 522 5abeaa-5abeae 517->522 523 5abea1-5abea4 DeleteDC 517->523 518->517 520->516 531 5abc9b-5abcf6 call 5a1240 CreateDCW 521->531 532 5abc96 521->532 525 5abeb8-5abebc 522->525 526 5abeb0-5abeb3 call 5a686c 522->526 523->522 529 5abebe 525->529 530 5abec7-5abecc 525->530 526->525 529->530 536 5abcf8 531->536 537 5abcfd-5abdc7 call 5a1240 StartDocW 531->537 532->516 536->516 548 5abdc9 537->548 549 5abdce-5abdd9 call 5a1720 537->549 548->516 552 5abdde-5abdea 549->552 554 5abdee-5abe66 DrawTextA EndPage 552->554 555 5abdec 552->555 554->552 556 5abe6c-5abe7b EndDoc call 5a1720 554->556 555->556 559 5abe80-5abe83 556->559 559->516
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Delete
                                                          • String ID:
                                                          • API String ID: 1035893169-0
                                                          • Opcode ID: 1730612badb98464232d6a533f99022ba92f0345d9fd6eaf17bd13b2c981dd23
                                                          • Instruction ID: 72a66a00ae2e90abe9e38d9080ebb974f8ab16173f0cc6a06b88e110c627b2a8
                                                          • Opcode Fuzzy Hash: 1730612badb98464232d6a533f99022ba92f0345d9fd6eaf17bd13b2c981dd23
                                                          • Instruction Fuzzy Hash: F8811471800A09EFEF119FA0DC09BEEBF79FB14301F604464F605AA1A1E7765A94EF90
                                                          Function 005AC28C Relevance: 7.6, APIs: 5, Instructions: 134fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 732 5ac28c-5ac2b7 CreateFileW 733 5ac3ed-5ac3f3 732->733 734 5ac2bd-5ac2d6 732->734 735 5ac2dc-5ac2ee call 5a17ac 734->735 738 5ac2f5-5ac318 WriteFile 735->738 739 5ac31a-5ac329 738->739 740 5ac32c-5ac351 WriteFile 738->740 741 5ac353-5ac362 740->741 742 5ac365-5ac388 WriteFile 740->742 744 5ac38a-5ac399 742->744 745 5ac39c-5ac3c1 WriteFile 742->745 746 5ac3c3-5ac3d2 745->746 747 5ac3d5-5ac3e2 745->747 747->738 750 5ac3e8 747->750 750->735
                                                          APIs
                                                          • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,00000000), ref: 005AC2AA
                                                          • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,005C6000,?,?,?,00000000), ref: 005AC30B
                                                          • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,?,?,00000000), ref: 005AC344
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$Write$Create
                                                          • String ID:
                                                          • API String ID: 1602526932-0
                                                          • Opcode ID: c55b120b0289e7839e4599be51470d59ebf200ec74ade227b0792cbb0e01f9a1
                                                          • Instruction ID: 904445b429a2143e880cc0bbc854e5b05208efd89e2f650a46d584842080998f
                                                          • Opcode Fuzzy Hash: c55b120b0289e7839e4599be51470d59ebf200ec74ade227b0792cbb0e01f9a1
                                                          • Instruction Fuzzy Hash: 83411931A0060CAFDB00DBD4EC49BEEFB7AFB55312F5081A6E604E6191E3715A54DB91
                                                          Function 005A782C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 295COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 752 5a782c-5a785b CoInitialize 753 5a7c9f-5a7ca2 752->753 754 5a7861-5a7ac4 call 5a1240 * 10 752->754 776 5a7acb-5a7ae3 754->776 777 5a7ac6 754->777 782 5a7aea-5a7af9 call 5a6e54 776->782 783 5a7ae5 776->783 778 5a7c55-5a7c59 777->778 780 5a7c5b-5a7c60 778->780 781 5a7c66-5a7c6a 778->781 780->781 784 5a7c6c-5a7c71 781->784 785 5a7c77-5a7c7b 781->785 792 5a7afb-5a7b25 782->792 793 5a7b3e-5a7b63 782->793 783->778 784->785 787 5a7c88-5a7c8c 785->787 788 5a7c7d-5a7c82 785->788 789 5a7c99 CoUninitialize 787->789 790 5a7c8e-5a7c93 787->790 788->787 789->753 790->789 800 5a7b2b-5a7b2d 792->800 796 5a7b6a-5a7b83 CoSetProxyBlanket 793->796 797 5a7b65 793->797 798 5a7b8a-5a7bad 796->798 799 5a7b85 796->799 797->778 804 5a7baf 798->804 805 5a7bb4-5a7bd3 798->805 799->778 801 5a7b2f 800->801 802 5a7b34-5a7b37 800->802 801->778 802->793 804->778 806 5a7bd9-5a7bdb 805->806 807 5a7bdf-5a7c07 806->807 808 5a7bdd 806->808 811 5a7c09-5a7c3e 807->811 812 5a7c45-5a7c50 807->812 808->778 811->812 812->778 812->805
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InitializeUninitialize
                                                          • String ID: @
                                                          • API String ID: 3442037557-2766056989
                                                          • Opcode ID: 704514639dd52ed7d554641284875606ce746f464ca919db3106693aa7f0edc2
                                                          • Instruction ID: c34551dfb8f745e585413dc8d75b411a3ff3686a901dab4fc3452d69eecdfe22
                                                          • Opcode Fuzzy Hash: 704514639dd52ed7d554641284875606ce746f464ca919db3106693aa7f0edc2
                                                          • Instruction Fuzzy Hash: 54D1F5B890020AEFDB10CF90C888F9EBB79FF05750F158195A514AF2A1D779DA84CFA5
                                                          Function 005AE45C Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 005AE475
                                                          • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 005AE48D
                                                          • SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 005AE4B1
                                                          • ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 005AE4D0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$AttributesCreatePointerRead
                                                          • String ID:
                                                          • API String ID: 4170910816-0
                                                          • Opcode ID: 9416f33a0864449ba5a3b2293206bc4c2bdc0b4b5c5f8ea2a04551d2956306e8
                                                          • Instruction ID: 47f0e9187400cb297215ea48840cf875e8d8ba5a959e831c7bb2a7663c910529
                                                          • Opcode Fuzzy Hash: 9416f33a0864449ba5a3b2293206bc4c2bdc0b4b5c5f8ea2a04551d2956306e8
                                                          • Instruction Fuzzy Hash: 24114F70A40709FFEF219FA4DC4AF9D7FB9FB05701F508064B604A60D0EB71AA959B14
                                                          Function 005B0E98 Relevance: 4.7, APIs: 3, Instructions: 157registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,00020119,00000000,?,00000000), ref: 005B100D
                                                          • RegQueryValueExW.KERNELBASE(?,?,00000000,00000004,00000004,00000004), ref: 005B1040
                                                          • RegDeleteKeyExW.KERNELBASE(80000002,?,00000100,00000000,000000FF,00000000), ref: 005B10A9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateDeleteQueryValue
                                                          • String ID:
                                                          • API String ID: 1796729037-0
                                                          • Opcode ID: 4b9bee41481f75b57d2d002c33576f5153eb4ca96ff56af9def5a2582ca70ee6
                                                          • Instruction ID: 249b69d00c12d323a4b9bffb147024e16e203cb6cddb0438f730e2fd21dbd313
                                                          • Opcode Fuzzy Hash: 4b9bee41481f75b57d2d002c33576f5153eb4ca96ff56af9def5a2582ca70ee6
                                                          • Instruction Fuzzy Hash: 265117B0950609AFEB20DF90CC49FEEBBBCFB04704F504055F614AA1A1E774AA98DB65
                                                          Function 005AEF6C Relevance: 4.6, APIs: 3, Instructions: 139fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 005AE3AC: SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 005AE3CD
                                                            • Part of subcall function 005AE3AC: CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 005AE3E5
                                                            • Part of subcall function 005AE45C: SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 005AE475
                                                            • Part of subcall function 005AE45C: CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 005AE48D
                                                            • Part of subcall function 005AE45C: SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 005AE4B1
                                                            • Part of subcall function 005AE45C: ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 005AE4D0
                                                          • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 005AEFEF
                                                          • CreateIoCompletionPort.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 005AF0B0
                                                          • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 005AF066
                                                            • Part of subcall function 005A686C: RtlFreeHeap.NTDLL(?,00000000,00000000,?,005B77F4,00000000), ref: 005A6888
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$Create$Attributes$CompletionFreeHeapMovePointerPortRead
                                                          • String ID:
                                                          • API String ID: 97630321-0
                                                          • Opcode ID: a2b29ee8ac65d45d3b1b3f57d305197f1fbd35a712fc485ca2c3ec8fe8f15d5b
                                                          • Instruction ID: e3e34233c5bdb2a743d62dd33f0e14017093e4d4bdb8548c0e851809492124ab
                                                          • Opcode Fuzzy Hash: a2b29ee8ac65d45d3b1b3f57d305197f1fbd35a712fc485ca2c3ec8fe8f15d5b
                                                          • Instruction Fuzzy Hash: 73511230900A09FEDF116FE0DC4AF9D7F79BB12346F208464B506A50A1E77A5A94EF40
                                                          Function 005A8DA8 Relevance: 4.6, APIs: 3, Instructions: 78serviceCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 005A97D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 005A9805
                                                          • OpenSCManagerW.SECHOST(00000000,00000000,00000001,7DDDCD9C), ref: 005A8DE6
                                                          • CloseServiceHandle.SECHOST(00000000), ref: 005A8EAD
                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005A8EBC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CloseHandleService$InformationManagerOpenQuerySystem
                                                          • String ID:
                                                          • API String ID: 1894214006-0
                                                          • Opcode ID: 4be24bcc6b090024fd35128fbd48a6ac4f5b18bbd09a2a0b429dd0d41211aa13
                                                          • Instruction ID: a2d0b1c59ebdb75dbd4ece0bbb752d4f011318c05ed61378c3b066d81300216b
                                                          • Opcode Fuzzy Hash: 4be24bcc6b090024fd35128fbd48a6ac4f5b18bbd09a2a0b429dd0d41211aa13
                                                          • Instruction Fuzzy Hash: 93310A70900608EFDB10CF90DD49BADBFB8FF15705F9484A5E502AB2A0DBB59A84DF51
                                                          Function 005AC19C Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfa5d29eba72c89111ca11a5e045d0fade3e7044f6a2c88fd052898ff95d6710
                                                          • Instruction ID: a55befbce1dad01288592d8a1358c38f65f29acf9446d81d29360857aaa1a2f4
                                                          • Opcode Fuzzy Hash: dfa5d29eba72c89111ca11a5e045d0fade3e7044f6a2c88fd052898ff95d6710
                                                          • Instruction Fuzzy Hash: EB210534800909EFDF12AFE4DE4AB5C7FB2BF52315F2401A0E451651B1D7721AA4FB05
                                                          Function 005AA488 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,005AA470,?,00000004,00000000), ref: 005AA4B9
                                                          • ResumeThread.KERNELBASE(00000000), ref: 005AA4FD
                                                          • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 005AA515
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Thread$CodeCreateExitResume
                                                          • String ID:
                                                          • API String ID: 4070214711-0
                                                          • Opcode ID: 346798672f08edc2aa0d69975763e71826c1c61a3d5e66c12fac1727294c930a
                                                          • Instruction ID: c3d4b6e1c02ecbc8c7347f6a975f26c9a0d4d852e2e58c2ab510f476317e8b98
                                                          • Opcode Fuzzy Hash: 346798672f08edc2aa0d69975763e71826c1c61a3d5e66c12fac1727294c930a
                                                          • Instruction Fuzzy Hash: 1911FD70900608EFDF11DF94DD4AF9DBBB5FB18312F2081A5F915A22A0E7716A98EB40
                                                          Function 005AA1C0 Relevance: 4.5, APIs: 3, Instructions: 46threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,005AA1B0,?,00000004,00000000), ref: 005AA1E4
                                                          • ResumeThread.KERNELBASE(00000000), ref: 005AA228
                                                          • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 005AA240
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Thread$CodeCreateExitResume
                                                          • String ID:
                                                          • API String ID: 4070214711-0
                                                          • Opcode ID: 6ed24978c2736de829daa15435146fec9f398a22e89179333be220dff67b963b
                                                          • Instruction ID: 6dd1b5df8f8dcc1d22d0128a7c5ca936bfc3b93f34df8154f8233d8eeda49151
                                                          • Opcode Fuzzy Hash: 6ed24978c2736de829daa15435146fec9f398a22e89179333be220dff67b963b
                                                          • Instruction Fuzzy Hash: 7B11D335900608FFDF119FD0DD0AF9CBB71FB15312F204194B914661A0E7726AA8EB41
                                                          Function 005AE3AC Relevance: 3.1, APIs: 2, Instructions: 58fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 005AE3CD
                                                          • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 005AE3E5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$AttributesCreate
                                                          • String ID:
                                                          • API String ID: 415043291-0
                                                          • Opcode ID: ddc9c951f258d40a50ae2f0e9572e4d47614ce10c3def9f14d5fed10b275379f
                                                          • Instruction ID: e3c3f71b2f28dc81811e46cff1a0873eabaaf1c33d18d92959b18825fe893cde
                                                          • Opcode Fuzzy Hash: ddc9c951f258d40a50ae2f0e9572e4d47614ce10c3def9f14d5fed10b275379f
                                                          • Instruction Fuzzy Hash: C511E330904608FFEF215B50EC0ABAC7F7CFB4A721F308226F521650E0D3706A84EA01
                                                          Function 005AF032 Relevance: 3.0, APIs: 2, Instructions: 36fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 005AEFEF
                                                          • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 005AF066
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$CreateMove
                                                          • String ID:
                                                          • API String ID: 3198096935-0
                                                          • Opcode ID: b1ba26fc7dc49f8e207195e202ff721c5859f77093d288784566d38feb8c8f12
                                                          • Instruction ID: 148cb8d67019fefbb3dbbe059d771dc293fe5f17db8ba901808624f680e5368e
                                                          • Opcode Fuzzy Hash: b1ba26fc7dc49f8e207195e202ff721c5859f77093d288784566d38feb8c8f12
                                                          • Instruction Fuzzy Hash: C9F01730E40609FADF215BD5EC09FACBF71FB52726F2082B6B612A50E0C7751A90EB45
                                                          Function 005A7468 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLogicalDriveStringsW.KERNELBASE(00000104,?), ref: 005A747F
                                                          • GetDriveTypeW.KERNELBASE(?), ref: 005A7495
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Drive$LogicalStringsType
                                                          • String ID:
                                                          • API String ID: 1630765265-0
                                                          • Opcode ID: de797cd51bd0791f708efbba35edefdc739da8c8d8b60a539bfe30c62923ef2a
                                                          • Instruction ID: 1826f3cc4672c16b5347dffc266d1b40d368496917c67b68f42ce9c64ac18119
                                                          • Opcode Fuzzy Hash: de797cd51bd0791f708efbba35edefdc739da8c8d8b60a539bfe30c62923ef2a
                                                          • Instruction Fuzzy Hash: 72E0E532504B1E5BDF20A6D4ACC99AF7B6CEB1E300F000160EA04D2101DA54AD8A86E1
                                                          Function 005A8EA2 Relevance: 3.0, APIs: 2, Instructions: 25serviceCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CloseServiceHandle.SECHOST(00000000), ref: 005A8EAD
                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005A8EBC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CloseHandleService
                                                          • String ID:
                                                          • API String ID: 1725840886-0
                                                          • Opcode ID: 64592f305772b4a9a635d1a9369c697d21546dd3d832e6369b1edab0dda7c19d
                                                          • Instruction ID: db0d7bc074a234d7335162960789982b6fc76aaaa7d33085fa11ad9cee571792
                                                          • Opcode Fuzzy Hash: 64592f305772b4a9a635d1a9369c697d21546dd3d832e6369b1edab0dda7c19d
                                                          • Instruction Fuzzy Hash: 0FF0A570901508EFEB11CF90DD49BBDBFB8FF15305F5440A5E901A11A0DB715E98EA52
                                                          Function 005AE430 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 005AE3CD
                                                          • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 005AE3E5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$AttributesCreate
                                                          • String ID:
                                                          • API String ID: 415043291-0
                                                          • Opcode ID: 603690def9251ba5257239c8cba0347df57572752ad662bf76457bacf3570448
                                                          • Instruction ID: 827c35bfa2fe0d1fe1c4242d65d05baba5f21a2948ffe544b334d96f97e79769
                                                          • Opcode Fuzzy Hash: 603690def9251ba5257239c8cba0347df57572752ad662bf76457bacf3570448
                                                          • Instruction Fuzzy Hash: A8E04830541604FAEF311B60DC07F5C3E29BB5A751F704521F721A80E0D774AA85EA05
                                                          Function 005AF82C Relevance: 2.8, APIs: 2, Instructions: 302COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoInitialize.OLE32(00000000,?,?,?,?,00000000), ref: 005AF85B
                                                          • CoUninitialize.COMBASE(?,?,?,?,00000000), ref: 005AFC71
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InitializeUninitialize
                                                          • String ID:
                                                          • API String ID: 3442037557-0
                                                          • Opcode ID: 77cbadb406243d93a02805233b238e7986301838f55c3c387e4ff26e0299c482
                                                          • Instruction ID: e6932498cef397267f6ed75ff865c2b71218c414bc5f6d405a28af74facbea76
                                                          • Opcode Fuzzy Hash: 77cbadb406243d93a02805233b238e7986301838f55c3c387e4ff26e0299c482
                                                          • Instruction Fuzzy Hash: 53C1077490060AEFDB10DF90D948F9EBBB8FF01740F118065E604AB262D779EA88DF65
                                                          Function 005A782A Relevance: 2.7, APIs: 2, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InitializeUninitialize
                                                          • String ID:
                                                          • API String ID: 3442037557-0
                                                          • Opcode ID: 44887d8643d277478668edd137638f09d05777cb578eefd8d616d47367a1c32c
                                                          • Instruction ID: 4c15359530f079e660204ed058746e156febd0cbea3422385506b6364a6a380e
                                                          • Opcode Fuzzy Hash: 44887d8643d277478668edd137638f09d05777cb578eefd8d616d47367a1c32c
                                                          • Instruction Fuzzy Hash: E581F4B8810306DFCB10DF51D988F89BFB8BF05354F56819895185F262D37ADA84CFA6
                                                          Function 005B0BE4 Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID:
                                                          • API String ID: 2422867632-0
                                                          • Opcode ID: 52e80719234e1d7a14382076aa156e648d0d98aec5071b9172ca52fce80628d1
                                                          • Instruction ID: 884c5ac002f2475672da80c0860695b8e96e957e546ded4f4697969cf254d2e1
                                                          • Opcode Fuzzy Hash: 52e80719234e1d7a14382076aa156e648d0d98aec5071b9172ca52fce80628d1
                                                          • Instruction Fuzzy Hash: D7612370900A0AAFDF10ABE0DC89BEFBFB4FB25305F245125E501661E0E7757A84EB90
                                                          Function 005A639C Relevance: 1.6, APIs: 1, Instructions: 134memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000,E80C4717,?,?,005B9487), ref: 005A63C5
                                                            • Part of subcall function 005AB444: NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,005A6541,00000000,005C586C,005A6390,00000000,00000000,005C5858,005A6378,00000000,00000000,005C584C), ref: 005AB465
                                                            • Part of subcall function 005AB470: NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?,9870B143), ref: 005AB4B1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateHeapInformationMemoryProtectThreadVirtual
                                                          • String ID:
                                                          • API String ID: 2986011945-0
                                                          • Opcode ID: 57c034a25077caa5819abae99b0c4484e0be63f2440f5aa311ec04bef3b9e666
                                                          • Instruction ID: b00634ca03d03f21c29c706ce46ec79e8d97f309fd1375b2274dbeec0253dff5
                                                          • Opcode Fuzzy Hash: 57c034a25077caa5819abae99b0c4484e0be63f2440f5aa311ec04bef3b9e666
                                                          • Instruction Fuzzy Hash: 2C317125782BB27D457032E65C0FF8F1D6CFDD3FA57D80519B608A50C2A9906581C5BA
                                                          Function 005A7CA4 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • OpenSCManagerW.ADVAPI32(00000000,00000000,00000004), ref: 005A7CBF
                                                            • Part of subcall function 005A6844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,005B7764,?,00000000,00000000), ref: 005A6860
                                                            • Part of subcall function 005ADC60: NtTerminateProcess.NTDLL(005A7DB8,00000000), ref: 005ADCC3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeapManagerOpenProcessTerminate
                                                          • String ID:
                                                          • API String ID: 3645570960-0
                                                          • Opcode ID: 6815f147db482854a107f0ef8583a264cdca3fc440799014329962058c3d5e2c
                                                          • Instruction ID: de1e534be13a3f2249bbc8e3071629008980febb8d988308cab8e67b8d085b15
                                                          • Opcode Fuzzy Hash: 6815f147db482854a107f0ef8583a264cdca3fc440799014329962058c3d5e2c
                                                          • Instruction Fuzzy Hash: BA41C271940609BFEB119BD0DC0AFEEBBB9BF18705F504065F601B90A0E7B16A94EB54
                                                          Function 005A5DA0 Relevance: 1.6, APIs: 1, Instructions: 106memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 005A5C24: FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 005A5CF7
                                                            • Part of subcall function 005A5C24: FindClose.KERNELBASE(000000FF,?,00000000), ref: 005A5D1C
                                                          • RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,005A6408,005C540C,005A5EE8,00000000,00000000,7E631824), ref: 005A5DE4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Find$AllocateCloseFileFirstHeap
                                                          • String ID:
                                                          • API String ID: 1673784098-0
                                                          • Opcode ID: 6aa6ab6f3a8d40e69fdb75059b62d8e3266041796467851bdc4e4ca92ca89f1e
                                                          • Instruction ID: 11d977a1bd741e94b4f09acf7dc44daaf010c7fab38bb4a4aaa250cf3b63b602
                                                          • Opcode Fuzzy Hash: 6aa6ab6f3a8d40e69fdb75059b62d8e3266041796467851bdc4e4ca92ca89f1e
                                                          • Instruction Fuzzy Hash: 6F31C5356047429ED720CF288880B5DFE99BF52351F18C7A9E509CF293FAB1C580C79A
                                                          Function 005A90BC Relevance: 1.6, APIs: 1, Instructions: 78serviceCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 005A903C: RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 005A905E
                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005A91AF
                                                            • Part of subcall function 005ADC60: NtTerminateProcess.NTDLL(005A7DB8,00000000), ref: 005ADCC3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AdjustCloseHandlePrivilegeProcessServiceTerminate
                                                          • String ID:
                                                          • API String ID: 3176663195-0
                                                          • Opcode ID: 18a0ef8381ea1864d2e52af8d0d5a4c073c00cca4722ee539be839c2bdc68345
                                                          • Instruction ID: bd753190e68d9ab261df50961ce344be38f1ebdc77f371bf2c35065291c0257f
                                                          • Opcode Fuzzy Hash: 18a0ef8381ea1864d2e52af8d0d5a4c073c00cca4722ee539be839c2bdc68345
                                                          • Instruction Fuzzy Hash: 70312570940619EFEB119FA0DC4DF9DBFB8FF05705F804064E605AA1A0E775AAC8EB51
                                                          Function 005A6550 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1013c65c13d0113734ea60af23811ebe07a2a819d716ce51c9da5f5664d5fd8e
                                                          • Instruction ID: 3f240fcd8657bdcde52da143c82ba3a625af5fa82f66280b82f40a5d263664c7
                                                          • Opcode Fuzzy Hash: 1013c65c13d0113734ea60af23811ebe07a2a819d716ce51c9da5f5664d5fd8e
                                                          • Instruction Fuzzy Hash: 9E212430941208EFDF109F94DC49BADBFB0FF16305F5940B8E804AB2A1E7715A94EB44
                                                          Function 005A9BB0 Relevance: 1.5, APIs: 1, Instructions: 46synchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateMutexW.KERNELBASE(0000000C,00000001,00000000), ref: 005A9C4B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateMutex
                                                          • String ID:
                                                          • API String ID: 1964310414-0
                                                          • Opcode ID: 2eba65afe9173bcff10163b4f12c85f9cca577eeb3a98b2ee53bba1c5c97c89c
                                                          • Instruction ID: d6933cee0f72212c7f6fb720f5fab83195fc4d5ca17a67870f54438e25ae41b8
                                                          • Opcode Fuzzy Hash: 2eba65afe9173bcff10163b4f12c85f9cca577eeb3a98b2ee53bba1c5c97c89c
                                                          • Instruction Fuzzy Hash: 4F117070804F18AEEB11ABE0EC0DF6D7FB5BB19301F180055F540961E1E3B56988EB14
                                                          Function 005A903C Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 005A905E
                                                            • Part of subcall function 005A97D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 005A9805
                                                            • Part of subcall function 005A9880: NtClose.NTDLL(00000000), ref: 005A9971
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AdjustCloseInformationPrivilegeQuerySystem
                                                          • String ID:
                                                          • API String ID: 327775174-0
                                                          • Opcode ID: 0857c5975dac7a253a2d4bbccf8339980e7729a12d9021b37c966f56455d5490
                                                          • Instruction ID: a592746010a4781735cddf87314804724848c1b0dcc8623640e75730c7c27209
                                                          • Opcode Fuzzy Hash: 0857c5975dac7a253a2d4bbccf8339980e7729a12d9021b37c966f56455d5490
                                                          • Instruction Fuzzy Hash: 46012C70A00209BFEF20ABA4DC4EFDDBAB8BB41755F104194A504AB2D0E7B55A84DBA1
                                                          Function 005AB708 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAdjustPrivilege.NTDLL(00000000,00000001,00000000,?), ref: 005AB727
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AdjustPrivilege
                                                          • String ID:
                                                          • API String ID: 3260937286-0
                                                          • Opcode ID: acec68a37f3eca64df93509d629a37acfffcc80515df741022b86b347be8e546
                                                          • Instruction ID: 2b41d238cce90aaccc00203bff98c345f25f6c7c941f39ab1f45117e7b063d7a
                                                          • Opcode Fuzzy Hash: acec68a37f3eca64df93509d629a37acfffcc80515df741022b86b347be8e546
                                                          • Instruction Fuzzy Hash: 8CD02B3110410566EB3416943C41BFA379CD783321F100311AD03DB0E1FB92698801E1
                                                          Function 005A6894 Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlReAllocateHeap.NTDLL(?,00000008,?,00000400,?,005A9825,?,00000400), ref: 005A68B3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: daa9bcdf773147030f49b1eaa8418a017144901c9f6933e547ab9cd84e43938e
                                                          • Instruction ID: 6d40a879a2ac3a9cc87b4e1d34cbad7bd4781775ff2bb486ab885fedc2f4378b
                                                          • Opcode Fuzzy Hash: daa9bcdf773147030f49b1eaa8418a017144901c9f6933e547ab9cd84e43938e
                                                          • Instruction Fuzzy Hash: 05D0A736040A04AFCB405F94AC09FCE3F28BB60300F418010FA444A061CB35D494EB40
                                                          Function 005A6844 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(?,00000008,00000000,?,005B7764,?,00000000,00000000), ref: 005A6860
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 566540b60544dda238867c1a1485a664674b382ed9ce9a3f5f77826bc9f65021
                                                          • Instruction ID: 20df363a4e3a918cd0fa98e17db1f4b0c4732062617446218e39227c5bcbd6dd
                                                          • Opcode Fuzzy Hash: 566540b60544dda238867c1a1485a664674b382ed9ce9a3f5f77826bc9f65021
                                                          • Instruction Fuzzy Hash: 89D01231140B049FC7549F99A949FDA3F6CBB20702F454014B7484B061DB75E8D0EB94
                                                          Function 005A686C Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(?,00000000,00000000,?,005B77F4,00000000), ref: 005A6888
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: 95e9397ced3fc4930376ba11a9e9d0ac56005cd5ced4ca55e89897fdb305c32b
                                                          • Instruction ID: 2d2f46e634d12a7557dfcf57216826160455f287159a2787f81fbad1da6a37a9
                                                          • Opcode Fuzzy Hash: 95e9397ced3fc4930376ba11a9e9d0ac56005cd5ced4ca55e89897fdb305c32b
                                                          • Instruction Fuzzy Hash: 3CD01231140B049FC7149F98AC49FDA3F6CBB24745F890011B7484B0A1DB75E8D0EA98
                                                          Function 005AB4DC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CheckTokenMembership.KERNELBASE(00000000,005AB4CC,?), ref: 005AB4ED
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CheckMembershipToken
                                                          • String ID:
                                                          • API String ID: 1351025785-0
                                                          • Opcode ID: 01dc0e4f8a2057cc4a91add458e18e21e2316417202e87f560a6fb2a9609858a
                                                          • Instruction ID: ff17dbfbdd05f0c3806d36b265c216c1a3a485b7e60952748154f401bdc6a4b1
                                                          • Opcode Fuzzy Hash: 01dc0e4f8a2057cc4a91add458e18e21e2316417202e87f560a6fb2a9609858a
                                                          • Instruction Fuzzy Hash: 41C0123454460CABD600D6D4AC46E59B76C9705621F500390AD18923C2E7616F5455D1
                                                          Function 005AA1B0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDriveTypeW.KERNELBASE(?), ref: 005AA1B6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: DriveType
                                                          • String ID:
                                                          • API String ID: 338552980-0
                                                          • Opcode ID: a5d1accb50c9c09af835915b4a248d9812f9d88cab8d0cc19b5164cabc0fccdb
                                                          • Instruction ID: 15b24f05fd56140d0adf028a05b43df16ddfdd6f2f87fb15e8b50ac8a67fd7b7
                                                          • Opcode Fuzzy Hash: a5d1accb50c9c09af835915b4a248d9812f9d88cab8d0cc19b5164cabc0fccdb
                                                          • Instruction Fuzzy Hash: ADB0123100050CABC7005B81EC04C857F6DD720261B004021F50400120DB3264A5E594
                                                          Function 005AF8FB Relevance: 1.4, APIs: 1, Instructions: 107COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 005A6844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,005B7764,?,00000000,00000000), ref: 005A6860
                                                          • CoUninitialize.COMBASE(?,?,?,?,00000000), ref: 005AFC71
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeapUninitialize
                                                          • String ID:
                                                          • API String ID: 3904538627-0
                                                          • Opcode ID: 5175fb0b7e402bf225c9e6e6cd2bb8d7ad315b1e6889dcee30f5fbfdac6a4615
                                                          • Instruction ID: 5b0116db6f4fac3fd6176cab36867ee76a7c48d1a518fc7a2ddf0287f5b1cad8
                                                          • Opcode Fuzzy Hash: 5175fb0b7e402bf225c9e6e6cd2bb8d7ad315b1e6889dcee30f5fbfdac6a4615
                                                          • Instruction Fuzzy Hash: BC415B74900609EFDB10DF90D948F9EBBB8FF41311F2081A5E601AB262D735AA88DF65
                                                          Function 005AF8F0 Relevance: 1.4, APIs: 1, Instructions: 107COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 005A6844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,005B7764,?,00000000,00000000), ref: 005A6860
                                                          • CoUninitialize.COMBASE(?,?,?,?,00000000), ref: 005AFC71
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeapUninitialize
                                                          • String ID:
                                                          • API String ID: 3904538627-0
                                                          • Opcode ID: 1caed0910cdb42e5799402b7febd8858d31862ec93b9eaa2594584a9c4518d8a
                                                          • Instruction ID: 5b0116db6f4fac3fd6176cab36867ee76a7c48d1a518fc7a2ddf0287f5b1cad8
                                                          • Opcode Fuzzy Hash: 1caed0910cdb42e5799402b7febd8858d31862ec93b9eaa2594584a9c4518d8a
                                                          • Instruction Fuzzy Hash: BC415B74900609EFDB10DF90D948F9EBBB8FF41311F2081A5E601AB262D735AA88DF65
                                                          Function 005ADE48 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Sleep.KERNELBASE(000000C8,?,?,005AE405,00000000,?,00000000,?,?,?), ref: 005ADE6B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: 4d23d1dfecb780004adee25bec756687eed72961960475bc522fa461d5c10354
                                                          • Instruction ID: 570a0d8d57ec97c206851d7d463c1cde67558e749f6a83fcb0352e7037952534
                                                          • Opcode Fuzzy Hash: 4d23d1dfecb780004adee25bec756687eed72961960475bc522fa461d5c10354
                                                          • Instruction Fuzzy Hash: 86D0A7712457051BDB107AE46CC580EFE1D7B66310F009133F60245501DDA1DC148564

                                                          Non-executed Functions

                                                          Function 005A4D08 Relevance: .3, Instructions: 328COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2af5528edb05520e65fe04ae680ce379e05003e18b508926568cd437442cb01
                                                          • Instruction ID: dc72f880ae63929e95c66cd97d31664b7e61b05a9af6f724793fe873f0d9a4db
                                                          • Opcode Fuzzy Hash: c2af5528edb05520e65fe04ae680ce379e05003e18b508926568cd437442cb01
                                                          • Instruction Fuzzy Hash: 9AE15E7AA20D038BD728CF19E8C0B65F7A2FB9E344F198938D61587B55C374F964DA80
                                                          Function 005A20AC Relevance: .3, Instructions: 307COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                                                          • Instruction ID: 6add48e56306e1b4a5d5e3dce19a1aaca197400f7832b0f809fa65883b9d3110
                                                          • Opcode Fuzzy Hash: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                                                          • Instruction Fuzzy Hash: 7BD1E5719083818FC790CF29C48165AFBE0FFD9348F549A1EE9D9D3211E770EA998B42
                                                          Function 005A5218 Relevance: .3, Instructions: 287COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fae7e1d035a18d7a587d1b9136f3115373bba3f5b9e15487a7703325cfd737e6
                                                          • Instruction ID: 49bfabfb83ef8c63718e602c452c090ca1662acc3fbd94d6e3fc97cc30d913a6
                                                          • Opcode Fuzzy Hash: fae7e1d035a18d7a587d1b9136f3115373bba3f5b9e15487a7703325cfd737e6
                                                          • Instruction Fuzzy Hash: EBD14F7AE2094B8BDB14CF58ECD0ABAB372FB9D340F198538D71193B55C634AA14DB50
                                                          Function 005A80B8 Relevance: .1, Instructions: 136COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9da4b40e71b5365c87ab65a77d94f08a299732c3c0472beadc7300db758aeb55
                                                          • Instruction ID: fb576425d098bc3c543b62268cb0becc7617f3ce1fbe6609f9d0a127d6a1503d
                                                          • Opcode Fuzzy Hash: 9da4b40e71b5365c87ab65a77d94f08a299732c3c0472beadc7300db758aeb55
                                                          • Instruction Fuzzy Hash: 9731383AFCA90646FF75E05096817FFAE94FB137A0EED09A3C58A135425C182CC3D666
                                                          Function 005A4D03 Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 142bb5e6483ed13fe45e14612b21635c3801fd37587f4012a818d9f041b358a1
                                                          • Instruction ID: 5278e95c796f822f081f520d889549cc659b2ecec83d791a7c5421de326107a4
                                                          • Opcode Fuzzy Hash: 142bb5e6483ed13fe45e14612b21635c3801fd37587f4012a818d9f041b358a1
                                                          • Instruction Fuzzy Hash: 9F314B76A21A069BC328CF1AD884965FBF1FF9E310B25CA29D959C3B51C770F950CB80
                                                          Function 005A10BC Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2531834489.00000000005A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005A0000, based on PE: true
                                                          • Associated: 00000000.00000002.2531669089.00000000005A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2531939523.00000000005BA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532031412.00000000005BB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532113811.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532194845.00000000005C6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2532273995.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a0000_bZRL0uttVu.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                                          • Instruction ID: 1f6a5b2d493c24cd7016adf81fae5dfb97a88464578f6f21fa460300547121cd
                                                          • Opcode Fuzzy Hash: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                                          • Instruction Fuzzy Hash: E8E04FBB20D3425FF928951174533AB9787D380675E25849EE406DF1C0EF1BE9A52059

                                                          Execution Graph

                                                          Execution Coverage:32.4%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:1.3%
                                                          Total number of Nodes:160
                                                          Total number of Limit Nodes:1
                                                          execution_graph 890 403983 893 40389c 890->893 902 402a78 893->902 897 403903 932 4022dc 897->932 938 4028ba 902->938 904 402a9e 904->897 907 4026c0 904->907 905 402af0 CreateMutexW 905->904 952 4024f8 907->952 909 402729 909->897 913 402f18 909->913 910 4026e7 CreateFileW 910->909 911 40270b ReadFile 910->911 911->909 914 402f2e 913->914 914->914 956 40227c FindFirstFileExW 914->956 915 402f67 CreateFileW 917 402f57 915->917 920 402faf 915->920 916 402faa 919 4030c5 NtFreeVirtualMemory 916->919 921 4030ed 916->921 917->915 917->916 918 402fb4 NtAllocateVirtualMemory 918->920 927 402fe8 918->927 919->916 920->918 920->927 922 4030f3 NtClose 921->922 923 4030ff 921->923 922->923 958 402e10 923->958 925 40311f 925->897 926 40304b WriteFile 926->927 928 403068 SetFilePointerEx 926->928 927->916 927->926 929 403095 SetFilePointerEx 927->929 928->926 928->927 929->927 933 402303 932->933 934 402335 GetShortPathNameW 933->934 935 402330 27 API calls 933->935 934->935 936 40235e 934->936 936->935 937 40246d ShellExecuteW 936->937 937->935 939 4028dd 938->939 942 402760 CreateFileW 939->942 943 4027da 942->943 944 402797 942->944 945 402802 943->945 946 4027f6 NtClose 943->946 944->943 950 4020bc 944->950 945->904 945->905 946->945 947 4027b7 947->943 948 4027c0 ReadFile 947->948 948->943 951 4020c8 RtlAllocateHeap 950->951 951->947 953 402512 952->953 955 402760 4 API calls 953->955 954 402522 954->909 954->910 955->954 957 4022af 956->957 957->917 960 402e2e 958->960 959 402e37 DeleteFileW 959->925 960->959 960->960 961 402e7c MoveFileExW 960->961 961->959 961->960 962 403956 963 403963 962->963 964 403976 962->964 971 4019d4 963->971 1009 4016b4 971->1009 974 4016b4 9 API calls 975 4019f4 974->975 976 4016b4 9 API calls 975->976 977 401a05 976->977 978 4016b4 9 API calls 977->978 979 401a16 978->979 980 4016b4 9 API calls 979->980 981 401a27 980->981 982 4016b4 9 API calls 981->982 983 401a38 982->983 984 401b70 RtlCreateHeap 983->984 985 401ba6 RtlCreateHeap 984->985 995 401ba1 984->995 986 401bcb 985->986 985->995 986->995 1057 401a40 986->1057 988 401c03 989 401a40 RtlAllocateHeap 988->989 988->995 990 401c59 989->990 991 401a40 RtlAllocateHeap 990->991 990->995 992 401caf 991->992 993 401a40 RtlAllocateHeap 992->993 992->995 994 401d05 993->994 994->995 996 401a40 RtlAllocateHeap 994->996 1001 402812 995->1001 1005 402836 995->1005 997 401d55 996->997 997->995 1062 401d94 997->1062 998 401d7a 1065 401dc2 998->1065 1002 402836 1001->1002 1003 402850 RtlAdjustPrivilege 1002->1003 1004 40284e 1002->1004 1003->1002 1003->1004 1004->964 1006 402849 1005->1006 1007 402850 RtlAdjustPrivilege 1006->1007 1008 40284e 1006->1008 1007->1006 1007->1008 1008->964 1010 40176f 1009->1010 1011 4016cf 1009->1011 1010->974 1012 4016f5 NtAllocateVirtualMemory 1011->1012 1035 401000 1011->1035 1012->1010 1014 40172f NtAllocateVirtualMemory 1012->1014 1014->1010 1016 401752 1014->1016 1020 40152c 1016->1020 1018 40175f 1018->1010 1019 401000 3 API calls 1018->1019 1019->1018 1021 401540 1020->1021 1022 401558 1020->1022 1023 401000 3 API calls 1021->1023 1024 401000 3 API calls 1022->1024 1025 40157e 1022->1025 1023->1022 1024->1025 1026 401000 3 API calls 1025->1026 1029 4015a4 1025->1029 1026->1029 1027 4015ed FindFirstFileExW 1027->1029 1028 40166c 1028->1018 1029->1027 1029->1028 1030 401649 FindNextFileW 1029->1030 1031 40162a FindClose 1029->1031 1030->1029 1033 40165d FindClose 1030->1033 1043 401474 1031->1043 1033->1029 1034 401641 1034->1018 1036 401012 1035->1036 1037 40102a 1035->1037 1038 401000 3 API calls 1036->1038 1039 401000 3 API calls 1037->1039 1040 401050 1037->1040 1038->1037 1039->1040 1041 4010fb 1040->1041 1046 401394 1040->1046 1041->1012 1044 40148a 1043->1044 1045 4014b8 LdrLoadDll 1044->1045 1045->1034 1047 4013ee 1046->1047 1048 4013be 1046->1048 1047->1041 1048->1047 1049 401474 LdrLoadDll 1048->1049 1050 4013d2 1049->1050 1050->1047 1050->1050 1052 4014d8 1050->1052 1053 4014ee 1052->1053 1054 40150f LdrGetProcedureAddress 1052->1054 1056 4014fa LdrGetProcedureAddress 1053->1056 1055 401521 1054->1055 1055->1047 1056->1055 1058 401a5d RtlAllocateHeap 1057->1058 1059 401a79 1058->1059 1060 401a85 1058->1060 1059->988 1060->1058 1061 401b5b 1060->1061 1061->988 1063 401da8 NtSetInformationThread 1062->1063 1063->998 1066 401de9 1065->1066 1067 401e12 1066->1067 1068 401df2 NtProtectVirtualMemory 1066->1068 1067->995 1068->1067 1083 402126 1084 402141 1083->1084 1085 4020bc RtlAllocateHeap 1084->1085 1086 402158 1084->1086 1085->1086 1069 4019b7 1070 4019e0 1069->1070 1071 4016b4 9 API calls 1069->1071 1072 4016b4 9 API calls 1070->1072 1071->1070 1073 4019f4 1072->1073 1074 4016b4 9 API calls 1073->1074 1075 401a05 1074->1075 1076 4016b4 9 API calls 1075->1076 1077 401a16 1076->1077 1078 4016b4 9 API calls 1077->1078 1079 401a27 1078->1079 1080 4016b4 9 API calls 1079->1080 1081 401a38 1080->1081 1082 40286c NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess

                                                          Callgraph

                                                          • Executed
                                                          • Not Executed
                                                          • Opacity -> Relevance
                                                          • Disassembly available
                                                          callgraph 0 Function_004026C0 38 Function_004024F8 0->38 1 Function_00401A40 39 Function_00401E78 1->39 2 Function_00401DC2 3 Function_004024C2 4 Function_00402B44 5 Function_00403144 6 Function_00401FC8 7 Function_00401F4C 8 Function_0040204C 9 Function_00402B50 10 Function_00401350 71 Function_00401130 10->71 11 Function_00402ED0 12 Function_004024D4 13 Function_004019D4 76 Function_004016B4 13->76 14 Function_00403956 14->13 33 Function_00401B70 14->33 54 Function_00402812 14->54 78 Function_00402836 14->78 15 Function_00403258 16 Function_004014D8 81 Function_00401438 16->81 17 Function_00401FDB 18 Function_004022DC 19 Function_0040205C 20 Function_00401F5C 21 Function_004020DE 22 Function_00402760 83 Function_004020BC 22->83 23 Function_004031E0 24 Function_00402264 25 Function_00401EE4 26 Function_004032E4 27 Function_004032E8 28 Function_00401868 29 Function_0040286C 30 Function_00401F6C 31 Function_00401B6E 32 Function_00401FEF 33->1 33->2 55 Function_00401D94 33->55 34 Function_00401472 35 Function_00401474 41 Function_004013F8 35->41 36 Function_004013F6 37 Function_00402A78 82 Function_004028BA 37->82 38->22 62 Function_00401E28 39->62 40 Function_00403478 42 Function_0040227C 43 Function_0040217C 44 Function_00402BFC 45 Function_00401000 45->7 45->10 45->25 45->45 56 Function_00401394 45->56 73 Function_00401EB0 45->73 46 Function_00402D80 47 Function_00403983 60 Function_0040389C 47->60 48 Function_00402003 49 Function_00402104 50 Function_00402C88 51 Function_00402E10 52 Function_00401190 52->71 53 Function_00401911 56->16 56->35 57 Function_00402017 58 Function_00402F18 58->42 58->51 59 Function_00401F9A 60->0 60->18 60->37 60->58 61 Function_00402126 61->83 63 Function_00402DA8 64 Function_0040152A 65 Function_0040202A 66 Function_0040152C 66->19 66->25 66->35 66->45 67 Function_00401F2C 66->67 68 Function_004018AD 69 Function_0040362E 70 Function_00401EAE 72 Function_00403230 74 Function_00401FB1 75 Function_004016B2 76->39 76->45 76->66 77 Function_00402234 79 Function_00401436 80 Function_004019B7 80->76 82->22 84 Function_00401A3E

                                                          Executed Functions

                                                          Function 00403983 Relevance: 40.5, APIs: 27, Instructions: 32windowlibraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: Text$Color$CreateWindow$Proc$CommandFontFreeHandleLibraryLineLoadMenuModule$AddressBitmapCharsetErrorExitInfoLastLocaleObjectProcessSelect
                                                          • String ID:
                                                          • API String ID: 3548022523-0
                                                          • Opcode ID: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                                          • Instruction ID: 44f13d8dc4ada08d969f55db554330e9d88bd117b0c18836a0928b418f5903af
                                                          • Opcode Fuzzy Hash: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                                          • Instruction Fuzzy Hash: 89F0B724B651416AC500BFFB9947A0D6E2C6E8472BB50657EB0C1344E74D3C87009EAF
                                                          Function 00402F18 Relevance: 12.2, APIs: 8, Instructions: 184filenativememoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 3 402f18-402f2b 4 402f2e-402f33 3->4 4->4 5 402f35-402f5b call 40227c 4->5 7 402f67-402f8c CreateFileW 5->7 8 402f5d-402f61 5->8 9 402f8e-402f96 7->9 10 402faf-402fb1 7->10 8->7 11 4030bb-4030bd 8->11 12 402f98-402fa6 9->12 13 402faa 9->13 14 402fb4-402fe0 NtAllocateVirtualMemory 10->14 15 4030c0-4030c3 11->15 12->13 27 402fa8 12->27 13->11 16 402fe2-402fed 14->16 17 402fe8 14->17 18 4030c5-4030e4 NtFreeVirtualMemory 15->18 19 4030e7-4030eb 15->19 28 403000-403003 16->28 29 402fef-402ffe 16->29 22 40301b-403020 17->22 18->19 19->15 23 4030ed-4030f1 19->23 26 403023-40302e 22->26 24 4030f3-4030fc NtClose 23->24 25 4030ff-40311d call 402e10 DeleteFileW 23->25 24->25 36 403126-40312a 25->36 37 40311f 25->37 30 403030-40303a 26->30 31 40303c 26->31 27->7 32 403015-403019 28->32 33 403005-403010 28->33 29->32 35 403041-403048 30->35 31->35 32->14 32->22 33->32 38 40304b-403064 WriteFile 35->38 39 403138-403141 36->39 40 40312c-403132 36->40 37->36 41 403066 38->41 42 403068-403088 SetFilePointerEx 38->42 40->39 43 40308a-403091 41->43 42->38 42->43 44 403093 43->44 45 403095-4030b6 SetFilePointerEx 43->45 44->11 45->26
                                                          APIs
                                                          • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,80000000,00000000), ref: 00402F82
                                                          • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004), ref: 00402FDB
                                                          • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000), ref: 0040305F
                                                          • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001), ref: 0040307E
                                                          • SetFilePointerEx.KERNELBASE(000000FF,00010000,00000000,00000000,00000000,?,00000000,00000001), ref: 004030B3
                                                          • NtFreeVirtualMemory.NTDLL(000000FF,00000000,00010000,00008000,?,00000000,00000001), ref: 004030E4
                                                          • NtClose.NTDLL(000000FF,?,00000000,00000001), ref: 004030FC
                                                          • DeleteFileW.KERNELBASE(?,?,00000000,00000001), ref: 00403118
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: File$MemoryPointerVirtual$AllocateCloseCreateDeleteFreeWrite
                                                          • String ID:
                                                          • API String ID: 590822095-0
                                                          • Opcode ID: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                                          • Instruction ID: 1b8bdb635f3090c090aca30f1047892238d11e79f8ef36d2dcee79009cce4089
                                                          • Opcode Fuzzy Hash: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                                          • Instruction Fuzzy Hash: ED714871901209AFDB11CF90DD48BEEBB79FB08311F204266E511B62D4D3759E85CF99
                                                          Function 0040152C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • FindFirstFileExW.KERNELBASE(C:\Windows\System32\*.dll,00000000,?,00000000,00000000,00000000), ref: 00401601
                                                          • FindClose.KERNELBASE(000000FF,?,00000000), ref: 0040162D
                                                          • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00401653
                                                          • FindClose.KERNEL32(000000FF), ref: 00401660
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: Find$CloseFile$FirstNext
                                                          • String ID: C:\Windows\System32\*.dll
                                                          • API String ID: 1164774033-1305136377
                                                          • Opcode ID: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                                          • Instruction ID: b8f602421e8d3e3309feb9384621a56ef9d54da146c7d7394d3b11ea37959a12
                                                          • Opcode Fuzzy Hash: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                                          • Instruction Fuzzy Hash: 30418C71900608EFDB20AFA4DD48BAA77B4FB44325F608276E521BE1F0D7794A85DF48
                                                          Function 00402760 Relevance: 4.6, APIs: 3, Instructions: 62filenativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 82 402760-402795 CreateFileW 83 4027f0-4027f4 82->83 84 402797-4027a9 82->84 85 402802-40280b 83->85 86 4027f6-4027ff NtClose 83->86 84->83 88 4027ab-4027be call 4020bc 84->88 86->85 88->83 90 4027c0-4027d8 ReadFile 88->90 91 4027e4-4027ea 90->91 92 4027da-4027e2 90->92 91->83 92->83
                                                          APIs
                                                          • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040278B
                                                          • ReadFile.KERNELBASE(000000FF,00000000,00000000,00000000,00000000), ref: 004027D3
                                                          • NtClose.NTDLL(000000FF), ref: 004027FF
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: File$CloseCreateRead
                                                          • String ID:
                                                          • API String ID: 1419693385-0
                                                          • Opcode ID: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                                          • Instruction ID: da411bd40fb0d6d878d2d447c4e829303a7e8bd202b0d35ae7576ead56d2946b
                                                          • Opcode Fuzzy Hash: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                                          • Instruction Fuzzy Hash: CA211A35601209EBDB10CF94DD89B9EBB75FF08310F2082A5A510AB2E1D7719E51DF94
                                                          Function 0040286C Relevance: 4.5, APIs: 3, Instructions: 28nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 94 40286c-4028b9 NtSetInformationProcess * 3
                                                          APIs
                                                          • NtSetInformationProcess.NTDLL(000000FF,00000021,?,00000004), ref: 00402888
                                                          • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002,?,00000004), ref: 0040289D
                                                          • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004,?,00000004), ref: 004028B5
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: InformationProcess
                                                          • String ID:
                                                          • API String ID: 1801817001-0
                                                          • Opcode ID: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                                          • Instruction ID: 48adbd17ca007e7691ff2066b81a5959555298f4bd9a539b6f325b5cfe831ef7
                                                          • Opcode Fuzzy Hash: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                                          • Instruction Fuzzy Hash: 2BF0F871141610EBEB15DB84DDC9F9637A8FB09720F2403A1F2319E1E6D3B0A484CF96
                                                          Function 00401DC2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 95 401dc2-401df0 97 401e21-401e27 95->97 98 401df2-401e10 NtProtectVirtualMemory 95->98 98->97 99 401e12-401e1f 98->99 99->97
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?), ref: 00401E0B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-3916222277
                                                          • Opcode ID: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                                          • Instruction ID: 836d3446d31acb3b31e0b6cd8f4ee088cd02c28435d2c0c4ff934eaabbb3754d
                                                          • Opcode Fuzzy Hash: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                                          • Instruction Fuzzy Hash: 72F03176500109ABDB00CF95D988BDFB7BCEB44324F2042A9EA14A72D1D7355E458B94
                                                          Function 004016B4 Relevance: 3.1, APIs: 2, Instructions: 130memorynativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 180 4016b4-4016c9 181 401859-401862 180->181 182 4016cf-4016d6 180->182 183 4016f5-401729 NtAllocateVirtualMemory 182->183 184 4016d8-4016f0 call 401000 182->184 183->181 186 40172f-40174c NtAllocateVirtualMemory 183->186 184->183 186->181 188 401752-40175a call 40152c 186->188 190 40175f-401761 188->190 190->181 191 401767-40176d 190->191 192 401774-401781 call 401000 191->192 193 40176f 191->193 196 401851-401854 192->196 197 401787-401798 call 401e78 192->197 193->181 196->191 200 4017c9-4017cc 197->200 201 40179a-4017c4 call 401e78 197->201 203 4017fa-4017fd 200->203 204 4017ce-4017f8 call 401e78 200->204 201->196 205 401815-401818 203->205 206 4017ff-401813 203->206 204->196 210 401830-401833 205->210 211 40181a-40182e 205->211 206->196 210->196 212 401835-40184b 210->212 211->196 212->196
                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,?,00103000,00000040), ref: 0040171F
                                                          • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00000000,00103000,00000004), ref: 00401742
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                                          • Instruction ID: ad4b5e7ce53ce887a57ee0cc443bca07838dd3003dcb7b2c4dfa2ad75add82e8
                                                          • Opcode Fuzzy Hash: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                                          • Instruction Fuzzy Hash: E3416031904204DADF10EF58C884B9AB7A4FF05314F14C1BAE919EF2E6D7788A41CB6A
                                                          Function 0040227C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 288 40227c-4022ad FindFirstFileExW 289 4022d2-4022d8 288->289 290 4022af-4022cf 288->290 290->289
                                                          APIs
                                                          • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 004022A4
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: FileFindFirst
                                                          • String ID:
                                                          • API String ID: 1974802433-0
                                                          • Opcode ID: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                                          • Instruction ID: 55f0629c3eadcc188d8749e42e063c0b49bca1bc4f8f265f590f61ae6da82bee
                                                          • Opcode Fuzzy Hash: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                                          • Instruction Fuzzy Hash: BBF0C974902608EFDB10DF94CD49B9DFBB4EB48310F2082A5A918AB2A0D7715E91CF84
                                                          Function 00401D94 Relevance: 1.5, APIs: 1, Instructions: 19nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000), ref: 00401DBB
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: InformationThread
                                                          • String ID:
                                                          • API String ID: 4046476035-0
                                                          • Opcode ID: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                                          • Instruction ID: 482b214da63c1bafeb7c1bb62a0bbbc62c262419b9af6fea3894fce228737229
                                                          • Opcode Fuzzy Hash: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                                          • Instruction Fuzzy Hash: FEE05E329A020DAFD710DB50DC45FBB376DEB55311F508236B5029A1E0D6B8F891DA98
                                                          Function 00401B70 Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 100 401b70-401b9f RtlCreateHeap 101 401ba1 100->101 102 401ba6-401bc4 RtlCreateHeap 100->102 103 401d8a-401d90 101->103 104 401bc6 102->104 105 401bcb-401be7 102->105 104->103 107 401be9 105->107 108 401bee-401c05 call 401a40 105->108 107->103 111 401c07 108->111 112 401c0c-401c3d 108->112 111->103 115 401c44-401c5b call 401a40 112->115 116 401c3f 112->116 119 401c62-401c93 115->119 120 401c5d 115->120 116->103 123 401c95 119->123 124 401c9a-401cb1 call 401a40 119->124 120->103 123->103 127 401cb3 124->127 128 401cb8-401ce9 124->128 127->103 131 401cf0-401d07 call 401a40 128->131 132 401ceb 128->132 135 401d09 131->135 136 401d0b-401d3c 131->136 132->103 135->103 139 401d40-401d57 call 401a40 136->139 140 401d3e 136->140 143 401d59 139->143 144 401d5b-401d80 call 401d94 call 401dc2 139->144 140->103 143->103 147 401d83 144->147 147->103
                                                          APIs
                                                          • RtlCreateHeap.NTDLL(00001002,00000000,00000000,00000000,00000000,00000000), ref: 00401B96
                                                          • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000), ref: 00401BBB
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: CreateHeap
                                                          • String ID:
                                                          • API String ID: 10892065-0
                                                          • Opcode ID: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                                          • Instruction ID: eac1ce902914894448f3c06d12ced00cbe17960004271ddceb971b2a38276b5e
                                                          • Opcode Fuzzy Hash: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                                          • Instruction Fuzzy Hash: 34513034A80A04FBD7109B60ED09B5B7770FF18701F2086BAE6117A2F1D775A5859F8D
                                                          Function 004022DC Relevance: 3.1, APIs: 2, Instructions: 133COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 150 4022dc-40232e 154 402330 150->154 155 402335-402347 GetShortPathNameW 150->155 156 402483-402487 154->156 157 402349-402359 155->157 158 40235e-402380 155->158 159 402495-402499 156->159 160 402489-40248f 156->160 157->156 168 402382 158->168 169 402387-402425 158->169 163 4024a7-4024ab 159->163 164 40249b-4024a1 159->164 160->159 165 4024b9-4024bf 163->165 166 4024ad-4024b3 163->166 164->163 166->165 168->156 175 402427 169->175 176 402429-402481 ShellExecuteW 169->176 175->156 176->156
                                                          APIs
                                                          • GetShortPathNameW.KERNELBASE(00000000,00000000,?), ref: 00402340
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: NamePathShort
                                                          • String ID:
                                                          • API String ID: 1295925010-0
                                                          • Opcode ID: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                                          • Instruction ID: 5bcac900e59d09c9622bdf940851d370624af246baed8abb1bc217228d1f7e1b
                                                          • Opcode Fuzzy Hash: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                                          • Instruction Fuzzy Hash: B6514E75900606EFDB00DF90E948B9EFB71FF48301F2082A9E6156B2A1C375AA91DFC5
                                                          Function 004026C0 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 213 4026c0-4026e5 call 4024f8 215 402730-402734 213->215 216 4026e7-402709 CreateFileW 213->216 218 402742-402746 215->218 219 402736-40273c 215->219 216->215 217 40270b-402727 ReadFile 216->217 217->215 220 402729 217->220 221 402754-40275a 218->221 222 402748-40274e 218->222 219->218 220->215 222->221
                                                          APIs
                                                          • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004026FF
                                                          • ReadFile.KERNELBASE(000000FF,000000FF,0000021C,?,00000000), ref: 00402722
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: File$CreateRead
                                                          • String ID:
                                                          • API String ID: 3388366904-0
                                                          • Opcode ID: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                                          • Instruction ID: dec784d2d3492f4c007a4c80bb83cd8b4abde05e7af7cfb80cb91198c32a9eba
                                                          • Opcode Fuzzy Hash: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                                          • Instruction Fuzzy Hash: 7511D774910209EFDB10DF94DD48B9FBBB5FB08311F2046A9A524B62E1D7B15A91CF84
                                                          Function 00401A40 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 224 401a40-401a5a 225 401a5d-401a77 RtlAllocateHeap 224->225 226 401a85-401a94 call 401e78 225->226 227 401a79-401a82 225->227 230 401ac5-401ac8 226->230 231 401a96-401ac0 call 401e78 226->231 233 401af6-401af9 230->233 234 401aca-401af4 call 401e78 230->234 239 401b4d-401b55 231->239 237 401b11-401b14 233->237 238 401afb-401b0f 233->238 234->239 241 401b16-401b2a 237->241 242 401b2c-401b2f 237->242 238->239 239->225 243 401b5b-401b6b 239->243 241->239 242->239 244 401b31-401b47 242->244 244->239
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00000000,00000008,00000010), ref: 00401A6D
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                                          • Instruction ID: 68c0462a3af62cc3e50a8e225ecc1fff045641083c52707b2e4de1a33f1d8fac
                                                          • Opcode Fuzzy Hash: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                                          • Instruction Fuzzy Hash: 9F316935A14308DFDB10CF99C488E99F7F1BF24320F15D0AAD508AB2B2D7B59950DB4A
                                                          Function 00402E10 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 245 402e10-402e35 247 402e37 245->247 248 402e39-402e4e 245->248 249 402eab-402eb7 247->249 253 402e50 248->253 254 402e52-402e57 248->254 250 402ec5-402eca 249->250 251 402eb9-402ebf 249->251 251->250 253->249 255 402e5c-402e6d 254->255 257 402e70-402e7a 255->257 257->257 258 402e7c-402e8f MoveFileExW 257->258 259 402e91 258->259 260 402e93-402ea9 258->260 259->249 260->249 260->255
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                                          • Instruction ID: 64be472d3da9365df722bb42b6a14b0a0006b9682bbf08d732ce7ada7e71b141
                                                          • Opcode Fuzzy Hash: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                                          • Instruction Fuzzy Hash: 8A214C71940208EFDB109F90DE49B9ABB71FF18301F2081BAE505AA2E1D3759E91DF89
                                                          Function 00402A78 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 262 402a78-402a9c call 4028ba 264 402aa3-402ac2 262->264 265 402a9e 262->265 270 402ac4-402ad3 264->270 271 402ad5-402ae0 264->271 266 402b28-402b2c 265->266 267 402b3a-402b40 266->267 268 402b2e-402b34 266->268 268->267 270->266 274 402ae2-402ae8 271->274 275 402aea 271->275 276 402af0-402b1f CreateMutexW 274->276 275->276 276->266 277 402b21 276->277 277->266
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                                          • Instruction ID: 5f31ce468cef0475a522e9655e813cee8f96e501922e94d34a843d9ecc1c4f5f
                                                          • Opcode Fuzzy Hash: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                                          • Instruction Fuzzy Hash: A921F974901608EFDB00CF90EA8C79EBB71FF08301F6045A9E5017A2A0D7B95A85DF89
                                                          Function 00401474 Relevance: 1.5, APIs: 1, Instructions: 38libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 279 401474-401488 280 40148a-40148d 279->280 281 4014ac-4014b3 call 4013f8 279->281 282 401493-401498 280->282 285 4014b8-4014d2 LdrLoadDll 281->285 282->282 284 40149a-4014aa call 4013f8 282->284 284->285
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 004014C4
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                                          • Instruction ID: 140de97a3c31e0856ca0b204e221eb1e366fb0b1d4fd9a07ba92ba20ce5f8dd4
                                                          • Opcode Fuzzy Hash: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                                          • Instruction Fuzzy Hash: F7F03C3690020DFADF10EAA4D848FDE77BCEB14314F0041A6E904B7190D238AA099BA5
                                                          Function 00402836 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAdjustPrivilege.NTDLL(?,00000001,00000000,00000000), ref: 00402861
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: AdjustPrivilege
                                                          • String ID:
                                                          • API String ID: 3260937286-0
                                                          • Opcode ID: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                                          • Instruction ID: 70193a9dbc7aa9cd3770003b3bb97339f6e2972f30e24310785a39762e1cef45
                                                          • Opcode Fuzzy Hash: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                                          • Instruction Fuzzy Hash: B9E0263251821AABCB20A2189E0CBA7739DD744314F1043B6A805F71D1EAF69A0A87DA
                                                          Function 004020BC Relevance: 1.5, APIs: 1, Instructions: 12memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(?,00000008,?), ref: 004020D7
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.2541957001.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000008.00000002.2541874462.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542042333.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542123031.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000008.00000002.2542209374.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_B0BE.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                                          • Instruction ID: 701e22a529f931561d5ec47da2ef603e250127bb9ab3ab4db12cbc5835053477
                                                          • Opcode Fuzzy Hash: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                                          • Instruction Fuzzy Hash: 05D0C97A140609ABC6009F94E949D87F769FF58711B00C6A1BA045B222C630E890CFD4