Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
020240418124331.docx.doc

Overview

General Information

Sample name:020240418124331.docx.doc
Analysis ID:1559182
MD5:790bcad57557fe17f34bcc35a3701cc4
SHA1:926880f65af3f68e4188caf678bfed146fea21c2
SHA256:e260ae45ce1f11f1af67bb14546ac89f3a69b13242d0817c4c685130eb6f26d8
Tags:docopendiruser-Joker
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected landing page (webpage, office document or email)
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Drops files with a non-matching file extension (content does not match file extension)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
IP address seen in connection with other malware
None HTTPS page querying sensitive user data (password, username or email)

Classification

  • System is w10x64
  • WINWORD.EXE (PID: 7656 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
  • chrome.exe (PID: 8144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://baogao.ccicshanghai.com/view/20240402/W242401214-83991 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2016,i,16910823210293738924,5174204799576153986,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 8332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2096,i,8937526910356783107,11550219263511758725,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 8980 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.ccic.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://weixin.qq.com/r/kxEjO1vEOwZErR9Y90SB MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,14876504007188476738,5328115991739676396,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://weixin.qq.com/r/wz_MlHnERSQ6rT3392rR MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1892,i,11478893464120772669,5133136583976172787,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, ProcessId: 7656, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: Office documentJoe Sandbox AI: Office document contains QR code
Source: https://www.wechat.com/mobileJoe Sandbox AI: Page contains button: 'Download on the App Store' Source: '3.9.pages.csv'
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: Number of links: 0
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: <input type="password" .../> found but no <form action="...
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: Title: PDF.js viewer does not match URL
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: Has password / email / username input fields
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: <input type="password" .../> found
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: No favicon
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: No favicon
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: No favicon
Source: https://www.ccic.com/HTTP Parser: No favicon
Source: https://www.ccic.com/HTTP Parser: No favicon
Source: https://www.ccic.com/HTTP Parser: No favicon
Source: https://www.ccic.com/HTTP Parser: No favicon
Source: https://www.ccic.com/HTTP Parser: No favicon
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: No <meta name="author".. found
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: No <meta name="author".. found
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: No <meta name="copyright".. found
Source: http://baogao.ccicshanghai.com/view/20240402/W242401214-83991HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: winword.exeMemory has grown: Private usage: 1MB later: 83MB
Source: Joe Sandbox ViewIP Address: 43.154.254.90 43.154.254.90
Source: Joe Sandbox ViewIP Address: 52.182.143.214 52.182.143.214
Source: Joe Sandbox ViewIP Address: 52.111.231.25 52.111.231.25
Source: chromecache_847.6.drString found in binary or memory: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=11
Source: chromecache_675.6.drString found in binary or memory: http://m.sui.taobao.org/
Source: chromecache_850.6.dr, chromecache_706.6.drString found in binary or memory: http://mozilla.github.io
Source: chromecache_632.6.drString found in binary or memory: http://swiperjs.com
Source: chromecache_631.6.drString found in binary or memory: http://www.SuperSlide2.com/
Source: chromecache_850.6.dr, chromecache_706.6.dr, chromecache_827.6.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_847.6.drString found in binary or memory: http://www.macromedia.com/go/getflashplayer
Source: chromecache_850.6.dr, chromecache_706.6.drString found in binary or memory: https://mozilla.github.io
Source: gosttitle.xsl.0.drOLE indicator, VBA macros: true
Source: mlaseventheditionofficeonline.xsl.0.drOLE indicator, VBA macros: true
Source: APASixthEditionOfficeOnline.xsl.0.drOLE indicator, VBA macros: true
Source: turabian.xsl.0.drOLE indicator, VBA macros: true
Source: ieee2006officeonline.xsl.0.drOLE indicator, VBA macros: true
Source: CatalogCacheMetaData.xml.0.drOLE indicator, VBA macros: true
Source: iso690nmerical.xsl.0.drOLE indicator, VBA macros: true
Source: chicago.xsl.0.drOLE indicator, VBA macros: true
Source: harvardanglia2008officeonline.xsl.0.drOLE indicator, VBA macros: true
Source: sist02.xsl.0.drOLE indicator, VBA macros: true
Source: gostname.xsl.0.drOLE indicator, VBA macros: true
Source: gb.xsl.0.drOLE indicator, VBA macros: true
Source: iso690.xsl.0.drOLE indicator, VBA macros: true
Source: gosttitle.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~WRF{AD8732E0-D5C5-4534-A5E9-29A4A70708D5}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: mlaseventheditionofficeonline.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: APASixthEditionOfficeOnline.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: turabian.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ieee2006officeonline.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: CatalogCacheMetaData.xml.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690nmerical.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chicago.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: harvardanglia2008officeonline.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: sist02.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gostname.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gb.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690.xsl.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engineClassification label: sus24.winDOC@49/880@0/31
Source: chromecache_475.6.drInitial sample: http://www.ccic.com/
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\OfficeJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{8926B5CB-167B-4246-8532-C9954DE00148} - OProcSessId.datJump to behavior
Source: 020240418124331.docx.docOLE indicator, Word Document stream: true
Source: Insight design set.dotx.0.drOLE indicator, Word Document stream: true
Source: Equations.dotx.0.drOLE indicator, Word Document stream: true
Source: Element design set.dotx.0.drOLE indicator, Word Document stream: true
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drOLE indicator, Word Document stream: true
Source: ~WRD0000.tmp.0.drOLE indicator, Word Document stream: true
Source: ~WRD0002.tmp.0.drOLE indicator, Word Document stream: true
Source: ~WRF{AD8732E0-D5C5-4534-A5E9-29A4A70708D5}.tmp.0.drOLE document summary: title field not present or empty
Source: ~WRF{AD8732E0-D5C5-4534-A5E9-29A4A70708D5}.tmp.0.drOLE document summary: author field not present or empty
Source: ~WRF{AD8732E0-D5C5-4534-A5E9-29A4A70708D5}.tmp.0.drOLE document summary: edited time not present or 0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://baogao.ccicshanghai.com/view/20240402/W242401214-83991
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2016,i,16910823210293738924,5174204799576153986,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2096,i,8937526910356783107,11550219263511758725,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.ccic.com/"
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://weixin.qq.com/r/kxEjO1vEOwZErR9Y90SB
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://weixin.qq.com/r/wz_MlHnERSQ6rT3392rR
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,14876504007188476738,5328115991739676396,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1892,i,11478893464120772669,5133136583976172787,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2016,i,16910823210293738924,5174204799576153986,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2096,i,8937526910356783107,11550219263511758725,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,14876504007188476738,5328115991739676396,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1892,i,11478893464120772669,5133136583976172787,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: 020240418124331.docx.LNK.0.drLNK file: ..\..\..\..\..\Desktop\020240418124331.docx.doc
Source: Templates.LNK.0.drLNK file: ..\..\Templates
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 020240418124331.docx.docInitial sample: OLE zip file path = word/_rels/header2.xml.rels
Source: 020240418124331.docx.docInitial sample: OLE zip file path = word/_rels/header1.xml.rels
Source: 020240418124331.docx.docInitial sample: OLE zip file path = word/header4.xml
Source: 020240418124331.docx.docInitial sample: OLE zip file path = word/header5.xml
Source: 020240418124331.docx.docInitial sample: OLE zip file path = word/header6.xml
Source: 020240418124331.docx.docInitial sample: OLE zip file path = word/header7.xml
Source: 020240418124331.docx.docInitial sample: OLE zip file path = word/_rels/header3.xml.rels
Source: 020240418124331.docx.docInitial sample: OLE zip file path = word/media/image10.jpeg
Source: 020240418124331.docx.docInitial sample: OLE zip file path = word/media/image6.jpeg
Source: 020240418124331.docx.docInitial sample: OLE zip file path = word/media/image3.jpg
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = word/media/image2.jpg
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/settings.xml
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/document.xml
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/styles.xml
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = word/media/image10.jpeg
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = customXml/itemProps2.xml
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = customXml/item2.xml
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = [trash]/0000.dat
Source: Insight design set.dotx.0.drInitial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.drInitial sample: OLE zip file path = word/glossary/document.xml
Source: Equations.dotx.0.drInitial sample: OLE zip file path = word/glossary/settings.xml
Source: Equations.dotx.0.drInitial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Equations.dotx.0.drInitial sample: OLE zip file path = customXml/itemProps2.xml
Source: Equations.dotx.0.drInitial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.drInitial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Equations.dotx.0.drInitial sample: OLE zip file path = customXml/item2.xml
Source: Equations.dotx.0.drInitial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Equations.dotx.0.drInitial sample: OLE zip file path = [trash]/0000.dat
Source: Equations.dotx.0.drInitial sample: OLE zip file path = word/glossary/styles.xml
Source: Equations.dotx.0.drInitial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Equations.dotx.0.drInitial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/settings.xml
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/document.xml
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = word/glossary/styles.xml
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = customXml/itemProps2.xml
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = customXml/item2.xml
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = [trash]/0000.dat
Source: Element design set.dotx.0.drInitial sample: OLE zip file path = docProps/custom.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = word/theme/_rels/theme1.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = word/glossary/settings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = word/glossary/document.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = word/glossary/styles.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = customXml/item2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = customXml/itemProps3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = customXml/item3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = customXml/itemProps2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = [trash]/0000.dat
Source: Text Sidebar (Annual Report Red and Black design).docx.0.drInitial sample: OLE zip file path = docProps/custom.xml
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/header7.xml
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/_rels/header2.xml.rels
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/header6.xml
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/header5.xml
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/header4.xml
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/_rels/header1.xml.rels
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/_rels/header3.xml.rels
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/media/image10.jpeg
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/media/image3.jpg
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/media/image6.jpeg
Source: ~WRD0002.tmp.0.drInitial sample: OLE zip file path = word/glossary/document.xml
Source: ~WRD0002.tmp.0.drInitial sample: OLE zip file path = word/glossary/settings.xml
Source: ~WRD0002.tmp.0.drInitial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: ~WRD0002.tmp.0.drInitial sample: OLE zip file path = word/glossary/styles.xml
Source: ~WRD0002.tmp.0.drInitial sample: OLE zip file path = word/glossary/webSettings.xml
Source: ~WRD0002.tmp.0.drInitial sample: OLE zip file path = word/glossary/fontTable.xml
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: 020240418124331.docx.docInitial sample: OLE indicators vbamacros = False
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 697Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 475
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 475Jump to dropped file
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
1
Spearphishing Link
Windows Management Instrumentation1
Browser Extensions
1
Process Injection
12
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Scripting
1
Extra Window Memory Injection
1
Process Injection
LSASS Memory1
File and Directory Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Extra Window Memory Injection
Security Account Manager1
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1559182 Sample: 020240418124331.docx.doc Startdate: 20/11/2024 Architecture: WINDOWS Score: 24 46 AI detected landing page (webpage, office document or email) 2->46 6 chrome.exe 2->6         started        9 chrome.exe 1 2->9         started        11 WINWORD.EXE 178 482 2->11         started        13 3 other processes 2->13 process3 dnsIp4 24 192.168.2.4 unknown unknown 6->24 26 239.255.255.250 unknown Reserved 6->26 15 chrome.exe 6->15         started        18 chrome.exe 9->18         started        28 95.101.111.168 TELEFONICATELXIUSES European Union 11->28 30 52.109.76.240 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->30 32 6 other IPs or domains 11->32 20 chrome.exe 13->20         started        22 chrome.exe 13->22         started        process5 dnsIp6 34 163.181.131.244 TAOBAOZhejiangTaobaoNetworkCoLtdCN United States 15->34 36 108.177.15.84 GOOGLEUS United States 15->36 42 6 other IPs or domains 15->42 38 43.152.26.151 LILLY-ASUS Japan 18->38 40 43.152.26.197 LILLY-ASUS Japan 18->40 44 11 other IPs or domains 18->44

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
020240418124331.docx.doc0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://www.SuperSlide2.com/0%Avira URL Cloudsafe
http://m.sui.taobao.org/0%Avira URL Cloudsafe
No contacted domains info
NameMaliciousAntivirus DetectionReputation
https://www.wechat.com/mobilefalse
    high
    https://www.ccic.com/false
      unknown
      http://baogao.ccicshanghai.com/view/20240402/W242401214-83991false
        unknown
        NameSourceMaliciousAntivirus DetectionReputation
        http://www.apache.org/licenses/LICENSE-2.0chromecache_850.6.dr, chromecache_706.6.dr, chromecache_827.6.drfalse
          high
          http://m.sui.taobao.org/chromecache_675.6.drfalse
          • Avira URL Cloud: safe
          unknown
          http://mozilla.github.iochromecache_850.6.dr, chromecache_706.6.drfalse
            high
            http://www.SuperSlide2.com/chromecache_631.6.drfalse
            • Avira URL Cloud: safe
            unknown
            http://swiperjs.comchromecache_632.6.drfalse
              high
              http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=11chromecache_847.6.drfalse
                high
                https://mozilla.github.iochromecache_850.6.dr, chromecache_706.6.drfalse
                  high
                  http://www.macromedia.com/go/getflashplayerchromecache_847.6.drfalse
                    high
                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs
                    IPDomainCountryFlagASNASN NameMalicious
                    43.154.254.90
                    unknownJapan4249LILLY-ASUSfalse
                    52.182.143.214
                    unknownUnited States
                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    52.111.231.25
                    unknownUnited States
                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    142.250.181.238
                    unknownUnited States
                    15169GOOGLEUSfalse
                    106.39.50.72
                    unknownChina
                    4847CNIX-APChinaNetworksInter-ExchangeCNfalse
                    52.109.89.19
                    unknownUnited States
                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    43.152.26.197
                    unknownJapan4249LILLY-ASUSfalse
                    163.181.131.244
                    unknownUnited States
                    24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                    142.250.186.99
                    unknownUnited States
                    15169GOOGLEUSfalse
                    66.102.1.84
                    unknownUnited States
                    15169GOOGLEUSfalse
                    43.152.26.151
                    unknownJapan4249LILLY-ASUSfalse
                    52.113.194.132
                    unknownUnited States
                    8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    114.255.16.92
                    unknownChina
                    4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
                    1.1.1.1
                    unknownAustralia
                    13335CLOUDFLARENETUSfalse
                    108.177.15.84
                    unknownUnited States
                    15169GOOGLEUSfalse
                    43.159.18.10
                    unknownJapan4249LILLY-ASUSfalse
                    116.236.247.151
                    unknownChina
                    4812CHINANET-SH-APChinaTelecomGroupCNfalse
                    142.250.185.110
                    unknownUnited States
                    15169GOOGLEUSfalse
                    43.154.240.170
                    unknownJapan4249LILLY-ASUSfalse
                    43.155.124.49
                    unknownJapan4249LILLY-ASUSfalse
                    239.255.255.250
                    unknownReserved
                    unknownunknownfalse
                    142.250.185.174
                    unknownUnited States
                    15169GOOGLEUSfalse
                    95.101.111.168
                    unknownEuropean Union
                    12956TELEFONICATELXIUSESfalse
                    142.250.186.164
                    unknownUnited States
                    15169GOOGLEUSfalse
                    184.28.90.27
                    unknownUnited States
                    16625AKAMAI-ASUSfalse
                    88.221.110.227
                    unknownEuropean Union
                    20940AKAMAI-ASN1EUfalse
                    142.250.186.42
                    unknownUnited States
                    15169GOOGLEUSfalse
                    172.217.16.196
                    unknownUnited States
                    15169GOOGLEUSfalse
                    52.109.76.240
                    unknownUnited States
                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    172.217.16.195
                    unknownUnited States
                    15169GOOGLEUSfalse
                    IP
                    192.168.2.4
                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1559182
                    Start date and time:2024-11-20 09:32:00 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 7m 51s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Run name:Potential for more IOCs and behavior
                    Number of analysed new started processes analysed:19
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:020240418124331.docx.doc
                    Detection:SUS
                    Classification:sus24.winDOC@49/880@0/31
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Found application associated with file extension: .doc
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Attach to Office via COM
                    • Browse link: http://www.ccic.com/
                    • Scroll down
                    • Close Viewer
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtCreateFile calls found.
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Report size getting too big, too many NtSetInformationFile calls found.
                    • Skipping network analysis since amount of network traffic is too extensive
                    • VT rate limit hit for: 020240418124331.docx.doc
                    No simulations
                    SourceURL
                    Screenshothttp://baogao.ccicshanghai.com/view/20240402/W242401214-83991
                    Screenshothttp://baogao.ccicshanghai.com/view/20240402/W242401214-83991
                    Screenshothttp://baogao.ccicshanghai.com/view/20240402/W242401214-83991
                    Screenshothttp://baogao.ccicshanghai.com/view/20240402/W242401214-83991
                    Screenshothttp://weixin.qq.com/r/kxEjO1vEOwZErR9Y90SB
                    Screenshothttp://weixin.qq.com/r/wz_MlHnERSQ6rT3392rR
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    43.154.254.90SecuriteInfo.com.Win32.Evo-gen.19313.28597.exeGet hashmaliciousUnknownBrowse
                    • support.weixin.qq.com/cgi-bin/mmsupport-bin/reportforweb?rid=64692&rkey=2&rvalue=1
                    https://web.safecity.com/backup_sql/databases/china/index.php?mc_phishing_protection_id=28398-cr2s30bjhva80uk6hku0Get hashmaliciousUnknownBrowse
                    • weixin.qq.com/r/ZBMlPfzEzqGxrbhe90Z2
                    SecuriteInfo.com.Trojan.WinGo.Agent.1290.12443.exeGet hashmaliciousUnknownBrowse
                    • support.weixin.qq.com/cgi-bin/mmsupport-bin/reportforweb?rid=64692&rkey=2&rvalue=1
                    52.182.143.214vMRlWtVCEN.exeGet hashmaliciousStealc, VidarBrowse
                      8CwKupnahl.exeGet hashmaliciousStealc, VidarBrowse
                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                          https://dzentec-my.sharepoint.com/:u:/g/personal/i_lahmer_entec-dz_com/EdYp5IxQ-uxJivnPAqSzv40BZiCX7sphz7Kj8JDyRBKqpQ?e=wqutC4Get hashmaliciousUnknownBrowse
                            http://learnthelanguage.nl/?wptouch_switch=desktop&redirect=http://basinindustriesinc.comGet hashmaliciousHTMLPhisherBrowse
                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousPhisherBrowse
                                http://closingdocuments.z13.web.core.windows.net/Get hashmaliciousHTMLPhisherBrowse
                                  a5a5af3b-ae4b-2746-d08a-67229fed50bd.emlGet hashmaliciousHTMLPhisherBrowse
                                    DocuSign__Important_rksolutions_Document_Requires_Your_Signature.emlGet hashmaliciousUnknownBrowse
                                      https://sway.cloud.microsoft/Sac2nvv7Mrz0mzbj?ref=LinkGet hashmaliciousUnknownBrowse
                                        52.111.231.25MCRT Florida Construction, LLC Project Proposal.emlGet hashmaliciousUnknownBrowse
                                          FW_ SLS properties Credit application.msgGet hashmaliciousUnknownBrowse
                                            Quarantined Messages (10).zipGet hashmaliciousHTMLPhisherBrowse
                                              Colruyt Group - Contact Information Form.docxGet hashmaliciousUnknownBrowse
                                                FW_ _EXTERNAL_ FW_ Image Drywall And Paint-1.msgGet hashmaliciousUnknownBrowse
                                                  SAMPLE-7-for_your_review.docGet hashmaliciousUnknownBrowse
                                                    No context
                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                    • 13.107.246.60
                                                    Salary 2025- workers-v1.xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.42
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 13.107.246.45
                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                    • 94.245.104.56
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 13.107.246.45
                                                    PO-000041492.xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.45
                                                    Credit_DetailsCBS24312017915.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.45
                                                    Payment Advice.xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.45
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 13.107.246.60
                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                    • 13.107.246.45
                                                    LILLY-ASUS#U4fdd#U62a4#U795e1.exeGet hashmaliciousUnknownBrowse
                                                    • 42.193.100.57
                                                    215.exeGet hashmaliciousUnknownBrowse
                                                    • 42.193.100.57
                                                    S4.exeGet hashmaliciousUnknownBrowse
                                                    • 42.193.100.57
                                                    208.exeGet hashmaliciousUnknownBrowse
                                                    • 42.193.100.57
                                                    #U4fdd#U62a4#U795e1.exeGet hashmaliciousUnknownBrowse
                                                    • 42.193.100.57
                                                    213.exeGet hashmaliciousUnknownBrowse
                                                    • 42.193.100.57
                                                    211.exeGet hashmaliciousUnknownBrowse
                                                    • 42.193.100.57
                                                    212.exeGet hashmaliciousUnknownBrowse
                                                    • 42.193.100.57
                                                    214.exeGet hashmaliciousUnknownBrowse
                                                    • 42.193.100.57
                                                    SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                    • 43.155.76.124
                                                    MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                    • 13.107.246.60
                                                    Salary 2025- workers-v1.xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.42
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 13.107.246.45
                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                    • 94.245.104.56
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 13.107.246.45
                                                    PO-000041492.xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.45
                                                    Credit_DetailsCBS24312017915.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.45
                                                    Payment Advice.xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.45
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 13.107.246.60
                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                    • 13.107.246.45
                                                    No context
                                                    No context
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):118
                                                    Entropy (8bit):3.5700810731231707
                                                    Encrypted:false
                                                    SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                    MD5:573220372DA4ED487441611079B623CD
                                                    SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                    SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                    SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with very long lines (2296), with no line terminators
                                                    Category:dropped
                                                    Size (bytes):2296
                                                    Entropy (8bit):5.129820386766678
                                                    Encrypted:false
                                                    SSDEEP:48:cGajJFnzyr3InzysWkSyrpednzyrXHnzyMySyKUdSyqIASyPodyDhdyBkJdyVYdF:SF27I2sVbded2rH2MybKUdbqIAbPoEDb
                                                    MD5:EF6CDD4E9FD4243755010BC7F8C1B56F
                                                    SHA1:197266FA0C116E022A0B3273E95AC95CA0A2A97B
                                                    SHA-256:EB25B8F97E1A2FC8E782A16210A3CC8865B317EC9B123A06036BA6A6A4E3C979
                                                    SHA-512:C03FC06011FFC148182C4A14C123CB093C89004733DDF41993D5E663F915EA0A96C93798114C454406715307EF0C9282BF9E585FDCA9612762CCE94B03CD9759
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>15</Count><Resource><Id>Aptos Display_45876482</Id><LAT>2023-10-04T10:58:38Z</LAT><key>29442803203.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-04T10:58:38Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215426</Id><LAT>2023-10-04T10:58:38Z</LAT><key>37262344671.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-04T10:58:38Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-04T10:58:38Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-04T10:58:38Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):521377
                                                    Entropy (8bit):4.9084889265453135
                                                    Encrypted:false
                                                    SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
                                                    MD5:C37972CBD8748E2CA6DA205839B16444
                                                    SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                                                    SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                                                    SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                                                    Malicious:false
                                                    Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:TrueType Font data, 18 tables, 1st "GSUB", name offset 0xa05f94
                                                    Category:dropped
                                                    Size (bytes):10570552
                                                    Entropy (8bit):5.586998656269576
                                                    Encrypted:false
                                                    SSDEEP:49152:7GOG1gYZJTb+wpA4nCRIsNB+I/igjlq9oLzVfQpNvlGjIyv3d3An+GvJz5nr/qv8:7GqUTln6B31EoXVIRKyBtP
                                                    MD5:6A42217FE544CF1A11FB9832D1E618BB
                                                    SHA1:28BB65BC89F21571350FF521E4683D07B032CC7B
                                                    SHA-256:FE40E6EB2C601F2DB977FA0C44816DEB20F89C9640C12013CA2EBA13DF4A932D
                                                    SHA-512:4501E8E82342352530B01AB6C644FD724ADC829C466C6379A7F3C03525850E2F7E4C96B19752E460020A9FE6D4DDFC007DE429A141FC2FEB4300BBB2ABDDE157
                                                    Malicious:false
                                                    Preview:........... GSUB.....j.....OS/2..........`cmap=.u........dcvt .)..........fpgmJ......@....gasp. ....jt....glyf............head..J....,...6hhea...3...d...$hmtx...}........loca...........LmaxpqN......... meta......k....fnamey-...._.....post......jT... prep..O....P....vhea......k....$vmtx......l....*.........%_._.<..........P.......[FD.......................................................W....o....1........./.)...a...................................A................8.|.........ZYEC.@. .......$...$.........q..... .....................0...&.......................6...............%.......................................................$...#...............................................................................................................................1...............................................................................................................................5...;...............O...N..."...(...c...0...F...F...K...K...K...d...d...K...K...$...F...F...F...F...K
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:TrueType Font data, 23 tables, 1st "BASE", name offset 0x7071c4
                                                    Category:dropped
                                                    Size (bytes):9961716
                                                    Entropy (8bit):6.511138532546016
                                                    Encrypted:false
                                                    SSDEEP:98304:c9+CY6DMS7LwEZ30tC1cL/kTlM4HK6uqQuS79mQTUeNr1LgC1ed2TiH0Vl6bdPJ7:crDatA8XD4We+G08
                                                    MD5:473BBE5BDCC1AD072A44F7C0022A51D9
                                                    SHA1:A8E7862611C80EDDC494276FB722D6652F97B17E
                                                    SHA-256:9FA1C586C8EFCEF1F413D96B3BAAD6B711FC3482ACA144266FCB589C6735E52E
                                                    SHA-512:B6DA7D2F9A605341F183575B2BCC771623B3CDEB9CCFC9B1C55A35C819A71DD17CC1E9667F96A4CF9D29DF9BBF797E1F0E53010F218C38489ABFABCD780D1A4B
                                                    Malicious:false
                                                    Preview:...........pBASE.2...p|l....EBDT1e...p~(. .FEBLC..>....p...lGDEF.L\........*GPOSJPQ.........GSUBc..........pOS/2S..........`cmapc.u^..1...hjcvt .......h...|fpgm.}..........gasp.....p|\....glyf.. )...0.l..head.(.....|...6hhea..L........$hmtx.F3....X../Hloca.7......../LmaxpPD......... meta].v........rname.....pq....upost.....p|<... prep..~{........vhea..L.......$vmtxcV/....../H......Q...M_.<.................2.T......................................................K.....K....M...........$...........................\...........B................j...........RICO.@.............$@........s..... ....."...............1...........................7.......................................................................0...................................................................................................................................3...............................................................................................................................6...<...............1
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:TrueType Font data, 20 tables, 1st "GDEF", name offset 0x93cc0c
                                                    Category:dropped
                                                    Size (bytes):9745784
                                                    Entropy (8bit):5.778225234251847
                                                    Encrypted:false
                                                    SSDEEP:49152:ISb1VYuhlRJILnxUU1GfEZniqjjQFdfQ1Jj0alO4mdgc4e0hUfA0A7UNYU7yKJS5:ID5k0yYNkTExVm23xxMg
                                                    MD5:AB95F5F6E05AD96F7D81E0F2421B4AF2
                                                    SHA1:199EF917D587BE9580C66BAAFC99903BAEFBEB07
                                                    SHA-256:277B78EA5E7A6056224212E5FA28070A12E56ABF6422F4B5DE5FFAA82CB6269D
                                                    SHA-512:4C2ECC870DD417EDC7BEA87E50AA5C7AF49A2F4091661EE6FC4010425FC15E0689BDA094C1F62E8C85918C213CEF1552B82D0DB6080A3471E92546FF0B756C7D
                                                    Malicious:false
                                                    Preview:...........@GDEF.$.....4....GPOSs......L...BGSUBa.s.......4OS/2..........`cmap=.u........dcvt .).....$....fpgmJ......`....gasp.......$....glyf.iZ....0....head...@...L...6hhea...5.......$hmtx|c....(....loca.e\p.......LmaxpqN.>....... meta...........fnameNQ.o........post........... prep..O....p....vhea.......,...$vmtx.......P...&.......=_..._.<..........FQ......[FX.......................................................W....o..\.1........./.)...a...................................A................8.|.........ZYEC.@. .......$...$.........u.....$.....................0... ...................,...:.......................................................................2...2.......................................................3.......................................................................2................... ...................................4...........5...........................................................9...5...............J...?...!...'...l...0...........................+
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                                                    Category:dropped
                                                    Size (bytes):773040
                                                    Entropy (8bit):6.55939673749297
                                                    Encrypted:false
                                                    SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
                                                    MD5:4296A064B917926682E7EED650D4A745
                                                    SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                                                    SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                                                    SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                                                    Malicious:false
                                                    Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):2278
                                                    Entropy (8bit):3.8400477391139356
                                                    Encrypted:false
                                                    SSDEEP:48:uiTrlKxsxxYxl9Il8uOKElMwFeoTASGULYoSwd1rc:vkYIK8BT4Cto
                                                    MD5:629681334A888CD1A88566E6AA06BA34
                                                    SHA1:EDB1C1AA2CC15B5653857859E43A39EA4B058E83
                                                    SHA-256:2B859F9F6F004B90D11F39DFF267D6DDB1690E65001B3FEDED9B5DD2B0BC50C1
                                                    SHA-512:AA939DD1F135C242DD80850B04A1E82C1040C3370D85A3A575AFA53A151C6AA57C4602708AC10DAB90587BE296FE3B90B894DEDF8BFE90FDA7111AED3B179E73
                                                    Malicious:false
                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.D.E.+.M.i.8.7.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.e.e.E.V.Z.P.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):2684
                                                    Entropy (8bit):3.9027162578321892
                                                    Encrypted:false
                                                    SSDEEP:48:uiTrlKxJx1xl9Il8u8250BvujfUZt7ZdPrqjZ1aMGl3jhDvHLkTd/vc:QYP0Act7TzqjZ8zVvHLkO
                                                    MD5:5D19B60104D4FEBDE38E0B5ABFE6A334
                                                    SHA1:FBE5C812DB6848DAD77F2461580C536E6A8EB46A
                                                    SHA-256:C96CF27762F759AC08D6270FDD760C12F04F247074AC8353226F4F80221896DA
                                                    SHA-512:B569DD96C87186A4ACAA957BF4CA8317FDC0129C8C3507D97E8DB407952E61D2A6A4A85ED3ADB5C8441141D22276E602FE48CEAD0A37F720EC5A5619ED384C0E
                                                    Malicious:false
                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".7.r.f.J.S.f.h.Z.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.e.e.E.V.Z.P.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):4542
                                                    Entropy (8bit):3.9893567002282966
                                                    Encrypted:false
                                                    SSDEEP:96:0Yij0UGrjP8OPfq9o1zIPwEuNMJs57BlNL2x:06V33Xquy4HNMsx2x
                                                    MD5:A53665BDE9FCAB2635FA760672F8CF7D
                                                    SHA1:D6FAA6F52FE928CC219D8110EFE2C3BABB25F7BD
                                                    SHA-256:C031F76CF481AD6715154E937188D75690617044AB3ACAD7EEE5F9F8BCFFB14B
                                                    SHA-512:6D4C464C594B48D91CEB6C4D1B19EB3247FAA0991C3E4BE194BA0BFF875CF9CDF0625943D47F6FE08630E2FF5DB1167713908AF30733D9543470303FDC1A1A5E
                                                    Malicious:false
                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".t.x.Z.e.G.C.c.7.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.e.e.E.V.Z.P.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:PNG image data, 346 x 346, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):78518
                                                    Entropy (8bit):7.990456318364196
                                                    Encrypted:true
                                                    SSDEEP:1536:znkgFPS0a6M0zGEoyT5JEUhafzuOhT9QIiyksoe+Up:zke6+mEzYOaCO19QIiyksoe1
                                                    MD5:C3B62D9E484D63B2C1E771D42221D2D2
                                                    SHA1:752A81F9C54773FABC9854FF36F0FA65E0346398
                                                    SHA-256:7D22CA65EB700C52EF9A0793A7E69E0A13574CE2F21DB287C5A61FBB3B6197E9
                                                    SHA-512:DD2111A3C945F38B5FCD98AE8C74123F08F2713AA6C7B01E9D90A7604429038E1CC8177744875B3B51BBC17E9D66004D4BB603734BF436DCCAD514F7BEC493AE
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...Z...Z....._Q.v....sRGB.........gAMA......a.....pHYs..!...!..........IDATx^.].xTU.gW.]]w..^'}f2.L2..I.......#..^...)."bAE......2.O...t......K6e.R):....2..r.9.2..3..---.j...~....a.n..[&.....I.K.*1*MW.=Y]..H...Q....I....BNRA~.I..+...!..qg........._.,.....?..5...g.Yx..K..........)../...m.6A...Vh3.|3.0.{..@=t........'..Y1.d5...n%...Q../...K....s..V5..fTZ.Ri.6@[.Ml.P...6C....[.....4..3..:...r.._.e...c......].nU..b..:4p..n.....U..Q:Z.(m..j...M..{..6C....oA...,|#|+|3|;......6..3.......c.hCn...{%....T..p.+.......o'Q.@_@.@.h....W.g\..a..f.F.+O.\.L..N....$}<..xd.....$:...}.}D.=N.}........V3.0..$...e..G.........J:......*.1uJ. "r7...kif.....%............a0..3~.h<v.).r!./..C_'%...a....0.A,.........}.c.c....f.q.........!.c.^...?.=..*.Q.L..s....=....B........3.0.~.y...j......?...'.*..7.,.........j...c.).-...:.....q...*.1...G^..x.."H.qW.OI..a.Ox...9@.K.C.{........{...Yx.z..........&.mh....m.s.........&/s......!7.f.a....>..P.BH
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:PNG image data, 496 x 508, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):40813
                                                    Entropy (8bit):7.95217870783648
                                                    Encrypted:false
                                                    SSDEEP:768:x+lh8yp8alCgvJ8c+P8amL3n3TYmvigOBUeiCtayeoVSGd5I6bX6PXZXUB:278alhj+UamLDYIUOeIJ+SgV6/VUB
                                                    MD5:8FFE78FEB4198A4D25B8CBAE82B12A48
                                                    SHA1:CA1CF668EFF7493EE21176E78546C9D94D08842B
                                                    SHA-256:F1DE98C523283B46BBFCF244DF91800FA032DC637D3D06FE11C515EB83D4E8D5
                                                    SHA-512:215AC1B64771979A8A5EDD89D44C171BA4A058EDCD11C375073871F8BC401244A36DB891489B9DD02F8354B48F4E7754C8E2A6AAF943D4861DEE7F7D2C0209DD
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............n......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...v.<...........aNH.C..m#.$.....ll..n......@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!...........g.z.Y..............n......j........X.......w..u...jh.....C.x P.....*...{..m.f...:p..<p.]....z.....i...d........{.|..{..g....}_T....6I.SG..S...?..@ p_................w....~.2AFT...'9..w....'....?..;..O.v...g...b.8p.Z...l..q...D.D...@......Z@..,.x!d..r?...|{{.O.SG.m....X|..>..|.L.>.L...f.r]..#..uK.....K.C....#.<0J(..PK....I'..`.(...!n<6..+.g.I..}-...r.%...N9J.C....!.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:PNG image data, 496 x 508, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):40813
                                                    Entropy (8bit):7.95217870783648
                                                    Encrypted:false
                                                    SSDEEP:768:x+lh8yp8alCgvJ8c+P8amL3n3TYmvigOBUeiCtayeoVSGd5I6bX6PXZXUB:278alhj+UamLDYIUOeIJ+SgV6/VUB
                                                    MD5:8FFE78FEB4198A4D25B8CBAE82B12A48
                                                    SHA1:CA1CF668EFF7493EE21176E78546C9D94D08842B
                                                    SHA-256:F1DE98C523283B46BBFCF244DF91800FA032DC637D3D06FE11C515EB83D4E8D5
                                                    SHA-512:215AC1B64771979A8A5EDD89D44C171BA4A058EDCD11C375073871F8BC401244A36DB891489B9DD02F8354B48F4E7754C8E2A6AAF943D4861DEE7F7D2C0209DD
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............n......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...v.<...........aNH.C..m#.$.....ll..n......@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!...........g.z.Y..............n......j........X.......w..u...jh.....C.x P.....*...{..m.f...:p..<p.]....z.....i...d........{.|..{..g....}_T....6I.SG..S...?..@ p_................w....~.2AFT...'9..w....'....?..;..O.v...g...b.8p.Z...l..q...D.D...@......Z@..,.x!d..r?...|{{.O.SG.m....X|..>..|.L.>.L...f.r]..#..uK.....K.C....#.<0J(..PK....I'..`.(...!n<6..+.g.I..}-...r.%...N9J.C....!.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 502x156, components 3
                                                    Category:dropped
                                                    Size (bytes):11585
                                                    Entropy (8bit):7.885084646300794
                                                    Encrypted:false
                                                    SSDEEP:192:m3/U0VXiuhODaFUUQKvH64LpP6QlOBwi5hWPyCfoRbx2mMEWwxJjIdDvslrh:QBVXiuhOmU2fHdLMwi69oRbx6HQjeGt
                                                    MD5:C470B48D05935E2AC921900D5C36E96C
                                                    SHA1:3A712A56664B9609EBD615294ED62D3E8AA1D2AA
                                                    SHA-256:BA268D24A636B9B06273C4DEE142DF7FB4BF839DE2609C5D90352071C493D83D
                                                    SHA-512:75F25AB5B59C49AD3733BC0C86F5CFDC9FDE8C3E3341AE55D4122EEA6A2B781F45656F27363CB33B12FE408333E35EE488354A6117BB8161C492AD24B8317463
                                                    Malicious:false
                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...+3Z.t.....8.:*.Y.........{V...[..Fg.}G...5.)9.g.....LgYE.w..Z...c.....{a.4.?.e..|4...Y..L.]..?...[.Q
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, components 3
                                                    Category:dropped
                                                    Size (bytes):11222
                                                    Entropy (8bit):7.909156682762046
                                                    Encrypted:false
                                                    SSDEEP:192:WSZngfG5YM+PhxUIPtgScx4LhnXW1FzmpudeOLJHyfla0CBZXr9D/SFU+grl6GV4:NWfGWMUp1g74LAF6pudFydO7khgJ6EG3
                                                    MD5:A4B325BB8AA55895884BA88CBB7AD729
                                                    SHA1:EC41E1BC7188ABB7891D996B9245F6E1C1C86119
                                                    SHA-256:3FBA741474B0BEF5B6322F2CEF079034E2652A4526702D8C6023303556569A72
                                                    SHA-512:5A909487C7049EA6CFAAF32C07684B514DBEB0806415948FAB8677DE20A85B0350A4C6337B0C80B481631825B3C42E499C7016EEF3EE1A375800D43B41B5B62B
                                                    Malicious:false
                                                    Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...|y...~'..?._Y....UI...cY..P..7..c..>......g.......w...Q...........X....(.....3..............I.d..Ic..x..?\...^..|G..G.-S..v..}...t.F.6...........P.aEx..mwX.....:.U.....M.......v.8......w..;...w.w.~.c=.....t.\l..U.. `p(.....O....7.<y...:].}.+{[.n.fb.9Yv..cq.s..Z........n...~!......W..^:.......w....[..e....B..@.31%.C.1..]g..+..S..i....._#.l.?;lL..,.r.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:PNG image data, 233 x 180, 8-bit/color RGBA, interlaced
                                                    Category:dropped
                                                    Size (bytes):8890
                                                    Entropy (8bit):7.9490103158015
                                                    Encrypted:false
                                                    SSDEEP:192:qpcPfELijxVEfJ2MKyCsl1bQPBHEiQMyzzc+ShAlSMBnhSqnzvoi8kn:2cXWSW2MJnbQZSMy3c+mAlSqnhSqnzv/
                                                    MD5:E093F84BFDD36A36009E1D5F1F7F51B3
                                                    SHA1:AB4ADE4170145B443E411A43E8A1AEA8388DB1DA
                                                    SHA-256:B4288262940A2CEFBA19D545EBB78C21CB97B1816F6618F37784AE04D488EB82
                                                    SHA-512:0B26B38F228CFADB1479F79BC11798BD5751BA0B50F2951A43496E643F7699FF4F036AAA105C652576F9DCA1AF34B16FDEA82573D352F228BA794C24CC23315D
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............. ;\....sRGB.........gAMA......a.....pHYs..!...!........"OIDATx^.{.dW].G...=...Nvw.=....n....HB.$.X$.X.>0U.....-k.......2jD...d.,y...l23..v....B.%. ....`...........;.....O....|..{o....96.h..F3.U.D..eJ...T.^...*..X..>.Z..h..0.5.L.&D....-....pW.....[q..4.Ye.9..I.f.a./.z.V....d..aMfm...e.8/,.c5.m...b1V...T....0Nn".u..7.[.3Vvn.o../,.Tn-^nSF&....0}...U.9C%p#L..p.;'.ue}-.'...q&x_....~a...q.G!.o...'*./..y.J.EZ.j....+.-RP.Az..FK..PKZ.}.G.W...z......s.2...`....F.f.....FAw...b.x..i.+c@Y..$ed1..\sM.M.u..G.wA....>}..Yk.CKw>.0M.o.2Yc..z.8N..ya..e..h....B..*Y.(/.. .......m..2.W..j..;...b...k.L..........&3...W.cn..*..h....B.=w\}u..,....`*......L........3S....P..e........aH........>N5.W...Y6...v.._.}.J@....:V..T.DZ>r..X..e.-{,6a;..........#^.5..g...C.b.\b..2.=?..h.....G.....ii..,_..p...e..-....S...D.3.....X..^=k.wd.. .wa.Y..;....E...l.._....k.d....e..3..f.C&|...ID^Q..2.fV._......).j.I........".7Y..7..=.v..D.(......?...0....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:PNG image data, 496 x 151, 8-bit/color RGBA, interlaced
                                                    Category:dropped
                                                    Size (bytes):45017
                                                    Entropy (8bit):7.989971945627687
                                                    Encrypted:false
                                                    SSDEEP:768:ytUBvs3+XwQKD5+mZe+fnzqv1J8HNGGSdJ3+BVvbJbkeFiyq:ytjVQKD5+Ye+fnQdrP3+nHcD
                                                    MD5:06D235A36760D6C391DF45138A8F541D
                                                    SHA1:8552B29A3FBF1229EAA5A263EB54355B6D60118F
                                                    SHA-256:57E359271A1ACC67B4625465325F03DEB499AB840F339AA5D099E6F24B195C22
                                                    SHA-512:806636FDAD788050322538519AE86932F2FB3B24C88DE1BF26682CE231727B21DFE7892A48FDF0F30326D06DBC664D114AEA91DB04F9A1280B2FB37BCA174BAC
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............-9&....sRGB.........gAMA......a.....pHYs..!...!.........nIDATx^.].|TW..{HHB...H .\.k......W`.@..T.T.n,$cqB...]...]k..5 ...s.}/3..d..:....w.}6.{..cfB?..(n.......-.m.70....;.........j .;.....e.......0....H.XCB..k......i.}.c....+.0...(<...........%....%...=..sTob.]..O....r..._..6=..XK......:.p.U....Y.,: .D..i........|c..,..x.......{6.....................z=0%vx.pss.....%..........oF.(.m..4f.`.n.}..^./....o0"ppp..z.\.z.C.....N^.&..R...0...9...}ju.i....{...[}..3;......;....k{E...SR../..X.EI.[{.{GU....>../.(....3.H....k...1.i...|}xP..i..-;.".....O_.Ox.M.MH.=.u....%..m......G..$..FB..o.p.s.C.+j.3..e.g..S....|.... .uYR..Q.j..2..._.;.~e.>...........U......A=8..em.gH/.gI3...w,....^s._J.K~.W$S.~.U..|u../?....-....DT.F./.J8.....@2.>}..aEPi.,..v.*.......t..."..a[.M.<y.M...i......./>..R..1.........?.&<...7.6.r.W.1..E..OL..]U.....<0!&.F...R......S.*.C.,.A.7....)..wI....|.....<,#.........l.....*'...Ay.l..)...z...5. .().....,.e
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:PNG image data, 496 x 508, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):40813
                                                    Entropy (8bit):7.95217870783648
                                                    Encrypted:false
                                                    SSDEEP:768:x+lh8yp8alCgvJ8c+P8amL3n3TYmvigOBUeiCtayeoVSGd5I6bX6PXZXUB:278alhj+UamLDYIUOeIJ+SgV6/VUB
                                                    MD5:8FFE78FEB4198A4D25B8CBAE82B12A48
                                                    SHA1:CA1CF668EFF7493EE21176E78546C9D94D08842B
                                                    SHA-256:F1DE98C523283B46BBFCF244DF91800FA032DC637D3D06FE11C515EB83D4E8D5
                                                    SHA-512:215AC1B64771979A8A5EDD89D44C171BA4A058EDCD11C375073871F8BC401244A36DB891489B9DD02F8354B48F4E7754C8E2A6AAF943D4861DEE7F7D2C0209DD
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............n......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...v.<...........aNH.C..m#.$.....ll..n......@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!...........g.z.Y..............n......j........X.......w..u...jh.....C.x P.....*...{..m.f...:p..<p.]....z.....i...d........{.|..{..g....}_T....6I.SG..S...?..@ p_................w....~.2AFT...'9..w....'....?..;..O.v...g...b.8p.Z...l..q...D.D...@......Z@..,.x!d..r?...|{{.O.SG.m....X|..>..|.L.>.L...f.r]..#..uK.....K.C....#.<0J(..PK....I'..`.(...!n<6..+.g.I..}-...r.%...N9J.C....!.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 503x156, components 3
                                                    Category:dropped
                                                    Size (bytes):20424
                                                    Entropy (8bit):7.835030078950031
                                                    Encrypted:false
                                                    SSDEEP:384:OgcX3b6c24s32WjBejGaobNEa4mJ+B+R2XhLe4DBHg9q4n5Yc1MHA:ORucq3Nd6Wbj4mJ+DXhzj4nCwMHA
                                                    MD5:97E99FA4B4E202010E569C646DDCF5DD
                                                    SHA1:2282B27BBDAAE5AFA578886E13B1277702562E03
                                                    SHA-256:2E72BB1E2E48CBF1B038901C8B8C97B51EE0A20056581D656B6E18C681746E29
                                                    SHA-512:C53E33034473AB9F3440A2C7C74A80F3D0A42C75A3B24217EBDFA0ED4096FD2D70A4EEB144E54E34AACF308256D11EEFC8E6BF8B38ECC08E394C521B8C070393
                                                    Malicious:false
                                                    Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...........".6..G.u.t.><..#..%.D0F9w?..f*....L...E....?h...>.&.9.T.C'.5h.I#PU.X`..1.$..l.SW..^rT..-....~I
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 82x43, components 3
                                                    Category:dropped
                                                    Size (bytes):1423
                                                    Entropy (8bit):7.0212036204759025
                                                    Encrypted:false
                                                    SSDEEP:24:49YMWOl4WWqrG9/PSJlniLuMv9a9ZdpSKQCOhV4YBbP56yCbU8:49YMDiW0PdNFa1p+hV4KbB6nU8
                                                    MD5:E190691D70C568B3CB4089241A19B973
                                                    SHA1:B998495DC9D2605815DE95B04159644C1E1C965A
                                                    SHA-256:55A6C2EAC05E542C0B3F65893E2C462EFEE1F5393C9D03501B329E67F581C75E
                                                    SHA-512:02D51AA1C6AC2B48A5FD8883EB4CA80FD89744EE4A28BA2B7AEA9415E87C3A0E544F544D84E1BFEF84EA3DD053ADD5858190310504B2998E43B6247B11CC8CFF
                                                    Malicious:false
                                                    Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......+.R..".........................................................................1.....x..W....S..dm.&\.Q..L...)..+.p..w..4...."........................... 1"#@...........X.q.L..b..y......KM..:.y#.l,.".k.T.E..LSk.2...+)g2.p......#.S.2V..I.=....R..m.@..)T......................@........?.......................@........?.....0........................!1.."Q 2Aa#@BSbq..............?..{.\/A..N.........39"..Y.>.l.)E...-s......}.WYbRr.P.o.NL...|.s.P..y..jS.v.w....K....$.~C......48I..v.F.....T./8..hIb........ ..vQ..6C.^.'.l..pp,M........sh..;...{c.w]...._.....1.......cO....%....................!1.AQaq ..@............?!.2B..1........,..OM...}..C.`...i.X.9..U.6.3.pi}......E.3...Y .......7....5.I/...8.<.<.7U.....4.1...<...&%..#^.C.:..qM..?.$jdVY"Y....'.)...fo{...X....]..e..Suz6.B.....[`...u8.3l.@.%....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:PNG image data, 785 x 399, 8-bit/color RGB, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):205699
                                                    Entropy (8bit):7.990628452336142
                                                    Encrypted:true
                                                    SSDEEP:3072:MckjjOW2DsxuIko6RhnPqctqcleP7HKLkED6kOg9NoZLQKNPgDfcqfgjehZCS:C74sEzhnPq8leP7FCyg6L5gH4UCS
                                                    MD5:3AA0BE8C57DAD02655F3661F69E1A5D3
                                                    SHA1:A33261C7E05EF0B35E8ABED8CF525752B455877E
                                                    SHA-256:F0AF36F82821A2ED47B4471BFAF1CE8AB5DBE6DEB4F12970DC492F663C81BD23
                                                    SHA-512:4E2171B381DD6DE0A65B326E62285B3769A3D39E388155A380D9F1007A885F18FED6AD64CC9A53A8F9B5EF7D5F2648CB8680EC317088C2713EAE8F87F0C42108
                                                    Malicious:false
                                                    Preview:.PNG........IHDR................+....sRGB.........gAMA......a.....pHYs...........Y....!tEXtCreation Time.2022:01:25 16:55:38..5....xIDATx^..gc.:...*g..+....>...?.|<..B;)....*..%.-v..o...X(........UC=.....V_e...4^...n.l..7..1.RS.~...-C.=.mI..../..+.*.e..z^.m.z)C..*..2z...W|........Q..}.r....&x....+7_......_...ku.....O...I..Y.xF.3....k....E....V.^g.Z.SPl.m........#..U..*RR..m...nK8...L.........<NN...._z...?6.T..Wi{^..3..G.F.c....2...%........x.+..3......h...KGu-...\^..y..Q.?...v..W...3..G....!x....}..].W.B..J..L!..!.6D.h....x._.....?T....Z^..`{...s.2.2..gz.I...c....|.B..f...p[....J...a....c.H.q...`......@.c.%....S....yQ........{....+^...6y........b.}.^..(......t.+^..^u.W.U.#.!..+............q2.&..h...Z.....'#D;.!.+^.I.bt2B.o..:.+^..D.......}..E... _.g.Ox.......0yz.s.*C....?*.e........CUy+....=...h..D...J{(S.>...iQe......r.v....[EYz..z..V....2....>....3.Q....x.+~d0.<...^...!.W...?.^u.W.UP/A.~..j..rt.Rgy.b..p..z.+^.......*C_{./.RQ.....T
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:PNG image data, 496 x 508, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):40813
                                                    Entropy (8bit):7.95217870783648
                                                    Encrypted:false
                                                    SSDEEP:768:x+lh8yp8alCgvJ8c+P8amL3n3TYmvigOBUeiCtayeoVSGd5I6bX6PXZXUB:278alhj+UamLDYIUOeIJ+SgV6/VUB
                                                    MD5:8FFE78FEB4198A4D25B8CBAE82B12A48
                                                    SHA1:CA1CF668EFF7493EE21176E78546C9D94D08842B
                                                    SHA-256:F1DE98C523283B46BBFCF244DF91800FA032DC637D3D06FE11C515EB83D4E8D5
                                                    SHA-512:215AC1B64771979A8A5EDD89D44C171BA4A058EDCD11C375073871F8BC401244A36DB891489B9DD02F8354B48F4E7754C8E2A6AAF943D4861DEE7F7D2C0209DD
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............n......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...v.<...........aNH.C..m#.$.....ll..n......@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!..@ ....!...........g.z.Y..............n......j........X.......w..u...jh.....C.x P.....*...{..m.f...:p..<p.]....z.....i...d........{.|..{..g....}_T....6I.SG..S...?..@ p_................w....~.2AFT...'9..w....'....?..;..O.v...g...b.8p.Z...l..q...D.D...@......Z@..,.x!d..r?...|{{.O.SG.m....X|..>..|.L.>.L...f.r]..#..uK.....K.C....#.<0J(..PK....I'..`.(...!n<6..+.g.I..}-...r.%...N9J.C....!.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:PNG image data, 121 x 48, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):4320
                                                    Entropy (8bit):7.91161340715022
                                                    Encrypted:false
                                                    SSDEEP:96:allcHitlIxv9vk7C1+I4wWHLihk/x+VuQQ0NfAzw:hIIHUCD4wac7
                                                    MD5:AE11571126B6C76FEED8452CFC581159
                                                    SHA1:552303875A9E385E136E0D861763487E9C652B9C
                                                    SHA-256:601222038E6F821E6B1BB6311CCC91FD2B48392B404EE0E4B9DF74C63A5CA832
                                                    SHA-512:00953792A01701D230EFE45B7F8E8138D022BD5FCF349CE63D04B18235687604A545DA6D7DC5F181FEBC2B28E5352F0BBBCD42B5888BCD914DF53DB64A325802
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...y...0.....5.......pHYs..........o.d...MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):2560
                                                    Entropy (8bit):1.4244912957141795
                                                    Encrypted:false
                                                    SSDEEP:6:rl912N0xVN+CFQX+Xw9XdlA9XdlA9XCw9Xke+q+sA9Xke+q+sA9XCw9XCw9XCB9/:rl3lTpFQ+XIkkCIBCBCCICICb77
                                                    MD5:4A162029774E59BB68B950C02DBEED46
                                                    SHA1:AF3332E1EDD1D335C5184AEE9A5AFD76EEA4C9C8
                                                    SHA-256:AA2352D6AC4AE8AF08CA7245F20D03E95CB5CDF850094812D5B809BCB74EAB93
                                                    SHA-512:BD760D0EB61E98B36897FB2DDBE999F66B3142DD23640A1169267100C845033B6A12A974A7B88FB5E05151A4B38B81969D47769F2D1049FF5D384D3C3396D984
                                                    Malicious:false
                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1536
                                                    Entropy (8bit):1.4929866398948992
                                                    Encrypted:false
                                                    SSDEEP:6:mEMEEE3Dmlc9lCgK8MBMV0Mx/MNWLMt/q0P/NPg4PLPE4n:tDmGYP8wj4L0y4n
                                                    MD5:18113D5868FC0A179F9D30A31D5D3F31
                                                    SHA1:E658853D103B56025C2D7706F1A6925AD2A150FA
                                                    SHA-256:D1AA0B3494263DADFFE262CEE073EF13E916D6C283EF2D20A13A73FDE3CA3BB0
                                                    SHA-512:024B432948A91138D5E4FD3E5C0BFCA5B2CDACE5D8EB11D395C092EB4A26B59BEA0DFAD873719508C53AB90CCD88FAD47FE049E5F39B0210B2F2D66D7EBF0ED0
                                                    Malicious:false
                                                    Preview:....1.2.....1.2.....1.....1.....1.2.....1.2.....1.2.....1.2.....(.....(.....(.....(.....(...j.o.n.e.s...j............................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...&...(.......0...6...8...>...@...D...F...J...L...P...R...V...X...\...h.......................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):27136
                                                    Entropy (8bit):4.6744173995247245
                                                    Encrypted:false
                                                    SSDEEP:768:6g873BtAqktmc5pcn8H/rQ6txpbvAWNMtq:Fu3BtABjFfrQ8xpb3N2q
                                                    MD5:73C73A0D30C7C96F6D99D9F58DE2F520
                                                    SHA1:61DE39591DCC390D67EEC6D55C4EF0FF75B89F52
                                                    SHA-256:AA06D0D013E9B43AD1370B832723EA050E974A295DD23968092370D097F1B39B
                                                    SHA-512:7E0E32FC358D9606F4F78A76663D5B91DADBC231FF570477A528C681A6D8B9C921655A32FD3E2CFE50DFDB5FC89578478D69DB0611406261EEE82AB3C9678620
                                                    Malicious:false
                                                    Preview:.................................././........S..W.2.4.2.4.0.1.2.1.4.........kb.x...w*O......kb.x.g.w(W.~.bJT.....././....h .Km ..b .JT........7h.T.T.y.....s6R.q..|......<h.W.S..../......YXbUSMO....wm?......S.N....n..{.t.gP.lQ.S.....hKm{|+R.....YXb.hKm....../.-N.V.h........V.Nwm.gP.lQ.S.................. . . . . . . . . . . .../.........................2................. ..A!..."...#...$...1.8.2P..:p...............X . ..f....D.E.C.L.A.R.A.T.I.O.N............................................................................................................. ..."...*...F...H...J...L...X...Z...\...n...p...r....................................................................................................................................................................................................................................................................................................................................$.a$.gd.........$.a$.gd.........$.a$.gdI%......$......>.|..........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:ASCII text, with very long lines (14045), with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):49077
                                                    Entropy (8bit):5.4936188384294145
                                                    Encrypted:false
                                                    SSDEEP:768:34TXejhRCxCG/nY7WCuCAvF59iOeaeOWY6nxEXviinmJzZjU+C6G+yPCXYLEPQBr:34TXejhRCcG/nY7Hu1v79iOGxY6nxEXX
                                                    MD5:EE544B4694ECC3D5E1B88396E7AEDA6A
                                                    SHA1:BEBBF3897F54C3DDF4B22565E5DE365900BECC40
                                                    SHA-256:20F6F14B7987C2C58B9BD62E6F00210D479E46A9CE32193B6FFDD9A0A1EC12FB
                                                    SHA-512:0B7978E172A5DA86D26C555187853CF54CE44379E045900429B121F8E5C261793A85B57EB1169B441D32D37BE2680CF4140D92E0765D26F6CD48F2283EFA634E
                                                    Malicious:false
                                                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/20/2024 08:33:01.961.WINWORD (0x1DE8).0x1E40.Microsoft Word.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":23,"Time":"2024-11-20T08:33:01.961Z","Contract":"Office.System.Activity","Activity.CV":"y7UmiXsWRkKFMsmVTeABSA.7.1","Activity.Duration":144,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Activity.Result.Code":-2147024890,"Activity.Result.Type":"HRESULT","Activity.Result.Tag":528307459}...11/20/2024 08:33:01.961.WINWORD (0x1DE8).0x1E40.Microsoft Word.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.ProcessIdleQueueJob","Flags":33777014401990913,"InternalSequenceNumber":24,"Time":"2024-11-20T08:33:01.961Z","Contract":"Office.System.Activity","Activity.CV":"y7UmiXsWRkKFMsmVTeABSA.7","Activity.Duration":1984,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Data.FailureD
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):242
                                                    Entropy (8bit):3.4938093034530917
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUX44lWWoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyvToGHmD0+dAH/luWvv
                                                    MD5:A6B2731ECC78E7CED9ED5408AB4F2931
                                                    SHA1:BA15D036D522978409846EA682A1D7778381266F
                                                    SHA-256:6A2F9E46087B1F0ED0E847AF05C4D4CC9F246989794993E8F3E15B633EFDD744
                                                    SHA-512:666926612E83A7B4F6259C3FFEC3185ED3F07BDC88D43796A24C3C9F980516EB231BDEA4DC4CC05C6D7714BA12AE2DCC764CD07605118698809DEF12A71F1FDD
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.a.b.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):4888
                                                    Entropy (8bit):7.8636569313247335
                                                    Encrypted:false
                                                    SSDEEP:96:StrFZ23/juILHPzms5UTuK9CuZGEoEuZ28H1HiGa2RnnLY+tUb:SPZQ7uCHPzms5UTlqauZVHdJRnLY+tUb
                                                    MD5:0A4CA91036DC4F3CD8B6DBF18094CF25
                                                    SHA1:6C7EED2530CD0032E9EEAB589AFBC296D106FBB9
                                                    SHA-256:E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
                                                    SHA-512:7C69426F2250E8C84368E8056613C22977630A4B3F5B817FB5EA69081CE2A3CA6E5F93DF769264253D5411419AF73467A27F0BB61291CCDE67D931BD0689CB66
                                                    Malicious:false
                                                    Preview:PK.........e.>.......]>......diagrams/layout1.xmlz........Z..6....;..{......lw.E.o....i..T....&...G.+...$..(.6..>Y.pf8C.|3.?..m....xA8v.`.hW..@..Zn..(kb..(.......`.+....Y`...\..qh.0.!&w..)|...<..]Q.. _....m..Z.{3..~..5..R..d..A.O....gU.M..0..#...;.>$...T......T..z.Z.\a.+...?#.~.....1.>?...*..DD.1...'..,..(...5B...M..]..>.C..<[....,L.p..Q.v.v^q.Y...5.~^c..5........3.j.......BgJ.nv.. ............tt......Q..p..K....(M.(]@..E..~z.~...8...49.t.Q..Q.n..+.....*J.#J.... .P...P.1...!.#&...?A..&.."..|..D.I...:.....~/.....b..].........nI7.IC.a..%...9.....4...r....b..q....@o........O...y...d@+~.<.\....f.a`:...Qy/^..P....[....@i.I.._.?.X.x.8....)..s....I.0...|.....t...;...q=k.=..N.%!.(.1....B.Ps/."...#.%..&...j<..2x.=<.......s.....h..?..]?Y?...C.}E.O........{..6.d....I...A.....JN..w+....2..m>9.T7...t.6.}.i..f.Ga..t.].->...8U......G.D`......p..f.. ...qT.YX.t.F..X.u=.3r...4....4Q.D..l.6.+PR...+..T..h: H.&.1~....n.....)........2J.. O.W+vd..f....0.....6..9QhV..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):260
                                                    Entropy (8bit):3.494357416502254
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUX0XPE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXPGHmD0+dAH/luWvv
                                                    MD5:6F8FE7B05855C203F6DEC5C31885DD08
                                                    SHA1:9CC27D17B654C6205284DECA3278DA0DD0153AFF
                                                    SHA-256:B7F58DF058C938CCF39054B31472DC76E18A3764B78B414088A261E440870175
                                                    SHA-512:C518A243E51CB4A1E3C227F6A8A8D9532EE111D5A1C86EBBB23BD4328D92CD6A0587DF65B3B40A0BE2576D8755686D2A3A55E10444D5BB09FC4E0194DB70AFE6
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.h.e.m.e.P.i.c.t.u.r.e.G.r.i.d...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):6193
                                                    Entropy (8bit):7.855499268199703
                                                    Encrypted:false
                                                    SSDEEP:192:WavHMKgnU2HUGFhUnkbOKoztj1QfcnLYut3d8:YKeUlGXUnC+HQSMp
                                                    MD5:031C246FFE0E2B623BBBD231E414E0D2
                                                    SHA1:A57CA6134779D54691A4EFD344BC6948E253E0BA
                                                    SHA-256:2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
                                                    SHA-512:6A784C28E12C3740300883A0E690F560072A3EA8199977CBD7F260A21E8346B82BA8A4F78394D3BB53FA2E98564B764C2D0232C40B25FB6085C36D20D70A39D1
                                                    Malicious:false
                                                    Preview:PK........X..<..Zn|...........diagrams/layout1.xmlz........]..H.}......M,l#g.j:.G-eu.*S=.$......T_6..I...6...d.NJ....r.p.p.........|.z.K.M..L.T.(........<..ks.......o...t}...P..*.7...`.+.[...H..._..X.u.....N....n....n|..=.....K.:.G7.u....."g.n.h...O.,...c...f.b.P......>[l.....j.*.?..mxk..n..|A...,\o..j..wQ.....lw.~].Lh..{3Y..D..5.Y..n..Mh.r..J....6*.<.kO...Alv.._.qdKQ.5...-FMN......;.~..._..pv..&...%"Nz].n............vM.`..k..a.:.f]...a........y.....g0..`........|V...Yq.....#...8....n..i7w<2Rp...R.@.]..%.b%..~...a..<.j...&....?...Qp..Ow|&4>...d.O.|.|...Fk;t.P[A..i.6K.~...Y.N..9......~<Q..f...i.....6..U...l. ..E..4$Lw..p..Y%NR..;...B|B.U...\e......S...=...B{A.]..*....5Q.....FI..w....q.s{.K....(.]...HJ9........(.....[U|.....d71.Vv.....a.8...L.....k;1%.T.@+..uv.~v.]`.V....Z.....`.M.@..Z|.r........./C..Z.n0.....@.YQ.8..q.h.....c.%...p..<..zl.c..FS.D..fY..z..=O..%L..MU..c.:.~.....F]c......5.=.8.r...0....Y.\o.o....U.~n...`...Wk..2b......I~
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):262
                                                    Entropy (8bit):3.4901887319218092
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXqhBMl0OoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyiMl0OoGHmD0+dAH/luWvv
                                                    MD5:52BD0762F3DC77334807DDFC60D5F304
                                                    SHA1:5962DA7C58F742046A116DDDA5DC8EA889C4CB0E
                                                    SHA-256:30C20CC835E912A6DD89FD1BF5F7D92B233B2EC24594F1C1FE0CADB03A8C3FAB
                                                    SHA-512:FB68B1CF9677A00D5651C51EC604B61DAC2D250D44A71D43CD69F41F16E4F0A7BAA7AD4A6F7BB870429297465A893013BBD7CC77A8F709AD6DB97F5A0927B1DD
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .R.a.d.i.a.l.P.i.c.t.u.r.e.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):5596
                                                    Entropy (8bit):7.875182123405584
                                                    Encrypted:false
                                                    SSDEEP:96:dGa2unnLYEB2EUAPOak380NQjqbHaPKJebgrEVws8Vw+BMa0EbdLVQaZJgDZh0pJ:UJunLYEB2EUAxk3pIYaScgYwsV4bdS0X
                                                    MD5:CDC1493350011DB9892100E94D5592FE
                                                    SHA1:684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA
                                                    SHA-256:F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
                                                    SHA-512:3699066A4E8A041079F12E88AB2E7F485E968619CB79175267842846A3AD64AA8E7778CBACDF1117854A7FDCFB46C8025A62F147C81074823778C6B4DC930F12
                                                    Malicious:false
                                                    Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK.........V.<.S.....Y.......diagrams/layout1.xml.\.r.8...U....m.$.."3.....;...../3.XAn..O.?....V.;...")Nr.O.H....O......_..E..S...L7....8H.y<=............~...Ic......v9.X.%.\.^.,?g.v.?%w...f.).9.........Ld;.1..?~.%QQ...h.8;.gy..c4..]..0Ii.K&.[.9.......E4B.a..?e.B..4....E.......Y.?_&!.....i~..{.W..b....L.?..L..@.F....c.H..^..i...(d.......w...9..9,........q..%[..]K}.u.k..V.%.Y.....W.y..;e4[V..u.!T...).%.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):246
                                                    Entropy (8bit):3.5039994158393686
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUX4f+E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyvGHmD0+dAH/luWvv
                                                    MD5:16711B951E1130126E240A6E4CC2E382
                                                    SHA1:8095AA79AEE029FD06428244CA2A6F28408448DB
                                                    SHA-256:855342FE16234F72DA0C2765455B69CF412948CFBE70DE5F6D75A20ACDE29AE9
                                                    SHA-512:454EAA0FD669489583C317699BE1CE5D706C31058B08CF2731A7621FDEFB6609C2F648E02A7A4B2B3A3DFA8406A696D1A6FA5063DDA684BDA4450A2E9FEFB0EF
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.a.b.b.e.d.A.r.c...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):3683
                                                    Entropy (8bit):7.772039166640107
                                                    Encrypted:false
                                                    SSDEEP:96:GyfQZd6ZHNCWl9aXFkZwIq/QDsRYPf8P9QtDIs5r:G6wYtNZS1k99AmPfSOtD5r
                                                    MD5:E8308DA3D46D0BC30857243E1B7D330D
                                                    SHA1:C7F8E54A63EB254C194A23137F269185E07F9D10
                                                    SHA-256:6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
                                                    SHA-512:88AB7263B7A8D7DDE1225AE588842E07DF3CE7A07CBD937B7E26DA7DA7CFED23F9C12730D9EF4BC1ACF26506A2A96E07875A1A40C2AD55AD1791371EE674A09B
                                                    Malicious:false
                                                    Preview:PK.........a9;lq.ri...#.......diagrams/layout1.xmlz........WKn.0.];.`..J..AP...4E..!..hi$..I......z..D.d;...m.d...f.3o.._....9'.P.I1.F.C...d.D:.........Q..Z..5$..BO...e..(.9..2..+.Tsjp.. Vt.f.<...gA.h...8...>..p4..T...9.c...'.G.;.@.;xKE.A.uX.....1Q...>...B...!T.%.* ...0.....&......(.R.u..BW.yF.Grs...)..$..p^.s.c._..F4.*. .<%.BD..E....x... ..@...v.7f.Y......N.|.qW'..m..........im.?.64w..h...UI...J....;.0..[....G..\...?:.7.0.fGK.C.o^....j4............p...w:...V....cR..i...I...J=...%. &..#..[M....YG...u...I)F.l>.j.....f..6.....2.]..$7.....Fr..o.0...l&..6U...M..........%..47.a.[..s........[..r....Q./}.-.(.\..#. ..y`...a2..*....UA.$K.nQ:e!bB.H.-Q-a.$La.%.Z!...6L...@...j.5.....b..S.\c..u...R..dXWS.R.8"....o[..V...s0W..8:...U.#5..hK....ge.Q0$>...k.<...YA.g..o5...3.....~re.....>....:..$.~........pu ._Q..|Z...r...E.X......U....f)s^.?...%......459..XtL:M.).....x..n9..h...c...PK........Ho9<"..%...........diagrams/layoutHeader1.xmlMP.N.0.>oOa.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):252
                                                    Entropy (8bit):3.48087342759872
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXXt1MIae2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyfMIaRGHmD0+dAH/luWvv
                                                    MD5:69757AF3677EA8D80A2FBE44DEE7B9E4
                                                    SHA1:26AF5881B48F0CB81F194D1D96E3658F8763467C
                                                    SHA-256:0F14CA656CDD95CAB385F9B722580DDE2F46F8622E17A63F4534072D86DF97C3
                                                    SHA-512:BDA862300BAFC407D662872F0BFB5A7F2F72FE1B7341C1439A22A70098FA50C81D450144E757087778396496777410ADCE4B11B655455BEDC3D128B80CFB472A
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .P.i.c.t.u.r.e.F.r.a.m.e...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):4326
                                                    Entropy (8bit):7.821066198539098
                                                    Encrypted:false
                                                    SSDEEP:96:+fF+Jrp7Yo5hnJiGa24TxEcpUeONo1w2NFocy2LQi33Z:2+f7YuhJdJ4TxEcmKwGkk3Z
                                                    MD5:D32E93F7782B21785424AE2BEA62B387
                                                    SHA1:1D5589155C319E28383BC01ED722D4C2A05EF593
                                                    SHA-256:2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
                                                    SHA-512:5B07D6764A6616A7EF25B81AB4BD4601ECEC1078727BFEAB4A780032AD31B1B26C7A2306E0DBB5B39FC6E03A3FC18AD67C170EA9790E82D8A6CEAB8E7F564447
                                                    Malicious:false
                                                    Preview:PK.........n.A...#............docProps/thumbnail.jpgz.........{4.i....1.n.v)..#.\*....A+..Q(."..D.......#Q)...SQ....2c.ei.JC...N.{......}.s.s..y>....d.(:.;.....q........$.OBaPbI..(.V...o.....'..b..edE.J.+.....".tq..dqX.......8...CA.@..........0.G.O.$Ph...%i.Q.CQ.>.%!j..F..."?@.1J.Lm$..`..*oO...}..6......(%....^CO..p......-,.....w8..t.k.#....d..'...O...8....s1....z.r...rr...,(.)...*.]Q]S.{X.SC{GgWw..O....X./FF9._&..L.....[z..^..*....C...qI.f... .Hq....d*.d..9.N{{.N.6..6)..n<...iU]3.._.....%./.?......(H4<.....}..%..Z..s...C@.d>.v...e.'WGW.....J..:....`....n..6.....]W~/.JX.Qf..^...}...._Sg.-.p..a..C_:..F..E.....k.H..........-Bl$._5...B.w2e...2...c2/y3.U...7.8[.S}H..r/..^...g...|...l..\M..8p$]..poX-/.2}..}z\.|.d<T.....1....2...{P...+Y...T...!............p..c.....D..o..%.d.f.~.;.;=4.J..]1"("`......d.0.....L.f0.l..r8..M....m,.p..Y.f....\2.q. ...d9q....P...K..o!..#o...=.........{.p..l.n...........&..o...!J..|)..q4.Z.b..PP....U.K..|.i.$v
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):256
                                                    Entropy (8bit):3.464918006641019
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXR+EqRGRnRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxnyB+5RmRGHmD0wbnKYZAH+Vwv
                                                    MD5:93149E194021B37162FD86684ED22401
                                                    SHA1:1B31CAEBE1BBFA529092BE834D3B4AD315A6F8F1
                                                    SHA-256:50BE99A154A6F632D49B04FCEE6BCA4D6B3B4B7C1377A31CE9FB45C462D697B2
                                                    SHA-512:410A7295D470EC85015720B2B4AC592A472ED70A04103D200FA6874BEA6A423AF24766E98E5ACAA3A1DBC32C44E8790E25D4611CD6C0DBFFFE8219D53F33ACA7
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .E.q.u.a.t.i.o.n.s...d.o.t.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.W.D. .D.o.c.u.m.e.n.t. .P.a.r.t.s.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):51826
                                                    Entropy (8bit):5.541375256745271
                                                    Encrypted:false
                                                    SSDEEP:384:erH5dYPCA4t3aEFGiSUDtYfEbi5Ry/AT7/6tHODaFlDSomurYNfT4A0VIwWNS89u:Q6Cbh9tENyWdaFUSYNfZS89/3qtEu
                                                    MD5:2AB22AC99ACFA8A82742E774323C0DBD
                                                    SHA1:790F8B56DF79641E83A16E443A75A66E6AA2F244
                                                    SHA-256:BC9D45D0419A08840093B0BF4DCF96264C02DFE5BD295CD9B53722E1DA02929D
                                                    SHA-512:E5715C0ECF35CE250968BD6DE5744D28A9F57D20FD6866E2AF0B2D8C8F80FEDC741D48F554397D61C5E702DA896BD33EED92D778DBAC71E2E98DCFB0912DE07B
                                                    Malicious:false
                                                    Preview:PK.........R.@c}LN4...........[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.....D....>.V...f-}..r9....=..Mn..U..5.(.....a...E..b....*..w.$...,O_fu."[P..WU=.;.....5..wdt..y1.......i.44-.r....;./.biG.Cd.n.j.{/......V....c..^^.E.H?H.........B.........<...Ae.l.]..{....mK......B....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):260
                                                    Entropy (8bit):3.4895685222798054
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUX4cPBl4xoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyPl4xoGHmD0+dAH/luWvv
                                                    MD5:63E8B0621B5DEFE1EF17F02EFBFC2436
                                                    SHA1:2D02AD4FD9BF89F453683B7D2B3557BC1EEEE953
                                                    SHA-256:9243D99795DCDAD26FA857CB2740E58E3ED581E3FAEF0CB3781CBCD25FB4EE06
                                                    SHA-512:A27CDA84DF5AD906C9A60152F166E7BD517266CAA447195E6435997280104CBF83037F7B05AE9D4617323895DCA471117D8C150E32A3855156CB156E15FA5864
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .V.a.r.y.i.n.g.W.i.d.t.h.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):3075
                                                    Entropy (8bit):7.716021191059687
                                                    Encrypted:false
                                                    SSDEEP:48:96yn4sOBoygpySCCxwKsZCB2oLEIK+aQpUNLRQWtmMamIZxAwCC2QnyODhVOzP4:l0vCxJsZQ2ofpKvtmMdIZxAwJyODhVOE
                                                    MD5:67766FF48AF205B771B53AA2FA82B4F4
                                                    SHA1:0964F8B9DC737E954E16984A585BDC37CE143D84
                                                    SHA-256:160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
                                                    SHA-512:AC28B0B4A9178E9B424E5893870913D80F4EE03D595F587AA1D3ACC68194153BAFC29436ADFD6EA8992F0B00D17A43CFB42C529829090AF32C3BE591BD41776D
                                                    Malicious:false
                                                    Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK.........nB;O.......k......._rels/.rels...J.@.._e..4...i/.,x..Lw'....v'.<....WpQ..,......7?....u.y..;bL../..3t.+.t.G....Y.v8.eG.MH,....(\..d..R....t>Z.<F-..G.(..\.x...l?..M..:#........2.#.[..H7..#g{...._j...(.....q......;.5'..Nt..."...A.h........>....\.'...L..D..DU<.....C.TKu.5Tu....bV..;PK.........C26.b..............diagrams/layout1.xml.T.n. .}N....).je./m.+u....`{..0P......p..U}c.9g..3....=h.(.."..D-.&....~.....y..I...(r.aJ.Y..e..;.YH...P.{b......hz.-..>k.i5..z>.l...f...c..Y...7.ND...=.%..1...Y.-.o.=)(1g.{.".E.>2.=...]Y..r0.Q...e.E.QKal,.....{f...r..9-.mH..C..\.w....c.4.JUbx.p Q...R......_...G.F...uPR...|um.+g..?..C..gT...7.0.8l$.*.=qx.......-8..8.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):238
                                                    Entropy (8bit):3.472155835869843
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXGE2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny4GHmD0+dAH/luWvv
                                                    MD5:2240CF2315F2EB448CEA6E9CE21B5AC5
                                                    SHA1:46332668E2169E86760CBD975FF6FA9DB5274F43
                                                    SHA-256:0F7D0BD5A8CED523CFF4F99D7854C0EE007F5793FA9E1BA1CD933B0894BFBD0D
                                                    SHA-512:10BA73FF861112590BF135F4B337346F9D4ACEB10798E15DC5976671E345BC29AC8527C6052FEC86AA7058E06D1E49052E49D7BCF24A01DB259B5902DB091182
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .r.i.n.g.s...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):5151
                                                    Entropy (8bit):7.859615916913808
                                                    Encrypted:false
                                                    SSDEEP:96:WkV3UHhcZDEteEJqeSGzpG43GUR8m8b6dDLiCTfjKPnD6H5RhfuDKNtxx3+7tDLp:Wq3UBc9EJqIpGgD5dDL1DjKvDKhfnNti
                                                    MD5:6C24ED9C7C868DB0D55492BB126EAFF8
                                                    SHA1:C6D96D4D298573B70CF5C714151CF87532535888
                                                    SHA-256:48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
                                                    SHA-512:A3E9DC48C04DC8571289F57AE790CA4E6934FBEA4FDDC20CB780F7EA469FE1FC1D480A1DBB04D15301EF061DA5700FF0A793EB67D2811C525FEF618B997BCABD
                                                    Malicious:false
                                                    Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........5nB;.ndX....`......._rels/.rels...J.1.._%..f.J.J..x..AJ.2M&......g..#............|.c..x{_._..^0e.|.gU..z.....#.._..[..JG.m.....(...e..r."....P)....3..M].E:..SO.;D..c..J..rt...c.,.....a.;.....$.../5..D.Ue.g...Q3......5.':...@...~t{.v..QA>.P.R.A~..^AR.S4G......].n...x41....PK.........^5..s.V....Z......diagrams/layout1.xml.[]o.F.}N~..S.......VU.U+m6R........&.d.}...{M....Q.S....p9.'./O..z."..t>q....."[..j>y..?...u....[.}..j-...?Y..Bdy.I./.....0.._.....-.s...rj...I..=..<..9.|>YK.....o.|.my.F.LlB..be/E.Y!.$6r.f/.p%.......U....e..W.R..fK....`+?.rwX.[.b..|..O>o.|.....>1.......trN`7g..Oi.@5..^...]4.r...-y...T.h...[.j1..v....G..........nS..m..E"L...s
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):332
                                                    Entropy (8bit):3.4871192480632223
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXsdDUaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyoRw9eNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:333BA58FCE326DEA1E4A9DE67475AA95
                                                    SHA1:F51FAD5385DC08F7D3E11E1165A18F2E8A028C14
                                                    SHA-256:66142D15C7325B98B199AB6EE6F35B7409DE64EBD5C0AB50412D18CBE6894097
                                                    SHA-512:BFEE521A05B72515A8D4F7D13D8810846DC60F1E85C363FFEBD6CACD23AE8D2E664C563FC74700A4ED4E358F378508D25C46CB5BE1CF587E2E278EBC22BB2625
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .m.l.a.s.e.v.e.n.t.h.e.d.i.t.i.o.n.o.f.f.i.c.e.o.n.l.i.n.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):254875
                                                    Entropy (8bit):5.003842588822783
                                                    Encrypted:false
                                                    SSDEEP:6144:MwprAnniNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:a
                                                    MD5:377B3E355414466F3E3861BCE1844976
                                                    SHA1:0B639A3880ACA3FD90FA918197A669CC005E2BA4
                                                    SHA-256:4AC5B26C5E66E122DE80243EF621CA3E1142F643DD2AD61B75FF41CFEE3DFFAF
                                                    SHA-512:B050AD52A8161F96CBDC880DD1356186F381B57159F5010489B04528DB798DB955F0C530465AB3ECD5C653586508429D98336D6EB150436F1A53ABEE0697AEB9
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>...</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />......<xsl:variable name="prop_EndChars">.....<xsl:call-template name="templ_prop_EndChars"/>....</xsl:variable>......<xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$parameters" />......
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):570901
                                                    Entropy (8bit):7.674434888248144
                                                    Encrypted:false
                                                    SSDEEP:6144:D2tTXiO/3GH5SkPQVAqWnGrkFxvay910UUTWZJarUv9TA0g8:kX32H+VWgkFxSgGTmarUv9T
                                                    MD5:D676DE8877ACEB43EF0ED570A2B30F0E
                                                    SHA1:6C8922697105CEC7894966C9C5553BEB64744717
                                                    SHA-256:DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
                                                    SHA-512:F40BADA680EA5CA508947290BA73901D78DE79EAA10D01EAEF975B80612D60E75662BDA542E7F71C2BBA5CA9BA46ECAFE208FD6E40C1F929BB5E407B10E89FBD
                                                    Malicious:false
                                                    Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):282
                                                    Entropy (8bit):3.5459495297497368
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXvBAuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnypJymD0wbnKNAH/lMz1
                                                    MD5:76340C3F8A0BFCEDAB48B08C57D9B559
                                                    SHA1:E1A6672681AA6F6D525B1D17A15BF4F912C4A69B
                                                    SHA-256:78FE546321EDB34EBFA1C06F2B6ADE375F3B7C12552AB2A04892A26E121B3ECC
                                                    SHA-512:49099F040C099A0AED88E7F19338140A65472A0F95ED99DEB5FA87587E792A2D11081D59FD6A83B7EE68C164329806511E4F1B8D673BEC9074B4FF1C09E3435D
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .D.i.v.i.d.e.n.d...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):558035
                                                    Entropy (8bit):7.696653383430889
                                                    Encrypted:false
                                                    SSDEEP:12288:DQ/oYjRRRRRRRRYcdY/5ASWYqBMp8xsGGEOzI7vQQwOyP:DQ/nRRRRRRRRxY/5JWYZ3GGbI8YA
                                                    MD5:3B5E44DDC6AE612E0346C58C2A5390E3
                                                    SHA1:23BCF3FCB61F80C91D2CFFD8221394B1CB359C87
                                                    SHA-256:9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2
                                                    SHA-512:2E63419F272C6E411CA81945E85E08A6E3230A2F601C4D28D6312DB5C31321F94FAFA768B16BC377AE37B154C6869CA387005693A79C5AB1AC45ED73BCCC6479
                                                    Malicious:false
                                                    Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):276
                                                    Entropy (8bit):3.5361139545278144
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXeMWMluRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnycMlMymD0wbnKNAH/lMz1
                                                    MD5:133D126F0DE2CC4B29ECE38194983265
                                                    SHA1:D8D701298D7949BE6235493925026ED405290D43
                                                    SHA-256:08485EBF168364D846C6FD55CD9089FE2090D1EE9D1A27C1812E1247B9005E68
                                                    SHA-512:75D7322BE8A5EF05CAA48B754036A7A6C56399F17B1401F3F501DA5F32B60C1519F2981043A773A31458C3D9E1EF230EC60C9A60CAC6D52FFE16147E2E0A9830
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.a.s.i.s...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):523048
                                                    Entropy (8bit):7.715248170753013
                                                    Encrypted:false
                                                    SSDEEP:6144:WfmDdN6Zfv8q5rnM6vZ02PtMZRkfW5ipbnMHxVcsOWrCMxy0sD/mcKb4rYEY:xDdQXBrMi2YtggW5ObnMH1brJpUmBU0N
                                                    MD5:C276F590BB846309A5E30ADC35C502AD
                                                    SHA1:CA6D9D6902475F0BE500B12B7204DD1864E7DD02
                                                    SHA-256:782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
                                                    SHA-512:B85165C769DFE037502E125A04CFACDA7F7CC36184B8D0A54C1F9773666FFCC43A1B13373093F97B380871571788D532DEEA352E8D418E12FD7AAD6ADB75A150
                                                    Malicious:false
                                                    Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):276
                                                    Entropy (8bit):3.5159096381406645
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXQIa3ARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnygIaqymD0wbnKNAH/lMz1
                                                    MD5:71CCB69AF8DD9821F463270FB8CBB285
                                                    SHA1:8FED3EB733A74B2A57D72961F0E4CF8BCA42C851
                                                    SHA-256:8E63D7ABA97DABF9C20D2FAC6EB1665A5D3FDEAB5FA29E4750566424AE6E40B4
                                                    SHA-512:E62FC5BEAEC98C5FDD010FABDAA8D69237D31CA9A1C73F168B1C3ED90B6A9B95E613DEAD50EB8A5B71A7422942F13D6B5A299EB2353542811F2EF9DA7C3A15DC
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .F.r.a.m.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):924687
                                                    Entropy (8bit):7.824849396154325
                                                    Encrypted:false
                                                    SSDEEP:12288:lsadD3eLxI8XSh4yDwFw8oWR+6dmw2ZpQDKpazILv7Jzny/ApcWqyOpEZULn:qLxI8XSh4yUF/oWR+mLKpYIr7l3ZQ7n
                                                    MD5:97EEC245165F2296139EF8D4D43BBB66
                                                    SHA1:0D91B68CCB6063EB342CFCED4F21A1CE4115C209
                                                    SHA-256:3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C
                                                    SHA-512:8594C49CAB6FF8385B1D6E174431DAFB0E947A8D7D3F200E622AE8260C793906E17AA3E6550D4775573858EA1243CCBF7132973CD1CF7A72C3587B9691535FF8
                                                    Malicious:false
                                                    Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):282
                                                    Entropy (8bit):3.51145753448333
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXKsWkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6svymD0wbnKNAH/lMz1
                                                    MD5:7956D2B60E2A254A07D46BCA07D0EFF0
                                                    SHA1:AF1AC8CA6FE2F521B2EE2B7ABAB612956A65B0B5
                                                    SHA-256:C92B7FD46B4553FF2A656FF5102616479F3B503341ED7A349ECCA2E12455969E
                                                    SHA-512:668F5D0EFA2F5168172E746A6C32820E3758793CFA5DB6791DE39CB706EF7123BE641A8134134E579D3E4C77A95A0F9983F90E44C0A1CF6CDE2C4E4C7AF1ECA0
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .P.a.r.a.l.l.a.x...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):1649585
                                                    Entropy (8bit):7.875240099125746
                                                    Encrypted:false
                                                    SSDEEP:24576:L368X6z95zf5BbQ6U79dYy2HiTIxRboyM/LZTl5KnCc:r68kb7UTYxGIxmnp65
                                                    MD5:35200E94CEB3BB7A8B34B4E93E039023
                                                    SHA1:5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D
                                                    SHA-256:6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD
                                                    SHA-512:ED80CEE7C22D10664076BA7558A79485AA39BE80582CEC9A222621764DAE5EFA70F648F8E8C5C83B6FE31C2A9A933C814929782A964A47157505F4AE79A3E2F9
                                                    Malicious:false
                                                    Preview:PK..........1A..u._....P......[Content_Types].xml..Ms.@.....!...=.7....;a.h.&Y..l..H~..`;...d..g/..e..,M..C...5...#g/."L..;...#. ]..f...w../._.2Y8..X.[..7._.[...K3..#.4......D.]l.?...~.&J&....p..wr-v.r.?...i.d.:o....Z.a|._....|.d...A....A".0.J......nz....#.s.m.......(.]........~..XC..J......+.|...(b}...K!._.D....uN....u..U..b=.^..[...f...f.,...eo..z.8.mz....."..D..SU.}ENp.k.e}.O.N....:^....5.d.9Y.N..5.d.q.^s..}R...._E..D...o..o...o...f.6;s.Z]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...S.....0.zN.... ...>..>..>..>..>..>..>........e...,..7...F(L.....>.ku...i...i...i...i...i...i...i........yi.....G...1.....j...r.Z]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o|^Z....Q}.;.o...9.Z..\.V...............................jZ......k.pT...0.zN.... ...>..>..>..>..>..>..>........e...,..7...f(L.....>.ku...i...i...i...i...i...i...i........yi.......n.....{.._f...0...PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):284
                                                    Entropy (8bit):3.5552837910707304
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXtLARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnygymD0wbnKNAH/lMz1
                                                    MD5:5728F26DF04D174DE9BDFF51D0668E2A
                                                    SHA1:C998DF970655E4AF9C270CC85901A563CFDBCC22
                                                    SHA-256:979DAFD61C23C185830AA3D771EDDC897BEE87587251B84F61776E720ACF9840
                                                    SHA-512:491B36AC6D4749F7448B9A3A6E6465E8D97FB30F33EF5019AF65660E98F4570711EFF5FC31CBB8414AD9355029610E6F93509BC4B2FB6EA79C7CB09069DE7362
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .W.o.o.d._.T.y.p.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):333258
                                                    Entropy (8bit):4.654450340871081
                                                    Encrypted:false
                                                    SSDEEP:6144:ybW83Zb181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:i
                                                    MD5:5632C4A81D2193986ACD29EADF1A2177
                                                    SHA1:E8FF4FDFEB0002786FCE1CF8F3D25F8E9631E346
                                                    SHA-256:06DE709513D7976690B3DD8F5FDF1E59CF456A2DFBA952B97EACC72FE47B238B
                                                    SHA-512:676CE1957A374E0F36634AA9CFFBCFB1E1BEFE1B31EE876483B10763EA9B2D703F2F3782B642A5D7D0945C5149B572751EBD9ABB47982864834EF61E3427C796
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.. <xsl:output method="html" encoding="us-ascii"/>.... <xsl:template match="*" mode="outputHtml2">.. <xsl:apply-templates mode="outputHtml"/>.. </xsl:template>.... <xsl:template name="StringFormatDot">.. <xsl:param name="format" />.. <xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.. <xsl:when test="$format = ''"></xsl:when>.. <xsl:when test="substring($format, 1, 2) = '%%'">.. <xsl:text>%</xsl:text>.. <xsl:call-template name="StringFormatDot">.. <xsl:with-param name="format" select="substring($format, 3)" />.. <xsl:with-param name=
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):328
                                                    Entropy (8bit):3.541819892045459
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXuqRDA5McaQVTi8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxny+AASZQoNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:C3216C3FC73A4B3FFFE7ED67153AB7B5
                                                    SHA1:F20E4D33BABE978BE6A6925964C57D6E6EF1A92E
                                                    SHA-256:7CF1D6A4F0BE5E6184F59BFB1304509F38E480B59A3B091DBDC43B052D2137CB
                                                    SHA-512:D3B78BE6E7633FF943F5E34063B5EFA4AF239CD49F437227FC7575F6CC65C497B7D6F6A979EA065065BEAF257CB368560B5462542692286052B5C7E5C01755BC
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .A.P.A.S.i.x.t.h.E.d.i.t.i.o.n.O.f.f.i.c.e.O.n.l.i.n.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):290
                                                    Entropy (8bit):3.5161159456784024
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUX+l8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyulNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:C15EB3F4306EBF75D1E7C3C9382DEECC
                                                    SHA1:A3F9684794FFD59151A80F97770D4A79F1D030A6
                                                    SHA-256:23C262DF3AEACB125E88C8FFB7DBF56FD23F66E0D476AFD842A68DDE69658C7F
                                                    SHA-512:ACDF7D69A815C42223FD6300179A991A379F7166EFAABEE41A3995FB2030CD41D8BCD46B566B56D1DFBAE8557AFA1D9FD55143900A506FA733DE9DA5D73389D6
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .t.u.r.a.b.i.a.n...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):344303
                                                    Entropy (8bit):5.023195898304535
                                                    Encrypted:false
                                                    SSDEEP:6144:UwprANnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:6
                                                    MD5:F079EC5E2CCB9CD4529673BCDFB90486
                                                    SHA1:FBA6696E6FA918F52997193168867DD3AEBE1AD6
                                                    SHA-256:3B651258F4D0EE1BFFC7FB189250DED1B920475D1682370D6685769E3A9346DB
                                                    SHA-512:4FFFA59863F94B3778F321DA16C43B92A3053E024BDD8C5317077EA1ECC7B09F67ECE3C377DB693F3432BF1E2D947EC5BF8E88E19157ED08632537D8437C87D6
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$pa
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):314
                                                    Entropy (8bit):3.5230842510951934
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXJuJaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyZuUw9eNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:F25AC64EC63FA98D9E37782E2E49D6E6
                                                    SHA1:97DD9CFA4A22F5B87F2B53EFA37332A9EF218204
                                                    SHA-256:834046A829D1EA836131B470884905856DBF2C3C136C98ADEEFA0F206F38F8AB
                                                    SHA-512:A0387239CDE98BCDE1668B582B046619C3B3505F9440343DAD22B1B7B9E05F3B74F2AE29E591EC37B6570A0C0E5FE571442873594B0684DDCCB4F6A1B5E10B1F
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .i.e.e.e.2.0.0.6.o.f.f.i.c.e.o.n.l.i.n.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):294178
                                                    Entropy (8bit):4.977758311135714
                                                    Encrypted:false
                                                    SSDEEP:6144:ydkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:b
                                                    MD5:0C9731C90DD24ED5CA6AE283741078D0
                                                    SHA1:BDD3D7E5B0DE9240805EA53EF2EB784A4A121064
                                                    SHA-256:ABCE25D1EB3E70742EC278F35E4157EDB1D457A7F9D002AC658AAA6EA4E4DCDF
                                                    SHA-512:A39E6201D6B34F37C686D9BD144DDD38AE212EDA26E3B81B06F1776891A90D84B65F2ABC5B8F546A7EFF3A62D35E432AF0254E2F5BFE4AA3E0CF9530D25949C0
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt"......xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.....<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="/">....<xsl:call-template name="Start"/>...</xsl:template>.....<xsl:template name="Start">....<xsl:choose>.....<xsl:when test="b:Version">......<xsl:text>2010.2.02</xsl:text>.....</xsl:when>.......<xsl:when test="b:XslVersion">......<xsl:text>2006</xsl:text>.....</xsl:when>.. <xsl:when test="b:StyleNameLocalized">.. <xsl:choose>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1033'">.. <xsl:text>IEEE</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1025'">.. <xsl:text>IEEE</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameL
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):562113
                                                    Entropy (8bit):7.67409707491542
                                                    Encrypted:false
                                                    SSDEEP:12288:/dy5Gtyp/FZ9QqjdxDfSp424XeavSktiAVE0:/dizp1ndpqpMZnV
                                                    MD5:4A1657A3872F9A77EC257F41B8F56B3D
                                                    SHA1:4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B
                                                    SHA-256:C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
                                                    SHA-512:7A2932639E06D79A5CE1D3C71091890D9E329CA60251E16AE4095E4A06C6428B4F86B7FFFA097BF3EEFA064370A4D51CA3DF8C89EAFA3B1F45384759DEC72922
                                                    Malicious:false
                                                    Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):278
                                                    Entropy (8bit):3.535736910133401
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXeAlFkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyRGymD0wbnKNAH/lMz1
                                                    MD5:487E25E610F3FC2EEA27AB54324EA8F6
                                                    SHA1:11C2BB004C5E44503704E9FFEEFA7EA7C2A9305C
                                                    SHA-256:022EC5077279A8E447B590F7260E1DBFF764DE5F9CDFD4FDEE32C94C66D4A1A2
                                                    SHA-512:B8DF351E2C0EF101CF91DC02E136A3EE9C1FDB18294BECB13A29D676FBBE791A80A58A18FBDEB953BC21EC54EB7608154D401407C461ABD10ACB94CE8AD0E092
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.a.n.d.e.d...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):4026
                                                    Entropy (8bit):7.809492693601857
                                                    Encrypted:false
                                                    SSDEEP:96:VpDCBFLhxaUGm5EWA07yNdKH1FQpy8tnX8Iz3b7TrT502+fPD:VpDYFFRMNU+RtXzLf35t+3D
                                                    MD5:5D9BAD7ADB88CEE98C5203883261ACA1
                                                    SHA1:FBF1647FCF19BCEA6C3CF4365C797338CA282CD2
                                                    SHA-256:8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
                                                    SHA-512:7132923869A3DA2F2A75393959382599D7C4C05CA86B4B27271AB9EA95C7F2E80A16B45057F4FB729C9593F506208DC70AF2A635B90E4D8854AC06C787F6513D
                                                    Malicious:false
                                                    Preview:PK........YnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........bnB;?.......f......._rels/.rels...J.1.._%..f....m/.,x...&.lt.dV.y.|.."v....q..|......r..F..)..;.T5g.eP..O..Z.^-.8...<.Y....Q.."....*D.%.!9.R&#".'0(.u}).!..l....b..J..rr....P.L.w..0.-......A..w..x.7U...Fu<mT.....^s...F./ ..( .4L..`.....}...O..4.L...+H.z...m..j[].=........oY}.PK........J.L6...m....,.......diagrams/layout1.xml.X.n.8.}N.....PG.............wZ.,.R.%.K...J.H]....y.3..9...O..5."J.1.\.1....Q....z......e.5].)...$b.C)...Gx!...J3..N..H...s....9.~...#..$...W.8..I`|..0xH}......L.|..(V;..1...kF..O=...j...G.X.....T.,d>.w.Xs.......3L.r..er\o..D..^....O.F.{:.>.R'....Y-...B.P.;....X.'c...{x*.M7..><l.1.w..{].46.>.z.E.J.......G......Hd..$..7....E.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):250
                                                    Entropy (8bit):3.4916022431157345
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXsAl8xoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny8A8xoGHmD0+dAH/luWvv
                                                    MD5:1A314B08BB9194A41E3794EF54017811
                                                    SHA1:D1E70DB69CA737101524C75E634BB72F969464FF
                                                    SHA-256:9025DD691FCAD181D5FD5952C7AA3728CD8A2CAF20DEA14930876419BED9B379
                                                    SHA-512:AB29C8674A85711EABAE5F9559E9048FE91A2F51EB12D5A46152A310DE59F759DF8C617DA248798A7C20F60E26FBB1B0FC8DB47C46B098BCD26CF8CE78989ACA
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.r.a.c.k.e.t.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):254
                                                    Entropy (8bit):3.4845992218379616
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXQFoElh/lE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny8lLGHmD0+dAH/luWvv
                                                    MD5:E8B30D1070779CC14FBE93C8F5CF65BE
                                                    SHA1:9C87F7BC66CF55634AB3F070064AAF8CC977CD05
                                                    SHA-256:2E90434BE1F6DCEA9257D42C331CD9A8D06B848859FD4742A15612B2CA6EFACB
                                                    SHA-512:C0D5363B43D45751192EF06C4EC3C896A161BB11DBFF1FC2E598D28C644824413C78AE3A68027F7E622AF0D709BE0FA893A3A3B4909084DF1ED9A8C1B8267FCA
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .H.e.x.a.g.o.n.R.a.d.i.a.l...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):6024
                                                    Entropy (8bit):7.886254023824049
                                                    Encrypted:false
                                                    SSDEEP:96:bGa2onnLYHTSSxpHVTSH1bywZKmpRqiUtFvS9xrPooBpni6eDa16MUELHsrKjRBA:SJonLYzSSr1TuZNwtFZKpiiyrKXuCUd
                                                    MD5:20621E61A4C5B0FFEEC98FFB2B3BCD31
                                                    SHA1:4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4
                                                    SHA-256:223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
                                                    SHA-512:BDF3A8E3D6EE87D8ADE0767918603B8D238CAE8A2DD0C0F0BF007E89E057C7D1604EB3CCAF0E1BA54419C045FC6380ECBDD070F1BB235C44865F1863A8FA7EEA
                                                    Malicious:false
                                                    Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........2..<..]#.....'......diagrams/layout1.xml.].r.8...V.;0.;..aO........{.....V..3].d{..............\. .#.t... ........x<...@7o.]..7.N..@.NF..../....S.../.xC..U...<..Q.=...|..v.....cQ..Y=.....i`.. ..?.;...Go....x.O.$....7s..0..qg....|..r..l.w.a..p.3.Em7v...N............3..7...N.\\..f...9...U$..7...k.C..M.@\.s....G/..?...I...t.Yos...p..z...6.lnqi.6..<..1qg+......#]....|C/N..K\}.....#..".
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):280
                                                    Entropy (8bit):3.484503080761839
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXGdQ1MecJZMlWlk2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny2dQ98MlWlzGHmD0+dAH/luWvv
                                                    MD5:1309D172F10DD53911779C89A06BBF65
                                                    SHA1:274351A1059868E9DEB53ADF01209E6BFBDFADFB
                                                    SHA-256:C190F9E7D00E053596C3477455D1639C337C0BE01012C0D4F12DFCB432F5EC56
                                                    SHA-512:31B38AD2D1FFF93E03BF707811F3A18AD08192F906E36178457306DDAB0C3D8D044C69DE575ECE6A4EE584800F827FB3C769F98EA650F1C208FEE84177070339
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .I.n.t.e.r.c.o.n.n.e.c.t.e.d.B.l.o.c.k.P.r.o.c.e.s.s...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):9191
                                                    Entropy (8bit):7.93263830735235
                                                    Encrypted:false
                                                    SSDEEP:192:oeAMExvPJMg+yE+AfJLi3+Xoj7F3sPgMG61J88eDhFWT7hFNsdJtnLYJ7tSh:v2d+hnfJLi3+4ja4WqhFWT7FsdHMA
                                                    MD5:08D3A25DD65E5E0D36ADC602AE68C77D
                                                    SHA1:F23B6DDB3DA0015B1D8877796F7001CABA25EA64
                                                    SHA-256:58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
                                                    SHA-512:77D24C272D67946A3413D0BEA700A7519B4981D3B4D8486A655305546CE6133456321EE94FD71008CBFD678433EA1C834CFC147179B31899A77D755008FCE489
                                                    Malicious:false
                                                    Preview:PK.........]w>....<...5.......diagrams/layout1.xmlz........].r.F.}......1w`.J..'.......w..Dn. d....~........pw...O.......s...?...p7.t>e.r<.]u.e..d..|8..\uo.......K...._.Y..E6.|..y;........y.*/:o./...:[.o.+/.....?.....Z.?..s..d}...S.`...b.^o9.e.ty9_d...y>M.....7...e....."....<.v.u...e:].N.t....a....0..}..bQ.Y..>.~..~...U.|..Ev.....N...bw....{...O..Y.Y.&........A.8Ik...N.Z.P.[}t........|m...E..v..,..6........_?..."..K<.=x....$..%@.e..%....$=F..G..e........<F..G51..;......=...e.e.q..d......A...&9'.N.\%.=N.Z.9.s......y.4.Q.c......|8.......Eg.:.ky.z.h.......).O...mz...N.wy.m...yv....~8.?Lg..o.l.y:.....z.i..j.irxI.w...r.......|.=....s};.\u.{t;i~S.......U7..mw...<.vO...M.o...W.U.....}.`V<|..%....l..`>]..".].I.i.N..Z..~Lt.........}?..E~:..>$......x...%.........N....'C.m.=...w.=.Y...+'M.].2 >.]_~...'.?...:....z.O..Y......6..5...sj?.....).B..>.3...G...p.9.K!..[H..1$v../...E V..?`....+[...C......h..!.QI5....<.>...A.d.......
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):302
                                                    Entropy (8bit):3.537169234443227
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXfQIUA/e/Wl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyXZ/eulNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:9C00979164E78E3B890E56BE2DF00666
                                                    SHA1:1FA3C439D214C34168ADF0FBA5184477084A0E51
                                                    SHA-256:21CCB63A82F1E6ACD6BAB6875ABBB37001721675455C746B17529EE793382C7B
                                                    SHA-512:54AC8732C2744B60DA744E54D74A2664658E4257A136ABE886FF21585E8322E028D8243579D131EF4E9A0ABDDA70B4540A051C8B8B60D65C3EC0888FD691B9A7
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .i.s.o.6.9.0.n.m.e.r.i.c.a.l...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):217137
                                                    Entropy (8bit):5.068335381017074
                                                    Encrypted:false
                                                    SSDEEP:6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P
                                                    MD5:3BF8591E1D808BCCAD8EE2B822CC156B
                                                    SHA1:9CC1E5EFD715BD0EAE5AF983FB349BAC7A6D7BA0
                                                    SHA-256:7194396E5C833E6C8710A2E5D114E8E24338C64EC9818D51A929D57A5E4A76C8
                                                    SHA-512:D434A4C15DA3711A5DAAF5F7D0A5E324B4D94A04B3787CA35456BFE423EAC9D11532BB742CDE6E23C16FA9FD203D3636BD198B41C7A51E7D3562D5306D74F757
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>...... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$parame
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):254
                                                    Entropy (8bit):3.4721586910685547
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUX9+RclTloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyteUTloGHmD0+dAH/luWvv
                                                    MD5:4DD225E2A305B50AF39084CE568B8110
                                                    SHA1:C85173D49FC1522121AA2B0B2E98ADF4BB95B897
                                                    SHA-256:6F00DD73F169C73D425CB9895DAC12387E21C6E4C9C7DDCFB03AC32552E577F4
                                                    SHA-512:0493AB431004191381FF84AD7CC46BD09A1E0FEEC16B3183089AA8C20CC7E491FAE86FE0668A9AC677F435A203E494F5E6E9E4A0571962F6021D6156B288B28A
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .c.h.e.v.r.o.n.a.c.c.e.n.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):4243
                                                    Entropy (8bit):7.824383764848892
                                                    Encrypted:false
                                                    SSDEEP:96:22MQe4zHye8/djzF+JjvtmMkkBpF7e0LTkaf:22De4zHHCvF+nRBDXoaf
                                                    MD5:7BC0A35807CD69C37A949BBD51880FF5
                                                    SHA1:B5870846F44CAD890C6EFF2F272A037DA016F0D8
                                                    SHA-256:BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
                                                    SHA-512:B5B785D693216E38B5AB3F401F414CADACCDCB0DCA4318D88FE1763CD3BAB8B7670F010765296613E8D3363E47092B89357B4F1E3242F156750BE86F5F7E9B8D
                                                    Malicious:false
                                                    Preview:PK........NnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........TnB;..d.....h......._rels/.rels...J.0.._%.n..)"....<.w.&.4..!...y.|.........|.&3.o.....S..K.T5g.U....g..n.f....T*.hcf...D.V..Ft....d....c2".z.....N.s._2....7.0.V.]P.CO?...`...8....4&......_i..Y.T...Z...g....{-...]..pH..@.8....}tP.)..B>..A...S&......9..@...7........b_.PK........r};5.z..............diagrams/layout1.xml.X.n.8.}.........4.+.(...@......(..J..._.!)..b..v.}.H..zf8...dhM....E..I.H..V.Y.R..2zw5L~....^..]...J_..4.\.\......8..z..2T..".X.l.F#......5....,*....c....r.kR.I.E..,.2...&%..''.qF.R.2.....T;F...W.. ...3...AR.OR.O..J}.w6..<...,.x..x....`g?.t.I.{.I...|X..g.....<BR..^...Q.6..m.kp...ZuX.?.z.YO.g...$.......'.]..I.#...]$/~`${.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):264
                                                    Entropy (8bit):3.4866056878458096
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUX0XrZUloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXWloGHmD0+dAH/luWvv
                                                    MD5:6C489D45F3B56845E68BE07EA804C698
                                                    SHA1:C4C9012C0159770CB882870D4C92C307126CEC3F
                                                    SHA-256:3FE447260CDCDEE287B8D01CF5F9F53738BFD6AAEC9FB9787F2826F8DEF1CA45
                                                    SHA-512:D1355C48A09E7317773E4F1613C4613B7EA42D21F5A6692031D288D69D47B19E8F4D5A29AFD8B751B353FC7DE865EAE7CFE3F0BEC05F33DDF79526D64A29EB18
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.h.e.m.e.P.i.c.t.u.r.e.A.c.c.e.n.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):6448
                                                    Entropy (8bit):7.897260397307811
                                                    Encrypted:false
                                                    SSDEEP:192:tgaoRbo1sMjb0NiJ85oPtqcS+yaXWoa8XBzdJYnLYFtWT7:LR1sk+i4o1qc1yaukzd8MK
                                                    MD5:42A840DC06727E42D42C352703EC72AA
                                                    SHA1:21AAAF517AFB76BF1AF4E06134786B1716241D29
                                                    SHA-256:02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
                                                    SHA-512:8886BFD240D070237317352DEB3D46C6B07E392EBD57730B1DED016BD8740E75B9965F7A3FCD43796864F32AAE0BE911AB1A670E9CCC70E0774F64B1BDA93488
                                                    Malicious:false
                                                    Preview:PK.........k.>........'......diagrams/layout1.xmlz........].r.8.}.V.?p.n....g*5..JUn.....(SU......T.l.......X.d."m."..S....F..P.........-..<Y^..=..e.L....m>.pG.....M~...+\....u}o...".Yn}Y.".-r......0...'/........{........F.~.M8.d....(.....q.D.....4\.;.D,.\.)n.S....Z.cl.|<..7._.dk..7..E.......kS...d.....i.....noX...o.W#9..}.^..I0....G.......+.K.[i.O.|G..8=.;.8.8.8.8.....{..-..^.y..[.....`...0..f...Q<^~..*.l....{...pA.z.$.$R.../...E.(..Q.(V.E_ ......X]Q..Y9.......>...8......l..--.ug.......I.;..].u.b.3Lv:.d.%H..l<...V...$.M..A>...^M./.[..I....o~,.U. .$d\..?........O.;..^M..O...A.$Yx..|f.n...H.=.|!cG)dd%..(... ..Xe......2B."i...n....P.R..E?... Y.I6...7n..Xs..J..K..'..JaU..d..|.(y.a.....d......D.Dr...._.._..m..Yu..6.o.\......&.m....wy...4k?..~........f....0.. \...}iS.i..R....q-#_..g........{Z.u.V.r(....j.I...,R..f.=.n.[.'..L'd.n C.0.I.....RpaV........c.k..NR....)B^k...d.i...d0.E. ^..G.']....x.c.>'..p...y.ny.P.x6..%.J\.....De.B\.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):288
                                                    Entropy (8bit):3.523917709458511
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXC1l8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnySvNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:4A9A2E8DB82C90608C96008A5B6160EF
                                                    SHA1:A49110814D9546B142C132EBB5B9D8A1EC23E2E6
                                                    SHA-256:4FA948EEB075DFCB8DCA773A3F994560C69D275690953625731C4743CD5729F7
                                                    SHA-512:320B9CC860FFBDB0FD2DB7DA7B7B129EEFF3FFB2E4E4820C3FBBFEA64735EB8CFE1F4BB5980302770C0F77FF575825F2D9A8BB59FC80AD4C198789B3D581963B
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .c.h.i.c.a.g.o...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):296658
                                                    Entropy (8bit):5.000002997029767
                                                    Encrypted:false
                                                    SSDEEP:6144:RwprAMk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:M
                                                    MD5:9AC6DE7B629A4A802A41F93DB2C49747
                                                    SHA1:3D6E929AA1330C869D83F2BF8EBEBACD197FB367
                                                    SHA-256:52984BC716569120D57C8E6A360376E9934F00CF31447F5892514DDCCF546293
                                                    SHA-512:5736F14569E0341AFB5576C94B0A7F87E42499CEC5927AAC83BB5A1F77B279C00AEA86B5F341E4215076D800F085D831F34E4425AD9CFD52C7AE4282864B1E73
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):286
                                                    Entropy (8bit):3.4670546921349774
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUX0XPYDxUloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXPYDCloGHmD0+dAH/luWvv
                                                    MD5:3D52060B74D7D448DC733FFE5B92CB52
                                                    SHA1:3FBA3FFC315DB5B70BF6F05C4FF84B52A50FCCBC
                                                    SHA-256:BB980559C6FC38B703D1E9C41720D5CE8D00D2FF86D4F25136DB02B1E54B1518
                                                    SHA-512:952EF139A72562A528C1052F1942DAE1C0509D67654BF5E7C0602C87F90147E8EE9E251D2632BCB5B511AB2FF8A3734293D0A4E3DBD3D187F5E3C042685F9A0C
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.h.e.m.e.P.i.c.t.u.r.e.A.l.t.e.r.n.a.t.i.n.g.A.c.c.e.n.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):5630
                                                    Entropy (8bit):7.87271654296772
                                                    Encrypted:false
                                                    SSDEEP:96:n5ni6jKZWsD+QJaUQ7R6qYFF5QS+BEgeJam6S7ZCHuKViGa2CnnLYLt/ht:nccqxIBdQ1QS+uDJanS7ZCHHVdJCnLY5
                                                    MD5:2F8998AA9CF348F1D6DE16EAB2D92070
                                                    SHA1:85B13499937B4A584BEA0BFE60475FD4C73391B6
                                                    SHA-256:8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
                                                    SHA-512:F10F7772985EDDA442B9558127F1959FF0A9909C7B7470E62D74948428BFFF7E278739209E8626AE5917FF728AFB8619AE137BEE2A6A4F40662122208A41ABB2
                                                    Malicious:false
                                                    Preview:PK...........<..W8...j.......diagrams/layout1.xmlz........]......Hy..{...n .l.:.D.vvW..s....-a..fg&.}.\..+......4M..'=...(._.U]U......_.....U...k}.y.,......C..._^.......w/."7....v..Ea........Q..u..D{..{v.x.]....AtB15u..o...w..o.1...f.L...I<[zk7..7^..,.h.&l3...#..)..'H..d.r.#w=b...Ocw.y.&.v..t.>.s..m^M7..8I?o7................H...b....Qv.;'..%.f..#vR....V.H.),g..`...)(..m...[l...b...,.....U...Q.{.y.y.....G.I.tT.n..N.....A.tR..tr....i.<.......,.n:.#.A..a!X.......DK..;v..._M..lSc../n...v.....}.....I.|8.!b.C..v..|.....4l..n.;<9.i./..}!&2.c/.r...>.X02[..|.a.-.....$#-....>...{.M].>3.,\o.x....X%;.F.k.)*".I8<.0..#......?.h..-..O.2.B.s..v....{Abd...h0....H..I.. ...%...$1.Fyd..Y....U...S.Y.#.V.....TH(....%..nk.3Y.e.m.-.S..Q...j.Ai..E..v......4.t.|..&"...{..4.!.h.....C.P.....W...d[.....U<Yb;B.+W.!.@B....!.=......b"...Y.N;.#..Q...0G.lW...]7:...#9!z......|f..r..x.....t........`.uL1u.:.....U.D.n.<Q.[%...ngC./..|...!..q;;.w.".D..lt.".l.4".mt...E..mt
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):252
                                                    Entropy (8bit):3.4680595384446202
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXivlE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyydGHmD0+dAH/luWvv
                                                    MD5:D79B5DE6D93AC06005761D88783B3EE6
                                                    SHA1:E05BDCE2673B6AA8CBB17A138751EDFA2264DB91
                                                    SHA-256:96125D6804544B8D4E6AE8638EFD4BD1F96A1BFB9EEF57337FFF40BA9FF4CDD1
                                                    SHA-512:34057F7B2AB273964CB086D8A7DF09A4E05D244A1A27E7589BDC7E5679AB5F587FAB52A2261DB22070DA11EF016F7386635A2B8E54D83730E77A7B142C2E3929
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .a.r.c.h.i.t.e.c.t.u.r.e...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):5783
                                                    Entropy (8bit):7.88616857639663
                                                    Encrypted:false
                                                    SSDEEP:96:CDG4D+8VsXzXc2zLXTJ2XFY47pk2G7HVlwFzTXNbMfmn2ivLZcreFWw5fc9ADdZm:CDG4DRGY23l2Xu47GL7YtT9V29yWvWdk
                                                    MD5:8109B3C170E6C2C114164B8947F88AA1
                                                    SHA1:FC63956575842219443F4B4C07A8127FBD804C84
                                                    SHA-256:F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
                                                    SHA-512:F8A8D7A6469CD3E7C31F3335DDCC349AD7A686730E1866F130EE36AA9994C52A01545CE73D60B642FFE0EE49972435D183D8CD041F2BB006A6CAF31BAF4924AC
                                                    Malicious:false
                                                    Preview:PK.........A;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........pnB;.M.:....g......._rels/.rels...J.0.._%.n....xp..,{.i2M.........G..........7...3o/.......d.kyU....^..[>Q....j.#P.H......Z>..+!...B*|@...G...E....E]..".3.......!..7....,:..,.......Ot..0r....Z..&1..U..p.U-.[Uq&.......................Gyy.}n.(.C(i.x........?.vM..}..%.7.b.>L..]..PK........EV:5K..4....H......diagrams/layout1.xml.Yo.6........S.`......$M...Q8A...R..T.k...K.4CQG..}.A..9.?R....!&...Q..ZW.......Q....<8..z..g....4{d.>..;.{.>.X.....Y.2.......cR....9e.. ...}L.....yv&.&...r..h...._..M. e...[..}.>.k..........3.`.ygN...7.w..3..W.S.....w9....r(....Zb..1....z...&WM.D<......D9...ge......6+.Y....$f......wJ$O..N..FC..Er........?..is...-Z
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):256
                                                    Entropy (8bit):3.4842773155694724
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXDAlIJAFIloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyMlI7loGHmD0+dAH/luWvv
                                                    MD5:923D406B2170497AD4832F0AD3403168
                                                    SHA1:A77DA08C9CB909206CDE42FE1543B9FE96DF24FB
                                                    SHA-256:EBF9CF474B25DDFE0F6032BA910D5250CBA2F5EDF9CF7E4B3107EDB5C13B50BF
                                                    SHA-512:A4CD8C74A3F916CA6B15862FCA83F17F2B1324973CCBCC8B6D9A8AEE63B83A3CD880DC6821EEADFD882D74C7EF58FA586781DED44E00E8B2ABDD367B47CE45B7
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .C.o.n.v.e.r.g.i.n.g.T.e.x.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):11380
                                                    Entropy (8bit):7.891971054886943
                                                    Encrypted:false
                                                    SSDEEP:192:VJcnLYnAVbOFLaCPLrGGbhaWEu6d3RmryqLkeAShObPb1AYcRMMXjkfa0nYBwggD:VcMC8lLrRbhy1ZqLyShYb1FHQ4C0nYQJ
                                                    MD5:C9F9364C659E2F0C626AC0D0BB519062
                                                    SHA1:C4036C576074819309D03BB74C188BF902D1AE00
                                                    SHA-256:6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
                                                    SHA-512:173A5E68E55163B081C5A8DA24AE46428E3FB326EBE17AE9588C7F7D7E5E5810BFCF08C23C3913D6BEC7369E06725F50387612F697AC6A444875C01A2C94D0FF
                                                    Malicious:false
                                                    Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........q.~<.6..9 ...e......diagrams/layout1.xml..r.........{.]..u...xv7b.....HPd....t.q...b.i_a.'..P.f.3..F..1...U.u.*.2......?}..O..V.....yQ.Mf........w.....O....N.........t3;...e....j.^.o&.....w...../.w................e.................O..,./..6...8>^.^..........ru5...\.=>[M?......g..........w.N....i.........iy6.?........>.......>{yT...........x.........-...z5.L./.g......_.l.1.....#...|...pr.q
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):274
                                                    Entropy (8bit):3.438490642908344
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXZlaWimoa2nRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxnyplagN2RGHmD0wbnKYZAH+Vwv
                                                    MD5:0F98498818DC28E82597356E2650773C
                                                    SHA1:1995660972A978D17BC483FCB5EE6D15E7058046
                                                    SHA-256:4587CA0B2A60728FF0A5B8E87D35BF6C6FDF396747E13436EC856612AC1C6288
                                                    SHA-512:768562F20CFE15001902CCE23D712C7439721ECA6E48DDDCF8BFF4E7F12A3BC60B99C274CBADD0128EEA1231DB19808BAA878E825497F3860C381914C21B46FF
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .E.l.e.m.e.n.t. .d.e.s.i.g.n. .s.e.t...d.o.t.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.W.D. .D.o.c.u.m.e.n.t. .P.a.r.t.s.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):34415
                                                    Entropy (8bit):7.352974342178997
                                                    Encrypted:false
                                                    SSDEEP:768:ev13NPo9o5NGEVIi3kvH+3SMdk7zp3tE2:ev13xoOE+R3BkR7
                                                    MD5:7CDFFC23FB85AD5737452762FA36AAA0
                                                    SHA1:CFBC97247959B3142AFD7B6858AD37B18AFB3237
                                                    SHA-256:68A8FBFBEE4C903E17C9421082E839144C205C559AFE61338CBDB3AF79F0D270
                                                    SHA-512:A0685FD251208B772436E9745DA2AA52BC26E275537688E3AB44589372D876C9ACE14B21F16EC4053C50EB4C8E11787E9B9D922E37249D2795C5B7986497033E
                                                    Malicious:false
                                                    Preview:PK.........Y5B#.W ............[Content_Types].xml ...(...................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.....D....>.V...f-}..r9....=..Mn..U..5.(.....a...E..b....*..w.$...,O_fu."[P..WU=.;.....5..wdt..y1.......i.44-.r....;./.biG=.HK...........&o[B....z.7.o...&.......[.oL_7cuN..&e..ccAo...YW......8...Y>.&DVy...-&.*...Y.....4.u.., !po....9W....g..F...*+1....d,'...L.M[-~.Ey. ......[
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):486596
                                                    Entropy (8bit):7.668294441507828
                                                    Encrypted:false
                                                    SSDEEP:6144:A+JBmUx0Zo24n8z/2NSYFl2qGBuv8p6+LwwYmN59wBttsdJrmXMlP1NwQoGgeL:fNgxz/g5z2BT6+Eu0ntMcczNQG5L
                                                    MD5:0E37AECABDB3FDF8AAFEDB9C6D693D2F
                                                    SHA1:F29254D2476DF70979F723DE38A4BF41C341AC78
                                                    SHA-256:7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
                                                    SHA-512:DE6AFE015C1D41737D50ADD857300996F6E929FED49CB71BC59BB091F9DAB76574C56DEA0488B0869FE61E563B07EBB7330C8745BC1DF6305594AC9BDEA4A6BF
                                                    Malicious:false
                                                    Preview:PK.........V'BE,.{....#P......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):274
                                                    Entropy (8bit):3.535303979138867
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUX3IlVARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnynG6ymD0wbnKNAH/lMz1
                                                    MD5:35AFE8D8724F3E19EB08274906926A0B
                                                    SHA1:435B528AAF746428A01F375226C5A6A04099DF75
                                                    SHA-256:97B8B2E246E4DAB15E494D2FB5F8BE3E6361A76C8B406C77902CE4DFF7AC1A35
                                                    SHA-512:ACF4F124207974CFC46A6F4EA028A38D11B5AF40E55809E5B0F6F5DABA7F6FC994D286026FAC19A0B4E2311D5E9B16B8154F8566ED786E5EF7CDBA8128FD62AF
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .V.i.e.w...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):777647
                                                    Entropy (8bit):7.689662652914981
                                                    Encrypted:false
                                                    SSDEEP:6144:B04bNOJMngI856k0wwOGXMaXTLaTDmfBaN2Tx9iSUk1PdSnc0lnDlcGMcEFYYYYt:xbY6ngI46Aw5dmyYYYYYYYYY7p8d
                                                    MD5:B30D2EF0FC261AECE90B62E9C5597379
                                                    SHA1:4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3
                                                    SHA-256:BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
                                                    SHA-512:2E728408C20C3C23C84A1C22DB28F0943AAA960B4436F8C77570448D5BEA9B8D53D95F7562883FA4F9B282DFE2FD07251EEEFDE5481E49F99B8FEDB66AAAAB68
                                                    Malicious:false
                                                    Preview:PK.........V'B.._<....-.......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):290
                                                    Entropy (8bit):3.5091498509646044
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUX1MiDuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyFdMymD0wbnKNAH/lMz1
                                                    MD5:23D59577F4AE6C6D1527A1B8CDB9AB19
                                                    SHA1:A345D683E54D04CC0105C4BFFCEF8C6617A0093D
                                                    SHA-256:9ADD2C3912E01C2AC7FAD6737901E4EECBCCE6EC60F8E4D78585469A440E1E2C
                                                    SHA-512:B85027276B888548ECB8A2FC1DB1574C26FF3FCA7AF1F29CD5074EC3642F9EC62650E7D47462837607E11DCAE879B1F83DF4762CA94667AE70CBF78F8D455346
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .M.e.t.r.o.p.o.l.i.t.a.n...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):608122
                                                    Entropy (8bit):7.729143855239127
                                                    Encrypted:false
                                                    SSDEEP:6144:Ckl6KRKwg9jf2q/bN69OuGFlC/DUhq68xOcJzGYnTxlLqU8dmTW:8yKwgZ2qY9kA7Uhq68H3ybmq
                                                    MD5:8BA551EEC497947FC39D1D48EC868B54
                                                    SHA1:02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF
                                                    SHA-256:DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
                                                    SHA-512:CC97F9B2C83FF7CAC32AB9A9D46E0ACDE13EECABECD653C88F74E4FC19806BB9498D2F49C4B5581E58E7B0CB95584787EA455E69D99899381B592BEA177D4D4B
                                                    Malicious:false
                                                    Preview:PK.........LGE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK.........LG.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):278
                                                    Entropy (8bit):3.516359852766808
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXKwRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6qymD0wbnKNAH/lMz1
                                                    MD5:960E28B1E0AB3522A8A8558C02694ECF
                                                    SHA1:8387E9FD5179A8C811CCB5878BAC305E6A166F93
                                                    SHA-256:2707FCA8CEC54DF696F19F7BCAD5F0D824A2AC01B73815DE58F3FCF0AAB3F6A0
                                                    SHA-512:89EA06BA7D18B0B1EA624BBC052F73366522C231BD3B51745B92CF056B445F9D655F9715CBDCD3B2D02596DB4CD189D91E2FE581F2A2AA2F6D814CD3B004950A
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .P.a.r.c.e.l...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):966946
                                                    Entropy (8bit):7.8785200658952
                                                    Encrypted:false
                                                    SSDEEP:24576:qBcvGBGhXQir6H1ws6+iU0YuA35VuinHX2NPs:ccvGBGdQ5CsMxQVj3yPs
                                                    MD5:F03AB824395A8F1F1C4F92763E5C5CAD
                                                    SHA1:A6E021918C3CEFFB6490222D37ECEED1FC435D52
                                                    SHA-256:D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD
                                                    SHA-512:0241146B63C938F11045FB9DF5360F63EF05B9B3DD1272A3E3E329A1BFEC5A4A645D5472461DE9C06CFE4ADB991FE96C58F0357249806C341999C033CD88A7AF
                                                    Malicious:false
                                                    Preview:PK..........1A.......F`......[Content_Types].xml..n.@.._.y.ac $..,........-..g@.u.G.+t.:........D1...itgt>...k..lz;].8Kg^....N.l..........0.~}....ykk.A`..N..\...2+.e.c..r..P+....I.e.......|.^/.vc{......s..z....f^...8...'.zcN&.<....}.K.'h..X..y.c.qnn.s%...V('~v.W.......I%nX`.....G.........r.Gz.E..M.."..M....6n.a..V.K6.G?Qqz..............\e.K.>..lkM...`...k.5...sb.rbM8..8..9..pb..R..{>$..C.>......X..iw.'..a.09CPk.n...v....5n..Uk\...SC...j.Y.....Vq..vk>mi......z..t....v.]...n...e(.....s.i......]...q.r....~.WV/.j.Y......K..-.. Z..@.\.P..W...A..X8.`$C.F(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........c..0F...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP..........(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-.............0A...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP.........w(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........T..GI..~.....~....PK..........1A.s@.....O......._rels/.rels...J.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):282
                                                    Entropy (8bit):3.5323495192404475
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXhduDARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyxdumymD0wbnKNAH/lMz1
                                                    MD5:BD6B5A98CA4E6C5DBA57C5AD167EDD00
                                                    SHA1:CCFF7F635B31D12707DC0AC6D1191AB5C4760107
                                                    SHA-256:F22248FE60A55B6C7C1EB31908FAB7726813090DE887316791605714E6E3CEF7
                                                    SHA-512:A178299461015970AF23BA3D10E43FCA5A6FB23262B0DD0C5DDE01D338B4959F222FD2DC2CC5E3815A69FDDCC3B6B4CB8EE6EC0883CE46093C6A59FF2B042BC1
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .Q.u.o.t.a.b.l.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):976001
                                                    Entropy (8bit):7.791956689344336
                                                    Encrypted:false
                                                    SSDEEP:24576:zHM7eZGgFiHMRej4N9tpytNZ+tIw5ErZBImlX0m:zHM7eZGgFiHMRej++NZ+F5WvllZ
                                                    MD5:9E563D44C28B9632A7CF4BD046161994
                                                    SHA1:D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11
                                                    SHA-256:86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86
                                                    SHA-512:8EB14A1B10CB5C7607D3E07E63F668CFC5FC345B438D39138D62CADF335244952FBC016A311D5CB8A71D50660C49087B909528FC06C1D10AF313F904C06CBD5C
                                                    Malicious:false
                                                    Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):278
                                                    Entropy (8bit):3.5270134268591966
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXa3Y1kRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyt1mymD0wbnKNAH/lMz1
                                                    MD5:327DA4A5C757C0F1449976BE82653129
                                                    SHA1:CF74ECDF94B4A8FD4C227313C8606FD53B8EEA71
                                                    SHA-256:341BABD413AA5E8F0A921AC309A8C760A4E9BA9CFF3CAD3FB2DD9DF70FD257A6
                                                    SHA-512:9184C3FB989BB271B4B3CDBFEFC47EA8ABEB12B8904EE89797CC9823F33952BD620C061885A5C11BBC1BD3978C4B32EE806418F3F21DA74F1D2DB9817F6E167E
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.e.r.l.i.n...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):1091485
                                                    Entropy (8bit):7.906659368807194
                                                    Encrypted:false
                                                    SSDEEP:24576:oBpmCkw3Tg/euEB+UdoC4k7ytHkHA6B/puqW2MIkTeSBmKrZHQ:MR3c/AseydwppC7veSBmWHQ
                                                    MD5:2192871A20313BEC581B277E405C6322
                                                    SHA1:1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085
                                                    SHA-256:A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC
                                                    SHA-512:6D8844D2807BB90AEA6FE0DDDB9C67542F587EC9B7FC762746164B2D4A1A99EF8368A70C97BAD7A986AAA80847F64408F50F4707BB039FCCC509133C231D53B9
                                                    Malicious:false
                                                    Preview:PK...........G`.jaV....P......[Content_Types].xml...n.@...W......T@.mwM.E....)....y...H}.N..ll8.h5g6Q.=3_......?...x..e^Di.p.^.ud...(Y/..{w..r..9.../M...Q*{..E...(.4..>..y,.>..~&..b-.a.?..4Q2Q=.2.......m....>-....;]......N'..A...g.D.m.@(}..'.3Z....#....(+....-q<uq.+....?....1.....Y?Oy......O"..J?....Q$zT.].7.N..Q Wi.....<.........-..rY....hy.x[9.b.%-<.V?.(......;r.+...Q<.;U.....4...!'k...s.&..)'k...d.s..}R....o".D.I..7..7.KL.7..Z.....v..b.5.2].f....l.t....Z...Uk...j.&.U-....&>.ia1..9lhG..Q.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.........j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oT/-c..`....7FaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,..7...&(L.....>.kw...i...i...i...i...i...i...i.......I...U_.....vT.....}..\...v..W.!-W.!-W.!-W.!-W.!-W.!-W.!-W.U...7.....k.pT...0..O.... ...>..>..>..>..>..>..>......f..2V}....W>jO....5..].?.o..oPK...........G.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):280
                                                    Entropy (8bit):3.5301133500353727
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXp2pRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyZ2vymD0wbnKNAH/lMz1
                                                    MD5:1C5D58A5ED3B40486BC22B254D17D1DD
                                                    SHA1:69B8BB7B0112B37B9B5F9ADA83D11FBC99FEC80A
                                                    SHA-256:EBE031C340F04BB0235FE62C5A675CF65C5CC8CE908F4621A4F5D7EE85F83055
                                                    SHA-512:4736E4F26C6FAAB47718945BA54BD841FE8EF61F0DBA927E5C4488593757DBF09689ABC387A8A44F7C74AA69BA89BEE8EA55C87999898FEFEB232B1BA8CC7086
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .G.a.l.l.e.r.y...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):1204049
                                                    Entropy (8bit):7.92476783994848
                                                    Encrypted:false
                                                    SSDEEP:24576:+3zSQBxvOUIpHLYTCEmS1Wu09jRalJP3sdgnmAOFt0zU4L0MRx5QNn5:+bvI5UTCPu09qP3JPOFoR4N5
                                                    MD5:FD5BBC58056522847B3B75750603DF0C
                                                    SHA1:97313E85C0937739AF7C7FC084A10BF202AC9942
                                                    SHA-256:44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F
                                                    SHA-512:DBD72827044331215A7221CA9B0ECB8809C7C79825B9A2275F3450BAE016D7D320B4CA94095F7CEF4372AC63155C78CA4795E23F93166D4720032ECF9F932B8E
                                                    Malicious:false
                                                    Preview:PK..........1A..d T....P......[Content_Types].xml..Ms.@.....!...=.7....kX 5o.,L..<..........d..g/..dw.]...C...9...#g/."L..;...#. ]..f...w../._.3Y8..X.[..7._.[...K3..3.4......D.]l.?...~.&J&...s...;...H9...e.3.q.....k-.0>Lp:.7..eT...Y...P...OVg.....G..).aV...\Z.x...W.>f...oq.8.....I?Ky...g..."...J?....A$zL.].7.M.^..\....C..d/;.J0.7k.X4.e..?N{....r.."LZx.H?. ......;r.+...A<.;U.....4...!'k...s.&..)'k...d..d......._E..D...o..o...o...f.7;s..]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...s.....0..O.... ...>..>..>..>..>..>..>.........2V}......Q}#.&T...rU....\..\..\..\..\..\..\..\.W..W.^Z....Q}c;.o...>.Z..\.v...............................*Z....K.X.5X8.obG.MP.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.M.).....j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oZ/-c..`....7CaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,...|...].k.........PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):276
                                                    Entropy (8bit):3.5364757859412563
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXARkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnywMymD0wbnKNAH/lMz1
                                                    MD5:CD465E8DA15E26569897213CA9F6BC9C
                                                    SHA1:9EA9B5E6C9B7BF72A777A21EC17FD82BC4386D4C
                                                    SHA-256:D4109317C2DBA1D7A94FC1A4B23FA51F4D0FC8E1D9433697AAFA72E335192610
                                                    SHA-512:869A42679F96414FE01FE1D79AF7B33A0C9B598B393E57E0E4D94D68A4F2107EC58B63A532702DA96A1F2F20CE72E6E08125B38745CD960DF62FE539646EDD8D
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .S.a.v.o.n...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):1463634
                                                    Entropy (8bit):7.898382456989258
                                                    Encrypted:false
                                                    SSDEEP:24576:75MGNW/UpLkupMAqDJhNHK4/TuiKbdhbZM+byLH/:7ZwUpLkulkHK46iiDZHeLH/
                                                    MD5:ACBA78931B156E4AF5C4EF9E4AB3003B
                                                    SHA1:2A1F506749A046ECFB049F23EC43B429530EC489
                                                    SHA-256:943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878
                                                    SHA-512:2815D912088BA049F468CA9D65B92F8951A9BE82AB194DBFACCF0E91F0202820F5BC9535966654D28F69A8B92D048808E95FEA93042D8C5DEA1DCB0D58BE5175
                                                    Malicious:false
                                                    Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):280
                                                    Entropy (8bit):3.5286004619027067
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXOzXkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6WymD0wbnKNAH/lMz1
                                                    MD5:40FF521ED2BA1B015F17F0B0E5D95068
                                                    SHA1:0F29C084311084B8FDFE67855884D8EB60BDE1A6
                                                    SHA-256:CC3575BA195F0F271FFEBA6F6634BC9A2CF5F3BE448F58DBC002907D7C81CBBB
                                                    SHA-512:9507E6145417AC730C284E58DC6B2063719400B395615C40D7885F78F57D55B251CB9C954D573CB8B6F073E4CEA82C0525AE90DEC68251C76A6F1B03FD9943C0
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .C.i.r.c.u.i.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):290
                                                    Entropy (8bit):3.5081874837369886
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXCOzi8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnydONGHmD0wbnKYZAH/lMZqiv
                                                    MD5:8D9B02CC69FA40564E6C781A9CC9E626
                                                    SHA1:352469A1ABB8DA1DC550D7E27924E552B0D39204
                                                    SHA-256:1D4483830710EF4A2CC173C3514A9F4B0ACA6C44DB22729B7BE074D18C625BAE
                                                    SHA-512:8B7DB2AB339DD8085104855F847C48970C2DD32ADB0B8EEA134A64C5CC7DE772615F85D057F4357703B65166C8CF0C06F4F6FD3E60FFC80DA3DD34B16D5B1281
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .g.o.s.t.n.a.m.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):255948
                                                    Entropy (8bit):5.103631650117028
                                                    Encrypted:false
                                                    SSDEEP:6144:gwprAm795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:kW
                                                    MD5:9888A214D362470A6189DEFF775BE139
                                                    SHA1:32B552EB3C73CD7D0D9D924C96B27A86753E0F97
                                                    SHA-256:C64ED5C2A323C00E84272AD3A701CAEBE1DCCEB67231978DE978042F09635FA7
                                                    SHA-512:8A75FC2713003FA40B9730D29C786C76A796F30E6ACE12064468DD2BB4BF97EF26AC43FFE1158AB1DB06FF715D2E6CDE8EF3E8B7C49AA1341603CE122F311073
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>............<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select=
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):1750795
                                                    Entropy (8bit):7.892395931401988
                                                    Encrypted:false
                                                    SSDEEP:24576:DyeAqDJpUDH3xk8ZKIBuX3TPtd36v4o5d4PISMETGBP6eUP+xSeW3v0HKPsc:uRqUjSTPtd36AFDM/BP6eUeW3v0Fc
                                                    MD5:529795E0B55926752462CBF32C14E738
                                                    SHA1:E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF
                                                    SHA-256:8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05
                                                    SHA-512:A51F440F1E19C084D905B721D0257F7EEE082B6377465CB94E677C29D4E844FD8021D0B6BA26C0907B72B84157C60A3EFEDFD96C16726F6ABEA8D896D78B08CE
                                                    Malicious:false
                                                    Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):280
                                                    Entropy (8bit):3.528155916440219
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXcmlDuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyMmloymD0wbnKNAH/lMz1
                                                    MD5:AA7B919B21FD42C457948DE1E2988CB3
                                                    SHA1:19DA49CF5540E5840E95F4E722B54D44F3154E04
                                                    SHA-256:5FFF5F1EC1686C138192317D5A67E22A6B02E5AAE89D73D4B19A492C2F5BE2F9
                                                    SHA-512:01D27377942F69A0F2FE240DD73A1F97BB915E19D3D716EE4296C6EF8D8933C80E4E0C02F6C9FA72E531246713364190A2F67F43EDBE12826A1529BC2A629B00
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .D.r.o.p.l.e.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):2357051
                                                    Entropy (8bit):7.929430745829162
                                                    Encrypted:false
                                                    SSDEEP:49152:tfVcGO3JiR6SgT7/bOCrKCsaFCX3CzwovQTSwW8nX:pVcG2iRedsaoXSzeOwWEX
                                                    MD5:5BDE450A4BD9EFC71C370C731E6CDF43
                                                    SHA1:5B223FB902D06F9FCC70C37217277D1E95C8F39D
                                                    SHA-256:93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50
                                                    SHA-512:2365A9F76DA07D705A6053645FD2334D707967878F930061D451E571D9228C74A8016367525C37D09CB2AD82261B4B9E7CAEFBA0B96CE2374AC1FAC6B7AB5123
                                                    Malicious:false
                                                    Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):276
                                                    Entropy (8bit):3.516423078177173
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUX7kARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny5ymD0wbnKNAH/lMz1
                                                    MD5:5402138088A9CF0993C08A0CA81287B8
                                                    SHA1:D734BD7F2FB2E0C7D5DB8F70B897376ECA935C9A
                                                    SHA-256:5C9F5E03EEA4415043E65172AD2729F34BBBFC1A1156A630C65A71CE578EF137
                                                    SHA-512:F40A8704F16AB1D5DCD861355B07C7CB555934BB9DA85AACDCF869DC942A9314FFA12231F9149D28D438BE6A1A14FCAB332E54B6679E29AD001B546A0F48DE64
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .S.l.a.t.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):3078052
                                                    Entropy (8bit):7.954129852655753
                                                    Encrypted:false
                                                    SSDEEP:49152:bSEjlpY8skyFHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9Hu:bfp5sksA3cimUVxV05aJE2fKaDOXdN9O
                                                    MD5:CDF98D6B111CF35576343B962EA5EEC6
                                                    SHA1:D481A70EC9835B82BD6E54316BF27FAD05F13A1C
                                                    SHA-256:E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734
                                                    SHA-512:95C352869D08C0FE903B15311622003CB4635DE8F3A624C402C869F1715316BE2D8D9C0AB58548A84BBB32757E5A1F244B1014120543581FDEA7D7D9D502EF9C
                                                    Malicious:false
                                                    Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):274
                                                    Entropy (8bit):3.5303110391598502
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXzRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnylymD0wbnKNAH/lMz1
                                                    MD5:8D1E1991838307E4C2197ECB5BA9FA79
                                                    SHA1:4AD8BB98DC9C5060B58899B3E9DCBA6890BC9E93
                                                    SHA-256:4ABA3D10F65D050A19A3C2F57A024DBA342D1E05706A8A3F66B6B8E16A980DB9
                                                    SHA-512:DCDC9DB834303CC3EC8F1C94D950A104C504C588CE7631CE47E24268AABC18B1C23B6BEC3E2675E8A2A11C4D80EBF020324E0C7F985EA3A7BBC77C1101C23D01
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .M.e.s.h...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):2218943
                                                    Entropy (8bit):7.942378408801199
                                                    Encrypted:false
                                                    SSDEEP:49152:8mwK3gH/l4hM06Wqnnl1IdO9wASFntrPEWNe7:863gHt4hM9WWnMdO9w35PEWK
                                                    MD5:EE33FDA08FBF10EF6450B875717F8887
                                                    SHA1:7DFA77B8F4559115A6BF186EDE51727731D7107D
                                                    SHA-256:5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20
                                                    SHA-512:AED6E11003AAAACC3FB28AE838EDA521CB5411155063DFC391ACE2B9CBDFBD5476FAB2B5CC528485943EBBF537B95F026B7B5AB619893716F0A91AEFF076D885
                                                    Malicious:false
                                                    Preview:PK.........{MBS'..t...ip......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.._..w._..w._..w._..w._..w._..w.n..Ofu.-..K.e........T..q.F...R[...~.u.....Z..F....7.?.v....5O....zot..i.....b...^...Z...V...R...N...r./.?........=....#.`..\~n.n...)J./.......7........+......Q..]n............w......Ft........|......b...^...Z...V...R...N..W<x......l._...l..?.A......x....x.9.|.8..............u................w#.....nD..]...........R.......R.......R........o...].`.....A....#.`..\.....+J./.......7........+......Q..]n.........w9~7......Ft........|......b...^.c..-...-...-
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):278
                                                    Entropy (8bit):3.544065206514744
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXCARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyy6ymD0wbnKNAH/lMz1
                                                    MD5:06B3DDEFF905F75FA5FA5C5B70DCB938
                                                    SHA1:E441B94F0621D593DC870A27B28AC6BE3842E7DB
                                                    SHA-256:72D49BDDE44DAE251AEADF963C336F72FA870C969766A2BB343951E756B3C28A
                                                    SHA-512:058792BAA633516037E7D833C8F59584BA5742E050FA918B1BEFC6F64A226AB3821B6347A729BEC2DF68BB2DFD2F8E27947F74CD4F6BDF842606B9DEDA0B75CC
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .D.a.m.a.s.k...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):374
                                                    Entropy (8bit):3.5414485333689694
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUX8FaE3f8AWqlQqr++lcWimqnKOE3QepmlJ0+3FbnKfZObdADryMluxHZypo:fxnyj9AWI+acgq9GHmD0wbnKYZAH/lMf
                                                    MD5:2F7A8FE4E5046175500AFFA228F99576
                                                    SHA1:8A3DE74981D7917E6CE1198A3C8E35C7E2100F43
                                                    SHA-256:1495B4EC56B371148EA195D790562E5621FDBF163CDD8A5F3C119F8CA3BD2363
                                                    SHA-512:4B8FBB692D91D88B584E46C2F01BDE0C05DCD5D2FF073D83331586FB3D201EACD777D48DB3751E534E22115AA1C3C30392D0D642B3122F21EF10E3EE6EA3BE82
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.e.x.t. .S.i.d.e.b.a.r. .(.A.n.n.u.a.l. .R.e.p.o.r.t. .R.e.d. .a.n.d. .B.l.a.c.k. .d.e.s.i.g.n.)...d.o.c.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):47296
                                                    Entropy (8bit):6.42327948041841
                                                    Encrypted:false
                                                    SSDEEP:768:ftjI1BT8N37szq00s7dB2wMVJGHR97/RDU5naXUsT:fJIPTfq0ndB2w1bpsE
                                                    MD5:5A53F55DD7DA8F10A8C0E711F548B335
                                                    SHA1:035E685927DA2FECB88DE9CAF0BECEC88BC118A7
                                                    SHA-256:66501B659614227584DA04B64F44309544355E3582F59DBCA3C9463F67B7E303
                                                    SHA-512:095BD5D1ACA2A0CA3430DE2F005E1D576AC9387E096D32D556E4348F02F4D658D0E22F2FC4AA5BF6C07437E6A6230D2ABF73BBD1A0344D73B864BC4813D60861
                                                    Malicious:false
                                                    Preview:PK........<dSA4...T...P.......[Content_Types].xml ...(........................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^\-o..D....n_d.jq...gwg.t........:?/..}..Vu5...rQ..7..X.Q."./g..o....f....YB......<..w?...ss..e.4Y}}...0.Y...........u3V.o..r...5....7bA..Us.z.`.r(.Y>.&DVy.........6.T...e.|..g.%<...9a.&...7...}3:B.......<...!...:..7w...y..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):278
                                                    Entropy (8bit):3.5280239200222887
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXQAl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyllNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:877A8A960B2140E3A0A2752550959DB9
                                                    SHA1:FBEC17B332CBC42F2F16A1A08767623C7955DF48
                                                    SHA-256:FE07084A41CF7DB58B06D2C0D11BCACB603D6574261D1E7EBADCFF85F39AFB47
                                                    SHA-512:B8B660374EC6504B3B5FCC7DAC63AF30A0C9D24306C36B33B33B23186EC96AEFE958A3851FF3BC57FBA72A1334F633A19C0B8D253BB79AA5E5AFE4A247105889
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .g.b...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):268317
                                                    Entropy (8bit):5.05419861997223
                                                    Encrypted:false
                                                    SSDEEP:6144:JwprAJLR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N9
                                                    MD5:51D32EE5BC7AB811041F799652D26E04
                                                    SHA1:412193006AA3EF19E0A57E16ACF86B830993024A
                                                    SHA-256:6230814BF5B2D554397580613E20681752240AB87FD354ECECF188C1EABE0E97
                                                    SHA-512:5FC5D889B0C8E5EF464B76F0C4C9E61BDA59B2D1205AC9417CC74D6E9F989FB73D78B4EB3044A1A1E1F2C00CE1CA1BD6D4D07EEADC4108C7B124867711C31810
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):2924237
                                                    Entropy (8bit):7.970803022812704
                                                    Encrypted:false
                                                    SSDEEP:49152:mc4NEo4XNd5wU5qTkdC4+K9u5b/i40RKRAO/cLf68wy9yxKrOUURBgmai2prH:mJef5yTSoKMF//DRGJwLx9DBaH
                                                    MD5:5AF1581E9E055B6E323129E4B07B1A45
                                                    SHA1:B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD
                                                    SHA-256:BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98
                                                    SHA-512:11BFEF500DAEC099503E8CDB3B4DE4EDE205201C0985DB4CA5EBBA03471502D79D6616D9E8F471809F6F388D7CBB8B0D0799262CBE89FEB13998033E601CEE09
                                                    Malicious:false
                                                    Preview:PK.........{MB.$<.~....p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^.......H^..<}...lA-.D.....lI/...hD.Z....|VM..ze........L..tU...g....lQ....Y...>MI...5-....S......h=..u.h..?;h...@k...h...'Z...D...;.....h=..'Z...D...;.....)^./.../U.../..../U.../..../U..?...'.........Ngz..A.~.8.#D....xot.u.?...eyot.n..{..sk....[......Z..F....l...o)..o..o...oi..o)..o..,..b.s......2.C.z.~8.......f......x.9.|.8..............u................r.nD..]...........w.~7...-...-...-...-...-...-....x.&l........>.4.z.~8..........=E....As.1..q. 9....w.7...1........w.}7......Ft...................o)..o..o...oi..o)..o..w.7a...x0...........d0..............A.......Fl.............Ft................w#...r.nD..]..M...K1.0..7....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):286
                                                    Entropy (8bit):3.5434534344080606
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXIc5+RELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny4KcymD0wbnKNAH/lMz1
                                                    MD5:C9812793A4E94320C49C7CA054EE6AA4
                                                    SHA1:CC1F88C8F3868B3A9DE7E0E5F928DBD015234ABA
                                                    SHA-256:A535AE7DD5EDA6D31E1B5053E64D0D7600A7805C6C8F8AF1DB65451822848FFC
                                                    SHA-512:D28AADEDE0473C5889F3B770E8D34B20570282B154CD9301932BF90BF6205CBBB96B51027DEC6788961BAF2776439ADBF9B56542C82D89280C0BEB600DF4B633
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .M.a.i.n._.E.v.e.n.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):286
                                                    Entropy (8bit):3.5502940710609354
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXfQICl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyXClNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:9B8D7EFE8A69E41CDC2439C38FE59FAF
                                                    SHA1:034D46BEC5E38E20E56DD905E2CA2F25AF947ED1
                                                    SHA-256:70042F1285C3CD91DDE8D4A424A5948AE8F1551495D8AF4612D59709BEF69DF2
                                                    SHA-512:E50BB0C68A33D35F04C75F05AD4598834FEC7279140B1BB0847FF39D749591B8F2A0C94DA4897AAF6C33C50C1D583A836B0376015851910A77604F8396C7EF3C
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .i.s.o.6.9.0...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):270198
                                                    Entropy (8bit):5.073814698282113
                                                    Encrypted:false
                                                    SSDEEP:6144:JwprAiaR95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:We
                                                    MD5:FF0E07EFF1333CDF9FC2523D323DD654
                                                    SHA1:77A1AE0DD8DBC3FEE65DD6266F31E2A564D088A4
                                                    SHA-256:3F925E0CC1542F09DE1F99060899EAFB0042BB9682507C907173C392115A44B5
                                                    SHA-512:B4615F995FAB87661C2DBE46625AA982215D7BDE27CAFAE221DCA76087FE76DA4B4A381943436FCAC1577CB3D260D0050B32B7B93E3EB07912494429F126BB3D
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):292
                                                    Entropy (8bit):3.5026803317779778
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXC89ADni8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyf9ADiNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:A0D51783BFEE86F3AC46A810404B6796
                                                    SHA1:93C5B21938DA69363DBF79CE594C302344AF9D9E
                                                    SHA-256:47B43E7DBDF8B25565D874E4E071547666B08D7DF4D736EA8521591D0DED640F
                                                    SHA-512:CA3DB5A574745107E1D6CAA60E491F11D8B140637D4ED31577CC0540C12FDF132D8BC5EBABEA3222F4D7BA1CA016FF3D45FE7688D355478C27A4877E6C4D0D75
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .g.o.s.t.t.i.t.l.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):251032
                                                    Entropy (8bit):5.102652100491927
                                                    Encrypted:false
                                                    SSDEEP:6144:hwprA5R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:JA
                                                    MD5:F425D8C274A8571B625EE66A8CE60287
                                                    SHA1:29899E309C56F2517C7D9385ECDBB719B9E2A12B
                                                    SHA-256:DD7B7878427276AF5DBF8355ECE0D1FE5D693DF55AF3F79347F9D20AE50DB938
                                                    SHA-512:E567F283D903FA533977B30FD753AA1043B9DDE48A251A9AC6777A3B67667443FEAD0003765A630D0F840B6C275818D2F903B6CB56136BEDCC6D9BDD20776564
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):3611324
                                                    Entropy (8bit):7.965784120725206
                                                    Encrypted:false
                                                    SSDEEP:49152:ixc1kZBIabo4dTJyr3hJ50gd9OaFxTy+1Nn/M/noivF0po3M0h0Vsm:ixcaAabT83hJLdoaFxTygxcoiX3M0iCm
                                                    MD5:FB88BFB743EEA98506536FC44B053BD0
                                                    SHA1:B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537
                                                    SHA-256:05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF
                                                    SHA-512:4270A19F4D73297EEC910B81FF17441F3FC7A6A2A84EBA2EA3F7388DD3AA0BA31E9E455CFF93D0A34F4EC7CA74672D407A1C4DC838A130E678CA92A2E085851C
                                                    Malicious:false
                                                    Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):288
                                                    Entropy (8bit):3.5359188337181853
                                                    Encrypted:false
                                                    SSDEEP:6:Q+sxnxUXe46x8RELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyO3UymD0wbnKNAH/lMz1
                                                    MD5:0FEA64606C519B78B7A52639FEA11492
                                                    SHA1:FC9A6D5185088318032FD212F6BDCBD1CF2FFE76
                                                    SHA-256:60059C4DD87A74A2DC36748941CF5A421ED394368E0AA19ACA90D850FA6E4A13
                                                    SHA-512:E04102E435B8297BF33086C0AD291AD36B5B4A97A59767F9CAC181D17CFB21D3CAA3235C7CD59BB301C58169C51C05DDDF2D637214384B9CC0324DAB0BB1EF8D
                                                    Malicious:false
                                                    Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .V.a.p.o.r._.T.r.a.i.l...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):274
                                                    Entropy (8bit):3.4699940532942914
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXGWWYlIWimoa2nRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxny2WzIgN2RGHmD0wbnKYZAH+Vwv
                                                    MD5:55BA5B2974A072B131249FD9FD42EB91
                                                    SHA1:6509F8AC0AA23F9B8F3986217190F10206A691EA
                                                    SHA-256:13FFAAFFC987BAAEF7833CD6A8994E504873290395DC2BD9B8E1D7E7E64199E7
                                                    SHA-512:3DFB0B21D09B63AF69698252D073D51144B4E6D56C87B092F5D97CE07CBCF9C966828259C8D95944A7732549C554AE1FF363CB936CA50C889C364AA97501B558
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .I.n.s.i.g.h.t. .d.e.s.i.g.n. .s.e.t...d.o.t.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.W.D. .D.o.c.u.m.e.n.t. .P.a.r.t.s.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):3465076
                                                    Entropy (8bit):7.898517227646252
                                                    Encrypted:false
                                                    SSDEEP:98304:n8ItVaN7vTMZ9IBbaETXbI8ItVaN7vTMZ9IBbaEiXbY:8ItwNX9BvTvItwNX9BvoM
                                                    MD5:8BC84DB5A3B2F8AE2940D3FB19B43787
                                                    SHA1:3A5FE7B14D020FAD0E25CD1DF67864E3E23254EE
                                                    SHA-256:AF1FDEEA092169BF794CDC290BCA20AEA07AC7097D0EFCAB76F783FA38FDACDD
                                                    SHA-512:558F52C2C79BF4A3FBB8BB7B1C671AFD70A2EC0B1BDE10AC0FED6F5398E53ED3B2087B38B7A4A3D209E4F1B34150506E1BA362E4E1620A47ED9A1C7924BB9995
                                                    Malicious:false
                                                    Preview:PK.........Y5B................[Content_Types].xml ...(.................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^.....g.../i..b../..}.-......U.....o.7B.......}@[..4o...E9n..h...Y....D.%......F....g..-!.|p.....7.pQVM.....B.g.-.7....:...d.2...7bA..Us.z.`.r..,.m."..n....s.O^.....fL.........7.....-...gn,J..iU..$.......i...(..dz.....3|
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):16806
                                                    Entropy (8bit):7.9519793977093505
                                                    Encrypted:false
                                                    SSDEEP:384:eSMjhqgJDGwOzHR3iCpK+QdLdfufFJ9aDn9LjDMVAwHknbz7OW:eSkhqglGwERSAHQdLhDn9AKokv7H
                                                    MD5:950F3AB11CB67CC651082FEBE523AF63
                                                    SHA1:418DE03AD2EF93D0BD29C3D7045E94D3771DACB4
                                                    SHA-256:9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
                                                    SHA-512:D74BF52A58B0C0327DB9DDCAD739794020F00B3FA2DE2B44DAAEC9C1459ECAF3639A5D761BBBC6BDF735848C4FD7E124D13B23964B0055BB5AA4F6AFE76DFE00
                                                    Malicious:false
                                                    Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........Ul.<..<"I5...&......diagrams/layout1.xml.}.r.I..s........~Y.f.gzfv......E."w.K..J5m.e...4.0..Q... A.!...%...<...3.......O.......t~.u{...5.G......?,.........N......L......~.:....^,..r=./~7_..8............o.y......oo.3.f........f.......r.7../....qrr.v9.......,?..._O.....?9.O~]..zv.I'.W..........;..\..~....../........?~..n.....\}pt.........b,~...;>.=;>:..u.....?.......2]..]....i......9..<.p..4D..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):254
                                                    Entropy (8bit):3.4720677950594836
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXOu9+MlWlk2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnycMlWlzGHmD0+dAH/luWvv
                                                    MD5:D04EC08EFE18D1611BDB9A5EC0CC00B1
                                                    SHA1:668FF6DFE64D5306220341FC2C1353199D122932
                                                    SHA-256:FA60500F951AFAF8FFDB6D1828456D60004AE1558E8E1364ADC6ECB59F5450C9
                                                    SHA-512:97EBCCAF64FA33238B7CFC0A6D853EFB050D877E21EE87A78E17698F0BB38382FCE7F6C4D97D550276BD6B133D3099ECAB9CFCD739F31BFE545F4930D896EEC3
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .C.i.r.c.l.e.P.r.o.c.e.s.s...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):258
                                                    Entropy (8bit):3.4692172273306268
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXcq9DsoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnysmYoGHmD0+dAH/luWvv
                                                    MD5:C1B36A0547FB75445957A619201143AC
                                                    SHA1:CDB0A18152F57653F1A707D39F3D7FB504E244A7
                                                    SHA-256:4DFF7D1CEF6DD85CC73E1554D705FA6586A1FBD10E4A73EEE44EAABA2D2FFED9
                                                    SHA-512:0923FB41A6DB96C85B44186E861D34C26595E37F30A6F8E554BD3053B99F237D9AC893D47E8B1E9CF36556E86EFF5BE33C015CBBDD31269CDAA68D6947C47F3F
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .p.i.c.t.u.r.e.o.r.g.c.h.a.r.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):7370
                                                    Entropy (8bit):7.9204386289679745
                                                    Encrypted:false
                                                    SSDEEP:192:fYa+ngK2xG6HvLvoUnXxO+blKO1lt2Zg0AV:fYVn8Y6Hv3XxO+8uQZCV
                                                    MD5:586CEBC1FAC6962F9E36388E5549FFE9
                                                    SHA1:D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E
                                                    SHA-256:1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
                                                    SHA-512:68DEAE9C59EA98BD597AE67A17F3029BC7EA2F801AC775CF7DECA292069061EA49C9DF5776CB5160B2C24576249DAF817FA463196A04189873CF16EFC4BEDC62
                                                    Malicious:false
                                                    Preview:PK........;nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........HnB;..I)....j......._rels/.rels...J.@.._e..&6E.i/.,x..Lw'.j........G..\...................)...Y.3)..`...9r{v!......z...#>5.g.WJ%..T..>'m ..K.T.....j6[(:f.)S....C.mk5^.=:...X......C.... I......&5..e..H.1...).P.cw.kjT......C.......=.....}G!7E.y$.(...}b.........b=.<..^.....U..Y..PK.........^5a.2u............diagrams/layout1.xml..ko.8..+x.t.l..J.n.t.Mnw.x. ....B.t$.,.(&i.....(..d.mY......g.../[.<!.{ap>...L...p....G.9z?...._...e..`..%......8....G!..B8.....o...b.......Q.>|.......g..O\B...i.h...0B.}.....z...k...H..t~r.v........7o.E....$....Z.........ZDd..~......>......O.3.SI.Y.".O&I....#."._c.$.r..z.g0`...0...q:...^0.EF...%(.Ao$.#.o6..c'....$%.}
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):332
                                                    Entropy (8bit):3.547857457374301
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXSpGLMeKlPaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyipTIw9eNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:4EC6724CBBA516CF202A6BD17226D02C
                                                    SHA1:E412C574D567F0BA68B4A31EDB46A6AB3546EA95
                                                    SHA-256:18E408155A2C2A24D91CD45E065927FFDA726356AAB115D290A3C1D0B7100402
                                                    SHA-512:DE45011A084AB94BF5B27F2EC274D310CF68DF9FB082E11726E08EB89D5D691EA086C9E0298E16AE7AE4B23753E5916F69F78AAD82F4627FC6F80A6A43D163DB
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .h.a.r.v.a.r.d.a.n.g.l.i.a.2.0.0.8.o.f.f.i.c.e.o.n.l.i.n.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):284415
                                                    Entropy (8bit):5.00549404077789
                                                    Encrypted:false
                                                    SSDEEP:6144:N9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:y
                                                    MD5:33A829B4893044E1851725F4DAF20271
                                                    SHA1:DAC368749004C255FB0777E79F6E4426E12E5EC8
                                                    SHA-256:C40451CADF8944A9625DD690624EA1BA19CECB825A67081E8144AD5526116924
                                                    SHA-512:41C1F65E818C2757E1A37F5255E98F6EDEAC4214F9D189AD09C6F7A51F036768C1A03D6CFD5845A42C455EE189D13BB795673ACE3B50F3E1D77DAFF400F4D708
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt"......xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.....<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="/">....<xsl:call-template name="Start"/>...</xsl:template>.....<xsl:template name="Start">....<xsl:choose>.....<xsl:when test="b:Version">......<xsl:text>2010.2.02</xsl:text>.....</xsl:when>.......<xsl:when test="b:XslVersion">......<xsl:text>2008</xsl:text>.....</xsl:when>.... <xsl:when test="b:StyleNameLocalized">.. <xsl:choose>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1033'">.. <xsl:text>Harvard - Anglia</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1025'">.. <xsl:text>Harvard - Anglia</xsl:text>.. </xsl:when>.. <x
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):286
                                                    Entropy (8bit):3.538396048757031
                                                    Encrypted:false
                                                    SSDEEP:6:fxnxUXcel8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyMelNGHmD0wbnKYZAH/lMZqiv
                                                    MD5:149948E41627BE5DC454558E12AF2DA4
                                                    SHA1:DB72388C037F0B638FCD007FAB46C916249720A8
                                                    SHA-256:1B981DC422A042CDDEBE2543C57ED3D468288C20D280FF9A9E2BB4CC8F4776ED
                                                    SHA-512:070B55B305DB48F7A8CD549A5AECF37DE9D6DCD780A5EC546B4BB2165AF4600FA2AF350DDDB48BECCAA3ED954AEE90F5C06C3183310B081F555389060FF4CB01
                                                    Malicious:false
                                                    Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .s.i.s.t.0.2...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):250983
                                                    Entropy (8bit):5.057714239438731
                                                    Encrypted:false
                                                    SSDEEP:6144:JwprA6OS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:uP
                                                    MD5:F883B260A8D67082EA895C14BF56DD56
                                                    SHA1:7954565C1F243D46AD3B1E2F1BAF3281451FC14B
                                                    SHA-256:EF4835DB41A485B56C2EF0FF7094BC2350460573A686182BC45FD6613480E353
                                                    SHA-512:D95924A499F32D9B4D9A7D298502181F9E9048C21DBE0496FA3C3279B263D6F7D594B859111A99B1A53BD248EE69B867D7B1768C42E1E40934E0B990F0CE051E
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):21791
                                                    Entropy (8bit):7.65837691872985
                                                    Encrypted:false
                                                    SSDEEP:384:PWew5RNDcvPgbA8E0GftpBjE0hsyaFLrHRN7BD9lI66YR:P3GRNDcEA8Pi60hsyABDo66g
                                                    MD5:7BF88B3CA20EB71ED453A3361908E010
                                                    SHA1:F75F86557051160507397F653D7768836E3B5655
                                                    SHA-256:E555A610A61DB4F45A29A7FB196A9726C25772594252AD534453E69F05345283
                                                    SHA-512:2C3DFB0F8913D1D8FF95A55E1A1FD58CE1F9D034268CD7BC0D2BF2DCEFEA8EF05DD62B9AFDE1F983CACADD0529538381632ADFE7195EAC19CE4143414C44DBE3
                                                    Malicious:false
                                                    Preview:MSCF............D................................?..................................RadialPictureList.glox.................Content.inf....8....[.... $nq......C...../U..........a......S.Q...Q....j............(..z,.g.........^...Y..D... #i.TH5.<.=N..$..7.p".7.............`.3..1~,=,(.d8.Z.1....4'G.....!W^gClf._j.-N..&k.....Y3` =.(S..B^...i.zB.U....0O..h...I.(.......L...5.X.8.Sc<=>w.=.?&.....mR.......x.......mpW.T..^.FU...SN.C)......vsa.,x......,....E..i>..[g...#t...M..GR.9..$/4.:..q.bc9..x{bC.0..K.)..t.Y.&.v.d.16.B..c..or..W.,.B.........O.0..k.v........*F+..U.w...d...o8......A).}...#......L.!?.U.r.^.$...e.(..PG)8..+.9.5.l}.)..b.7+. 4....-.lC...|..j..Q.,.....7.W...|;j...%...:...|H..........<..%...K.....Fy.q$.k..}..8.9.M.u.?$].......r.....e.|..._..iT.;Dq5[....f.s..P.......e.T....!Y{.....t.wm..A..w-..7...3..T.:8.4.a[.Oo.. V.l.@.}..........E.&..J.....+..+.9)9<.._R.Hb.....V..Qu....:v.t.Li.0..J..V..b...!..N....-mD..c..(.[&o>.M.b..H.q..lk../..........W.8..z..B...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):21875
                                                    Entropy (8bit):7.6559132103953305
                                                    Encrypted:false
                                                    SSDEEP:384:k73HRpZA6B3ulrnxtRT7G8E0GftpBjEdHqlFLrHRN7uhFlvQyUTL2m4c:k7XRgIkrG8Pi6dmuNvU+mp
                                                    MD5:E532038762503FFA1371DF03FA2E222D
                                                    SHA1:F343B559AE21DAEF06CBCD8B2B3695DE1B1A46F0
                                                    SHA-256:5C70DD1551EB8B9B13EFAFEEAF70F08B307E110CAEE75AD9908A6A42BBCCB07E
                                                    SHA-512:E0712B481F1991256A01C3D02ED56645F61AA46EB5DE47E5D64D5ECD20052CDA0EE7D38208B5EE982971CCA59F2717B7CAE4DFCF235B779215E7613AA5DCD976
                                                    Malicious:false
                                                    Preview:MSCF....c.......D...........................c....?..................................ThemePictureAlternatingAccent.glox.................Content.inf...3.....[.... .qq...........\<.^......o."......f.o...x.{..q..^.MH^...........{0.K....4pX.i...@6A4X.P.01d....'p.......zA.......... .......7.......a. `.=!@- ......>G.s.k~@.a.lfha:m....1...@.,G`....{....W..N..qs.......j.+TrsT.l.9..L...1+...d..-u..-.......).#u&...3......k.&C...DdZ.'.......8..<PF..r.eq.X6...u..v...s5.m.Q.l.G%.<.]....RV<...S..Dv..s.r.......dh.N.3-.Hf'.....3.GZ..E.kt.5......h...|...?!.L....~.)..v....:2.../F.,....o.qi.i7..E.|.mh.R_.@A.FO@i.....Feo...x.l...{E.\W9|V...=#..3..(......tP.:i....Ox.U.N...%6...p.6&.....<zh.z.|.<Z.?.k....y7m...F.Z$-.:.l.h...{T..7....?..T...d,r...z?../...`/Z......a.v@)....u......V..v.:.._.|.'..[..O.s.OAt-."b.In"..I...J*.~H.:-...?..uV....dZ;z:.l.{.E.,.Q..i]:.0r.I.y..f...../j.wN...^R.....u....>..}....f.f...]A..C~;/....%..^#..N.a..........99.....`.....%..iS....S......$....)
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):22594
                                                    Entropy (8bit):7.674816892242868
                                                    Encrypted:false
                                                    SSDEEP:384:L7d2l8FbHaaIKbtv1gDISi8E0GftpBjEZRFLrHRN74bUll7PK/pd:LUlCIOt/8Pi6Zv4bMId
                                                    MD5:EE0129C7CC1AC92BBC3D6CB0F653FCAE
                                                    SHA1:4ABAA858176B349BDAB826A7C5F9F00AC5499580
                                                    SHA-256:345AA5CA2496F975B7E33C182D5E57377F8B740F23E9A55F4B2B446723947B72
                                                    SHA-512:CDDABE701C8CBA5BD5D131ABB85F9241212967CE6924E34B9D78D6F43D76A8DE017E28302FF13CE800456AD6D1B5B8FFD8891A66E5BE0C1E74CF19DF9A7AD959
                                                    Malicious:false
                                                    Preview:MSCF....2.......D...........................2....?..................0...............ThemePictureAccent.glox.....0...........Content.inf.o.@D..8.[.........B.....?. $...K.....~....aZ.WA"...k.......Z......."......"..X.fpB 2@d..87.[.A......p..e.'......F..P^%.%.RK...........T%0..........9..+8 ...&.q.....+.......^.fad^^n...d.....s1..... .3j.c-c7..y<.....6........C5n.KG...Rs[lt..ZkwI.!..Uj.ez_!A^: /.;.Rl4....^..<6..N...'.YY.n*.E{.`..s.7..z.......L.y.Y.....q.kx.....[5.+<to......1...L.r.m..kC.q.k.1..o.w8s.....xh.@.b.`l\...}z1.6..Y.</DY...Z5..D...0..4.;..XAA..0qD..E.....h...C..hH......S..Z.\.VBu......Rxs.+:RKzD......{......a..=......).<.....d.SM.......c!t.4.h..A=J~.>q?Hw.^.....?.....[..`....v.nl..A.u...S!...............c......b.J.I.....D...._?}..or.g.JZ#*."_``.>.....{...w......s...R.iXR..'z....S.z.\..f.....>7m..0q.c-8\..nZw.q..J.l....+..V....ZTs{.[yh..~..c........9;..D...V.s...#...JX~t8%......cP^...!.t......?..'.(.kT.T.y.I ...:..Y3..[Up.m...%.~
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):21111
                                                    Entropy (8bit):7.6297992466897675
                                                    Encrypted:false
                                                    SSDEEP:384:wWZsOvbMZGgbA8E0GftpBjEtnFLrHRN7Dfll7PK/pirk:xZRvuzA8Pi6t9DPISk
                                                    MD5:D30AD26DBB6DECA4FDD294F48EDAD55D
                                                    SHA1:CA767A1B6AF72CF170C9E10438F61797E0F2E8CE
                                                    SHA-256:6B1633DD765A11E7ED26F8F9A4DD45023B3E4ADB903C934DF3917D07A3856BFF
                                                    SHA-512:7B519F5D82BA0DA3B2EFFAD3029C7CAB63905D534F3CF1F7EA3446C42FA2130665CA7569A105C18289D65FA955C5624009C1D571E8960D2B7C52E0D8B42BE457
                                                    Malicious:false
                                                    Preview:MSCF....g.......D...........................g....?..........}.......................TabList.glox.................Content.inf....t....[......@..C...../.U5...........6...`.....T..>3.................=..09`..t......a..Y..BI.Z....=.'0...%...T..........H...>.:A.r......n..p...Pf.h...I.8... ....M.]&.#.vv'.....[c......g....>"......<c..f....i...sb!Z..iu<.%|......q.....G28.h-...7.....W.v...RtdK..F~.0.3.'.e..b7.c......a.3.....a\..]...gp8.+.u/}.w.qF........8.=.=|....\~..S.-q}]0...q.B.H.^J...!...a'.2Tn!..."..%........=.e_-.....{o..%o...a`.w..L.5..r.....e.8...pO..RE.Wgr..b.%.E...O.......8s...E....Um].C..M.....[...H.FZ..4...eZI.$..v.3<]..r....B..............8i......e<.D...Q4.q.^S.....H.b.......r.q..0o.......2..PP,."...JI...xU`.6f..K..Q9.Q..h..t....AI.S6...7............X..`dv..r..S....),7ES....#.....(...\.nh...X.ps%l..F...."<_....q....v........_.e.....P.........|&..fi..4..@..^0..v.]7.......^. ."..}(...w.g.X...=<....p.......L...P..XV....@:....N...Y....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):22340
                                                    Entropy (8bit):7.668619892503165
                                                    Encrypted:false
                                                    SSDEEP:384:GByvLdFHny7G8E0GftpBjE8upFLrHRN778lvQyUTL2mm2y:Oy3HkG8Pi6887mvU+ma
                                                    MD5:8B29FAB506FD65C21C9CD6FE6BBBC146
                                                    SHA1:CE1B8A57BB3C682F6A0AFC32955DAFD360720FDF
                                                    SHA-256:773AC516C9B9B28058128EC9BE099F817F3F90211AC70DC68077599929683D6F
                                                    SHA-512:AFA82CCBC0AEF9FAE4E728E4212E9C6EB2396D7330CCBE57F8979377D336B4DACF4F3BF835D04ABCEBCDB824B9A9147B4A7B5F12B8ADDADF42AB2C34A7450ADE
                                                    Malicious:false
                                                    Preview:MSCF....4.......D...........................4....?..................1...............ThemePictureGrid.glox.....1...........Content.inf....K..5.[.... V.q......B.....?.h.i.J.D...Z...>.....i~...A...Z....H.hy.D..X.....>...L.I..`. z w0}.K`.C{h....W\../.U..p\%...B...;............9..8.^M.....].lP.p...|..?..M....E..S.`..-n........Q'.'.o..C}=..?`.bQ...J"0f.. ....k3n..F.Pu..#...w].`<...."D.].-.#+):..fe..=<.M...4..s.q.f._.=.*T.M..U.[R.kbw.,......t6_I...~.X..$_.q....}2..BR...).[...<.l.3........h%....2.$`>..hG...0.6.S......._3.d~1.c.2g....7tTO..F.D.f.Y..WCG.B..T....Gg&.U'....u.S/......&6w..[bc.4....R.e..f.,....l."........I....J.=~...$x.&2...+,-.;.v.'.AQ.fc...v._..rZ..TYR...g?..Z..!.3mP dj...../...+...q.....>..../...]P.z?DW&.p..GZ....R5n......,..]{].0m.9...o.{...e."...8VH....w"%;.g\.K..p.}....#r.u..l.vS...Y.7U.N*-E@.....~....E...x.....C.......{NP....5Ymk.*._.K...Z...f..;.......b.....,._@B..\.S..d.'\rs..].}.5"XJU.J..'.zk}.+P.)C.X.?9sx.D....(K....P^N_D...Z.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):19893
                                                    Entropy (8bit):7.592090622603185
                                                    Encrypted:false
                                                    SSDEEP:384:v3Zh3VlkpSIcgbA8E0GftpBjEmm3UFLrHRN7GYvlvQyUTL2mTAp:v31qp/A8Pi6mUqGGvU+mcp
                                                    MD5:EF9CB8BDFBC08F03BEF519AD66BA642F
                                                    SHA1:D98C275E9402462BF52A4D28FAF57DF0D232AF6B
                                                    SHA-256:93A2F873ACF5BEAD4BC0D1CC17B5E89A928D63619F70A1918B29E5230ABEAD8E
                                                    SHA-512:4DFBDF389730370FA142DCFB6F7E1AC1C0540B5320FA55F94164C0693DB06C21E6D4A1316F0ABE51E51BCBDAB3FD33AE882D9E3CFDB4385AB4C3AF4C2536B0B3
                                                    Malicious:false
                                                    Preview:MSCF............D................................?..................c...............TabbedArc.glox.....c...........Content.inf.;....Y.[.........B.....?.T..ZD...........^C...U.R<Z....z+.I.....Z..-.V...f.....lB..\P.....=.-p....w ...\.kD..x'v..T..A..............".8...d.........FD.ZL.h..T...bp.)9B.v..i..VX...&..\..7.s..qy...l........Rty.Y...rU..>.9...8....L..\.^x.kDU.|TJ..{kN.G..E..$.kvy?.. mv......P..4.....q.1.6<u....e..dD...4.1E..Xi.5.=....1.P.c.K~S...YMO:.?..cL.g.tq\.(b1....E..0A.i..C...BT.m.S......:...}.&U..#QL..O.O../..K......=..........0a..O............BYP......>f.......iu...7.K..;QO~.t....%N.s.]>~#../7YN.....C..9.=cY.......y..U5.....,.....u.....#_..SG.`NR*.....?*..d.R.k.rX$...&.... ..h.4T.D^k-xA...............Hz..ep)e..4..P."fo Ne...o.....0n.Exr.........H..v...A.."..%)2......5...".}j.o8...E.HRQ;}.. .._L.+.jz....{.U..}...=B.o.^..vZ.:5.Z.M....y{\(...N..9...EB*MG...!N.vy..^...nE..2..@.;.4..C..t.4....h..O.8.=.m./...|Lu.|mCU..b.^.n39.h[M...%D{..w.1
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):20554
                                                    Entropy (8bit):7.612044504501488
                                                    Encrypted:false
                                                    SSDEEP:384:zEAH676iPi8+IS5iqn7G8E0GftpBjExDxIHFLrHRN7Ke/ll7PK/pGaz6:zEhG8+ISrG8Pi6xDxCKoIGaz6
                                                    MD5:486CBCB223B873132FFAF4B8AD0AD044
                                                    SHA1:B0EC82CD986C2AB5A51C577644DE32CFE9B12F92
                                                    SHA-256:B217393FD2F95A11E2C594E736067870212E3C5242A212D6F9539450E8684616
                                                    SHA-512:69A48BF2B1DB64348C63FC0A50B4807FB9F0175215E306E60252FFFD792B1300128E8E847A81A0E24757B5F999875DA9E662C0F0D178071DB4F9E78239109060
                                                    Malicious:false
                                                    Preview:MSCF....:.......D...........................:....?..................................PictureFrame.glox.................Content.inf........[.... '.q..@.........<./..+./. ...."o.o./..{^a.7^.D.HA....^J... ...........T%q..b...+pz.n.=....jT.+M..=H..A...py.3.........H...N...[..%..~....>.%....3.r...wx.....0.....7..94..2..45..7f.......D.. ...[...f.:H..../N..4.....8.....:x.I....u|.`."...\..N..%.M#..^v$.*....T.m.....?.-.wki.X..8..F.G..Y.^8...-....+.&.+&.No...e!.#.8.....YF.......<w.....=.Q.S..7....MW....M..9A.3..c..L....|.E-Y....]n".|....b9..l@.d.T...a.f...~.&k.[..yS..q..]L}..)w.....$.@..v...[9..X....V...a.NK....m9.5.....Kq.;9`.U.e...8.<..)Y.H........z.G...3n.yWa.g.>.w!e.B8:......f..h..z....o.1<.RT..WK...?g .N..+..p.B.|...1pR_......@...a....aA......ye..8...+M.l..(.d..f.;....g........8R.\.w.:ba....%...|p....`lrA.|....a.U.m=ld......7....#..?Dq..D.....(.5.K.a..c.G..7..]hF..%:}......}J.j$.....4...l];..v>.&j........Y.vk..$1.@X$...k...9..?...z..![..../...).a.=....aZ^.3?....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):21357
                                                    Entropy (8bit):7.641082043198371
                                                    Encrypted:false
                                                    SSDEEP:384:zdx+NRrogu6fzCI7Th7G8E0GftpBjEzZq4FLrHRN7/Oll7PK/pB:/+NRrFf/G8Pi6zZb/GIB
                                                    MD5:97F5B7B7E9E1281999468A5C42CB12E7
                                                    SHA1:99481B2FA609D1D80A9016ADAA3D37E7707A2ED1
                                                    SHA-256:1CF5C2D0F6188FFFF117932C424CC55D1459E0852564C09D7779263ABD116118
                                                    SHA-512:ACE9718D724B51FE04B900CE1D2075C0C05C80243EA68D4731A63138F3A1287776E80BD67ECB14C323C69AA1796E9D8774A3611FE835BA3CA891270DE1E7FD1F
                                                    Malicious:false
                                                    Preview:MSCF....].......D...........................]....?..........{.......................rings.glox.................Content.inf..|^.....[......P........<.$.."..0R..xa.Ax#B..d... ....K,.....^.H.....H.........&.j.\f.. ..,....,..!k..R..e..!...E...........................><.RB.....~h...........Q................g..M|,...x.....qV7.u..\...F-N.{-..X..&Zig.~..{.A.p.Z...X..{,-n............`$.%.ND.....>].6cvZ.%d..*a.$..-.K.Hf....L..;.#...H....U,........P.@.*-$C.,.g...%YJE..$.jP........b...Y<..[U...MF]F.K...1... x.}3w.o.#,.}T.....w5+...=.=...c.F^....OM.=.......G_{n.*...WC.w!......{/.~.}..s..6_......)..Xy...4.....<..XZJ........#~._i....%..fM.V.?.q...q.....7...B..sVt...(.:..c....~.e...kGZ...C..(J..o...`...?.)-.T.l....&...gR.$.....g.:...2.e%F.....x....z0...K..a8B...........D..]....7....~.".DR...r)...}b)e.>.\h~f...(}.c........Q...o5H.........C.KC.(.L.l................R..a.pg{..\.......-b........}.C......qTS..%..r.lG..Q.1..Z.>a.D...tC..LV...Rs.C.M18x.:......%O.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):19288
                                                    Entropy (8bit):7.570850633867256
                                                    Encrypted:false
                                                    SSDEEP:384:5ZII4Hf+7G8E0GftpBjCwBFLrHRN7bcClvQyUTL2mH:pG8PicgbcAvU+mH
                                                    MD5:B9A6FF715719EE9DE16421AB983CA745
                                                    SHA1:6B3F68B224020CD4BF142D7EDAAEC6B471870358
                                                    SHA-256:E3BE3F1E341C0FA5E9CB79E2739CF0565C6EA6C189EA3E53ACF04320459A7070
                                                    SHA-512:062A765AC4602DB64D0504B79BE7380C14C143091A09F98A5E03E18747B2166BD862CE7EF55403D27B54CEB397D95BFAE3195C15D5516786FEBDAC6CD5FBF9CD
                                                    Malicious:false
                                                    Preview:MSCF....H.......D...........................H....?..................................VaryingWidthList.glox.................Content.inf...O.....[.... v.q......R.....>.%i.I.HhD.V...qt.....'....N...!..aw$(J.%(..A..h......l|.D.p9`..Y09.:.u....p. :,.*.YD=0.p. ......w.........*..<..;.....u.."......7[....8.....?^........-..;q.|.....B....PJ....r.K#.#.0'...}.........+gpR...T....5.iu.^I...A\..gK....}..z.B.nT.../.m.......N....E'1.E.\..o.....W..R.#.#...8.7...R.SbW-...%......$.obj.F..W_@....sY!........s.O..."k. ..b....j....v...P.\....7d...|"J.T...2p..m.&..r..,2.).....X.`...xt].U...b.h..V.....|L..N.Z.O#....o...1R.w30.g..?;..C.T.:$..MGY.C"i\.f..#..<.k...m..s.w. ..Ga].....wt.h|.Ta<.......(SO.]9.%a..Z... r._JH.=O...P.9a.v.....Kj.".T...m...4.?...F...$...y.....hbW.UA..u.&)....py.C{.=t.....n...}|H3A9.=..W..JJ..y./Y.E.M9..Z..w. .HB.YoIi..i.e..9;n...SpHw,....f....d>..g.m..z...... ...f...KP.M..U.....~vFD.fQ.P?......2!.n.....`@C!G...XI.].s,.X.'...u.E.o..f
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 14864 bytes, 2 files, at 0x4c "mlaseventheditionofficeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):31008
                                                    Entropy (8bit):7.806058951525675
                                                    Encrypted:false
                                                    SSDEEP:768:ktH7oN/HbwiV+M+4Jc+5UrT3czi5uOHQA8Pi6DxUR/WTZIy:87sPEANXJc+eTMsuzP7DmN0ZIy
                                                    MD5:E033CCBC7BA787A2F824CE0952E57D44
                                                    SHA1:EEEA573BEA217878CD9E47D7EA94E56BDAFFE22A
                                                    SHA-256:D250EB1F93B43EFB7654B831B4183C9CAEC2D12D4EFEE8607FEE70B9FAB20730
                                                    SHA-512:B807B024B32E7F975AED408B77563A6B47865EECE32E8BA993502D9874B56580ECC9D9A3FEFA057FDD36FB8D519B6E184DB0593A65CC0ACF5E4ACCBEDE0F9417
                                                    Malicious:false
                                                    Preview:MSCF.....:......L............................:...?...................9......................mlaseventheditionofficeonline.xsl.L...............Content.inf.N.#.....[...>..9..3c.5...F.B.]Y.3..%d.8...v;....~Y.L.=..v..m.g...|K.B....$......s.......#CdE.p.p..@...j.Nl2'...L..N.G:-V:.d.....i..M........mK.w.....\W.<.`..b$.!..!3..rT.A..#.).;KZ...a.-..j&e`R.~7dIRS.I..f.ff....}.}....^[wo.uw..i.m7......v$.I..n....-.Z.M5...iH..Ea..., [..0.L...DH..." ..... .@...H.@..+...}.......*^..'.4*.tHa..f].gV..~.7V.....C..).(.U"..f.@l..j'..%\.u.UU.....9<13...5..=........./..Z..{..-.L].+Y.fL.<EJ.q..!.j....W..]E./.~Y>...GgQ..-....Q.C..5..T+...fO. .)..~.7..Y....+..U=.e..8w.m...._..S..v.d.* ......S3z.X)......u...t.......i.;.a...X.Ji....g.3.!.O.....T.f6..[U....O..Z.X.q.G....?.k]..?...8.u.;].8y.T.9D..!?R....:........3+.P.....7?m}..............1...y3.g.\c.ks^;?.f.U5...U.j....E.N.}.!.......).R1....~.....R.....3.J.f...l..E^:...&_..%..v...^..E...rC..O....M.#..<..H..bB.+.W..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):295527
                                                    Entropy (8bit):7.996203550147553
                                                    Encrypted:true
                                                    SSDEEP:6144:nwVaEqsf23c9shf6UyOGgDWDn/p3fd+zkPWnvGL3n9bQnkmVheyqtkl:MlPfW6sVEDn/pPdhWnvGL36zyyqal
                                                    MD5:9A07035EF802BF89F6ED254D0DB02AB0
                                                    SHA1:9A48C1962B5CF1EE37FEEC861A5B51CE11091E78
                                                    SHA-256:6CB03CEBAB2C28BF5318B13EEEE49FBED8DCEDAF771DE78126D1BFE9BD81C674
                                                    SHA-512:BE13D6D88C68FA16390B04130838D69CDB6169DC16AF0E198C905B22C25B345C541F8FCCD4690D88BE89383C19943B34EDC67793F5EB90A97CD6F6ECCB757F87
                                                    Malicious:false
                                                    Preview:MSCF.....B......D...............P............B..p?..........{.................M.. .Basis.thmx...........M.. .content.inf.`g..td..[...............5..$..WM.....R.......H\.+\./^...x.^..h..MU..\........v........+......g...$.......g.....~....U].7..T..1k.H...1...c.P.rp.6K..&......,.............U4.WoG.w.....;.....v..922.;]..5_-]..%E]b..5]... (..H..II..ttA4Q..BI!|...H.7J.2D....R.......CXhi`n....6..G.~&.[..N...v..Z"t.a..K..3..).w...._@.}.}.v.......4......h....R;.8.c&.F...B^....Q.....!Bm2...F.`.......M;...#.{....c...?...e...6t..C.-.E.V.v%I..H.....m.n...$D.....vU'.....=6}~...Gw...Y..?.@......G.....k......z...5d.h......1.}..O*;e..t......Y.0...3.v).X.-.2.....~....14.[.w=I....hN....eD..7G.u.z..7.do..!....d..o.wQ.:....@/.^..<e.-..=\.....6.C.'.rW$..Cp.M3.u6z......Q.F.9.5....juc..I...m4]7L....+n......).t......2[.3.p.:.....O5y..wA........^..!..H....{..S.3w.!&.'.;...(..|m.x.S..Z.j..3...n..WU...../w.......xe=.+.D...x..qy.S.....E..... ...uu.`.,..<.6[p
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):276650
                                                    Entropy (8bit):7.995561338730199
                                                    Encrypted:true
                                                    SSDEEP:6144:H2a+HFkDF8gpmMt4kzwVVqhSYO6DITxPWgJl1CFExwXyo7N:mlZgFtIVVTuDExeWuv7N
                                                    MD5:84D8F3848E7424CBE3801F9570E05018
                                                    SHA1:71D7F2621DA8B295CE6885F8C7C81016D583C6B1
                                                    SHA-256:B4BC3CD34BD328AAF68289CC0ED4D5CF8167F1EE1D7BE20232ED4747FF96A80A
                                                    SHA-512:E27873BFD95E464CB58B3855F2DA404858B935530CF74C7F86FF8B3FC3086C2FAEA09FA479F0CA7B04D87595ED8C4D07D104426FF92DFB31BED405FA7A017DA8
                                                    Malicious:false
                                                    Preview:MSCF............D................................D..........~..................M. .content.inf............M. .Dividend.thmx..).}.b..[.....`.........?.R...T../..............4..yy....{...f.h..\U......sy.gV0Q.@..A..@..3a.A}........7.q.......8......R....sJ)E..ENr.S*B.1..).s.r.J.D.b."..........(.....E$.V........y.5.L....;gY..QK/nni..x..3.<..Q.Q..K.I.....T.z.,F.....{.p.....;8._.&../...........X...}.;[Gk..._.i`m.u.?...s.w...4.....m......l....5..n.?..c..m...,.....{.k.?......sC.............e..1....oL.8./......1._.K:.]..&......O............qo.....Dd/c...6.q.*......V.v........h....L..h..C+..V..;O.(7Z]{I%....S3.{h....\...b.......5.ES......Z.4...o.c`..YA....9i....M.s....Z3.oq`....>.i..@.@n.a...x.3.zp.<....vU/.|^CvE...aD.P&mhvM>.p..B~....."._.......v-.m..w..?._..=...:...k....i.}x.6....Y.i..n....h...j......LZ.....fk..f0.y.T..Vl.;...s.......B6.f.'z.c.\W?...4U)..aJ.;O....L.d7.J.V#Q.....\J.F.?].d}!..y].6..%..~....|......5...'N.#.....t6.,.E.O."..0fyz....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID 19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):261258
                                                    Entropy (8bit):7.99541965268665
                                                    Encrypted:true
                                                    SSDEEP:6144:9blShNYrHNn0JU+D+kh8CIjXHWC7X0nZLC9Ge2KY/WfI:9ZSTYrtn0Sk+CIDHWC7chVKYx
                                                    MD5:65828DC7BE8BA1CE61AD7142252ACC54
                                                    SHA1:538B186EAF960A076474A64F508B6C47B7699DD3
                                                    SHA-256:849E2E915AA61E2F831E54F337A745A5946467D539CCBD0214B4742F4E7E94FF
                                                    SHA-512:8C129F26F77B4E73BF02DE8F9A9F432BB7E632EE4ABAD560A331C2A12DA9EF5840D737BFC1CE24FDCBB7EF39F30F98A00DD17F42C51216F37D0D237145B8DE15
                                                    Malicious:false
                                                    Preview:MSCF............D...............nJ...............D.................."..........M. .content.inf....."......M. .Metropolitan.thmx...cVtP..[.....`Q..B.....=.T.....h.."...Z..|..}hZK.V....Z..Z................?..v...[S$."...H......^u.%.@...>....... f.........1.5......*&lm.tZ.msz:...Noc....1....D .........b..... ..3#pVp....}oo]{m......H*[%i.GNHB1D<......(*# ....H"....DP..b(B.<.....v......_..`.7..;.}............/.p}.:vp....~l0..].........S....G?.....}..U.;......dNi..?........-c..J.z....Z...._.O.....C..o.,......z....F....sOs$..w9......2G..:@...'....=.....M..am.....S......(`.._....'......[..K"....BD...D...^1k.....xi...Gt....{k@.W.....AZ+(,...+..o......I.+.....D..b. T.:..{..v.....g..........L.H.`...uU~C.d...{...4.N.N..m8..v.7..3.`.....,...W...s.;.fo.8.Y...2.i...T&.-...v8..v.U.Y=...8..F.hk..E.PlI.t.8......A.R....+.]lOei..2...... gS*.......%8H.....<.U.D..s.....>.....D_...../....l.......5O1S~.........B.g.++cV.z.f .R.Z.......@6....(..t^5"...#G...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169, number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):271273
                                                    Entropy (8bit):7.995547668305345
                                                    Encrypted:true
                                                    SSDEEP:6144:zfdvQnJMwXse4Vradf3mrC7woyWbjKlCVC7K:zfJwJse4VrS1AK
                                                    MD5:21437897C9B88AC2CB2BB2FEF922D191
                                                    SHA1:0CAD3D026AF2270013F67E43CB44F0568013162D
                                                    SHA-256:372572DCBAD590F64F5D18727757CBDF9366DDE90955C79A0FCC9F536DAB0384
                                                    SHA-512:A74DA3775C19A7AF4A689FA4D920E416AB9F40A8BDA82CCF651DDB3EACBC5E932A120ABF55F855474CEBED0B0082F45D091E211AAEA6460424BFD23C2A445CC7
                                                    Malicious:false
                                                    Preview:MSCF....Q.......D...............y...........Q...XJ..........{..................M.. .content.inf.(..........M.. .Frame.thmx.1....b..[.........B.....6....ZZ}....BH..-D..}..V.V-........Z..O.....H.f..........;..@d.`......!..=;.,bp..K.q....s.y....D.qZ)p......D...r.S....s=B.4.).8B....4.a6 ...~........."....#.....}....n.Q.1cH.%c/.U....E..E...!..Da*.p....X..G..:.....1.@.....W.'...._........W.c...<.v.k.....&.8......?.h.>d._:-.X.......9..tL}........3.;.N3.D~......>.^?..|:...}......oT.z.......w..[..}:...._fu........Kk.......L..9..p..e..^......K.%...Mapqhvv..E&.^.....[...9|"l...9...U......!..w..Nya...~C.yx...w.K..q.z.j.W?t.......DY.x.S2.....]..na.Qj...X.K..^...S.hK.W...Z....s.0...NF...8C.......j.'Zc...k.%...l....S.....OW..o.Qf.x...X.;<.rO].....W.m.e....T.1.6........".....Q.3........l..v.."..I...&......w..4vE...c.s[.3.m..8.q$.....a...)...&:6..,..#..?....;.!.....~.UP.r=.}h.&U......X...]..X.e\u.G<....E....lG.@.*Z...10.D@.]....z+-.S....p..Y.PK.:.S..p.....1E`..-
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778, number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):723359
                                                    Entropy (8bit):7.997550445816903
                                                    Encrypted:true
                                                    SSDEEP:12288:NPnBZX7wR3tMwYqNDQGnXTtfzO5U7yo6O7bLhe8yE3LLDok4a:JBMbYE7xzO5U917bLh/DL3oJa
                                                    MD5:748A53C6BDD5CE97BD54A76C7A334286
                                                    SHA1:7DD9EEDB13AC187E375AD70F0622518662C61D9F
                                                    SHA-256:9AF92B1671772E8E781B58217DAB481F0AFBCF646DE36BC1BFFC7D411D14E351
                                                    SHA-512:EC8601D1A0DBD5D79C67AF2E90FAD44BBC0B890412842BF69065A2C7CB16C12B1C5FF594135C7B67B830779645801DA20C9BE8D629B6AD8A3BA656E0598F0540
                                                    Malicious:false
                                                    Preview:MSCF....?.......D...........................?...`J..............3..............M.. .content.inf..+.........M.. .Wood_Type.thmx......r..[.........................!.wwwwqwwwwwwwwwww..."....+......nR..x..\..w..r.5R.....(|.>.$e3.!..g....f..`9NL......o./.O.bxI...7.....|........6.n."J.....4^g.........?...................o.......s3.....8. .T.j...._.Z.Q.t.k,(o.c.t.......?Z....`o........?.a....6.)....6b..../.t...........Mz....q}......C.......+{.......o...K.tQjt............7.._....O.....\....` ..............@..`....%..t....V.]........m..m....u..1.yr;..t..F.'..+{....zqvd.g._..$H..Vl...m..../....g..rG.....:*......8....h...[...a06...U.W....5.Z.W..1I..#.2.....B3...x....$PRh...\{J.c.v.y..5+Y.W.N..hG......<..F..W.d8_....c...g....p|7.]..^.o.H.[$Zj..{4......m.KZ..n.T%...4.Z..Y."q7?kuB......U....).~.......W%..!.e.U.mp.o...h...?.w...T.s.YG#......Y.}....Z.O.i.r,...n..4.\....P..m..=....f........v....g....j...*.wP..4.VK.y.z...C..oum.b.1......?.Z.>.7.!?......A..Q>..Z....-
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081, number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):550906
                                                    Entropy (8bit):7.998289614787931
                                                    Encrypted:true
                                                    SSDEEP:12288:N4Ar9NyDhUQM0Hk86V1YnOIxQ9e6SJbj2OjK:jAG8wa5Qw6SZ2Oj
                                                    MD5:1C12315C862A745A647DAD546EB4267E
                                                    SHA1:B3FA11A511A634EEC92B051D04F8C1F0E84B3FD6
                                                    SHA-256:4E2E93EBAC4AD3F8690B020040D1AE3F8E7905AB7286FC25671E07AA0282CAC0
                                                    SHA-512:CA8916694D42BAC0AD38B453849958E524E9EED2343EBAA10DF7A8ACD13DF5977F91A4F2773F1E57900EF044CFA7AF8A94B3E2DCE734D7A467DBB192408BC240
                                                    Malicious:false
                                                    Preview:MSCF....*#......D...............Q...........*#...D..........~..................M{. .content.inf............M{. .Parallax.thmx.9... y..[......(..b.P...E.Q*.R.".RTH.%.T..F......u.{.*+.P.....FK*0].F...a{...D4`D..V.../.P,....2.Mx...u......0...E...{A-"J...)jl_.A..T......u.Y....ZG:....V.A.#~.. ..6..............o..X..<.... .......C.ce.f!nA.).p...p........n..................'6w6H6s.j....l...{?.h..........]..l.....v....%..l}A..................3...W_73.j......6...F.../..qG.?........H..).........7.&km....`m2..m.W.q.<../~<..6*.78..X~.e+..CC*w...T...6....AB..l..._.f......s.e....2....H..r.R.Z....a.,..\Q.q..._SJJ....7.S.R....=f..>....9=....NnC.....].-...\..Z..q..j...q.....Nj..^'..k...Zl.~PRvpz.J..+.C...k.z.w=l.#.............n...C..s.kM.@B{..vL.e....E..(/......f...g..=..V...}...).=s.....y!.,...X.[..[.....\31}..D%...%..+G66.j.v./.e9...P;.o.y..U+...g.g.S.../..B._L..h...Oi.._...:..5ls>>........n6.F.Q..v>..P.r:.a..Z....a...x..D....N...i..=L.u......<;Nv.X/*.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):25314
                                                    Entropy (8bit):7.729848360340861
                                                    Encrypted:false
                                                    SSDEEP:384:75V23GNhfG/YvmBqWDP7G8E0GftpBjEB1vrFLrHRN7mKll7PK/pRU0:LS/Yvc7TG8Pi6BLm6IS0
                                                    MD5:C47E3430AF813DF8B02E1CB4829DD94B
                                                    SHA1:35F1F1A18AA4FD2336A4EA9C6005DBE70013C7FC
                                                    SHA-256:F2DB1E60533F0D108D5FB1004904C1F2E8557D4493F3B251A1B3055F8F1507A3
                                                    SHA-512:6F8904E658EB7D04C6880F7CC3EC63FCFE31EF2C3A768F4ECF40B115314F23774DAEE66DCE9C55FAF0AD31075A3AC27C8967FD341C23C953CA28BDC120997287
                                                    Malicious:false
                                                    Preview:MSCF.....#......D............................#...?...................#..............InterconnectedBlockProcess.glox......#..........Content.inf...<.:#.$[......O..........5f.P.5CU..6..jT..U..U..UM.T.........h................-... .......6...`.....G...........'.,DN:........... "..4..1u.....%.u..{{,....@lp..}..`.......Z...K.....Z..... Z4.<?..C.BF.....k.!Hl...]...Tvf..g....)...vny6.'..f....Z.R.`.......+....!..!.....:..4fj....."q..f..E..^!k.....M.c....R...B......g...~.........o.'.7,.e.,..7.R.e,(.+..+:....Q....f...P.H.I..U.....Jl...l...z.]7...C...<...L.,..@...i.{..e]K...2..KRW..7.-'.G.l!.n7..J.v.C...%/.....q...@..l..e..$..N..sg8]oo.(q(_.?.X.s...Ua..r0...Rz.o.eT.j...b*..}",n.qou..M.[.;%../c.x.4.z.2*.U.]..D...h...-R.$.=\3..P......N.mP......J...}BPn...g]d.5k..C.ee.ml...\.g...[.......<..6$.%.I#S9..I...6.i........_..P.n....c$.3..zw.hF......_{.+...o...[.&........&...M..m.....;....0....D7...4nQ.=/.._`._.nh.D.m..h.+....8..p..q.4.w.\...iy...*...lN6F..c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 26644 bytes, 2 files, at 0x4c "Element design set.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):42788
                                                    Entropy (8bit):7.89307894056
                                                    Encrypted:false
                                                    SSDEEP:768:Hx+UzBiwDQTXgBm029ClGn4BZz6i5kIew/jG8Pi6lYJz1gH:0ZXc29eGn2n5klwjxP7l2z1gH
                                                    MD5:21A4B7B71631C2CCDA5FBBA63751F0D2
                                                    SHA1:DE65DC641D188062EF9385CC573B070AAA8BDD28
                                                    SHA-256:AE0C5A2C8377DBA613C576B1FF73F01AE8EF4A3A4A10B078B5752FB712B3776C
                                                    SHA-512:075A9E95C6EC7E358EA8942CF55EFB72AC797DEE1F1FFCD27AD60472ED38A76048D356638EF6EAC22106F94AFEE9D543B502D5E80B964471FA7419D288867D5D
                                                    Malicious:false
                                                    Preview:MSCF.....h......L............................h...?..................@g......o...............Element design set.dotx.................Content.inf.Y/..Re..[......f........,..]....D.],....]..X.......XC4pE.....p........2..u;L.N.....]G..d.^d.$).e.=..;..Kb.../.../....H.."...w$._I..5.....a..4.Gd5p......v.8..1..%H..\..e...3.e..A..).d*.. . (.8.".......(>..<...@...~*v&.f..LWhqk]+Uep.d..%...o.....k.......e...nNN.&_.>.d.?H`"...r?..Z.p..q..<M.N.t....{*.y]#...._XW"qI...x.......}.. .N...;.}:..m8...[.r.F....^?...o...u..*...J3.V....~...~tn#.Kf6.s.|*..,s...M.$.f..?Yu.pE.1_wU...%....._..'..Z......y:.{.J5..7..Q.w}/.~.-3~Ctw=..IT.....mI.u@...y.M....2.%...y...Y..j.k<-.Q.r...7m..b...+.6..|.....U..}[...,....^....5..D..qW...[3).p.Y<.Hh..t...%cw=Z..W.~W.F....zr.4.g...O...P.g_^..3.-............3s...S..y...u...N...EsJz....tT../..c[w{cG....../6.....:.W<d5}.q..s..K"$........Ne..5..#.v'..n4.rj....Fc=....5..VN.....6..9`....|..........WX..-?..........W.)^`1.......].R2..s6...H.......
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885, number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):222992
                                                    Entropy (8bit):7.994458910952451
                                                    Encrypted:true
                                                    SSDEEP:6144:k8/c2cF9GTLqsTmYstUdx+dwb2ooiVOfiI17zWbQ:jbzqGdpbZ/Mf3h68
                                                    MD5:26BEAB9CCEAFE4FBF0B7C0362681A9D2
                                                    SHA1:F63DD970040CA9F6CFCF5793FF7D4F1F4A69C601
                                                    SHA-256:217EC1B6E00A24583B166026DEC480D447FB564CF3BCA81984684648C272F767
                                                    SHA-512:2BBEA62360E21E179014045EE95C7B330A086014F582439903F960375CA7E9C0CF5C0D5BB24E94279362965CA9D6A37E6AAA6A7C5969FC1970F6C50876582BE1
                                                    Malicious:false
                                                    Preview:MSCF.....'......D...............]............'..H?..........z..................M{. .content.inf..l.........M{. .View.thmx......R..[...........@...G...I..(J.....B....Q!....}Ju..(BR..._|.5.%.....6m...........?.w{.rm,....#....;Ba#.:v...Dv.."u.v{!...f}......!......:.S.......".z.f.......==.n.0Km0eh.Kbm.C.r.6.........d..h.....{..w..}....2sb...rvm..x...0(..B... ...BH.r#.@..d".*..F+...Q.sx.....?...d.d.eZ2W2.2d...q.I....4.e4....#.....K...3...1.p.y......>.~V....cm....n^..b.{..._D?..AG...'...k.L&..h}=p.....Wl....(.......>.~.].....'.4.W{......../......7.....'.s...w...6..hn..e.2.).l]u.v4...GF.X..X..X....G.i.\..y.g&.<&ti......Sp,j.....>I..S..%.y..........S..-).+...>...D..............[...d...jt.~<x.a(.MDW..a..ZI.;+..!,.$...~>#...).R4...K.$.Zm......b...........{..._..A{.}..r...X...T.ZI.T.).J...$.".U,.9...r.z.)......}...()<....m....QS.p...;?..5.W~2r.EZu..P.1.%'l.........+/6.Mm.|2....Ty..f.o.S.....3J.._...X,..m....:..1.<GqFy.QA9W4.=....n...ZP...O.\.[...:8.%.^..H.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500, number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):230916
                                                    Entropy (8bit):7.994759087207758
                                                    Encrypted:true
                                                    SSDEEP:6144:OTIPtMXmJWnzPS3pqnkeuJXW+FNx1a72rLiQxEBTR:750nz63/FJRFLISnp+Bt
                                                    MD5:93FA9F779520AB2D22AC4EA864B7BB34
                                                    SHA1:D1E9F53A0E012A89978A3C9DED73FB1D380A9D8A
                                                    SHA-256:6A3801C1D4CF0C19A990282D93AC16007F6CACB645F0E0684EF2EDAC02647833
                                                    SHA-512:AA91B4565C88E5DA0CF294DC4A2C91EAEB6D81DCA96069DB032412E1946212A13C3580F5C0143DD28B33F4849D2C2DF2214CE1E20598D634E78663D20F03C4E6
                                                    Malicious:false
                                                    Preview:MSCF.....F......D................g...........F...?..........|..................L.. .content.inf.zG.........L.. .Parcel.thmx.>2...R..[...0...........7....B+...BH....{...^.../.....B{...1....+".....<.....$........{.......sD"..j...}... P..w..U..f...6.x8. ...C..F.q.7....T.6p......B.P..L..g......A..43.W`.....{{...u.4...:.bb.4"X..m..)$..@(H. H.tBPTF..,.&.B.'...6..2...n..c%...Z@.(.@.......(.<i.i....P......?......o.......F.M.L......i.....C..7..../.....MQ.0..l.U.s.Fu.......1...p.;.(.}..ogd..<.._.Z......._.......O.J......97...~<...4.c....i..........'k.5.......Q.$..C..E... ..5.7....N.a.[ns6hi..kM....?....X......*9q...!O\....0....n.^s.9.6..............;. ..r...rf..C6z..v #.H...O...v/.sl....J.m%.L.Dp.e....*uO..g.y....f...].5.*........W.....h^[..w.|.=.ru.|.M..+.-.B...D.Ma....o.<X SnI....l...{..G..,..y5\W.@..y.;.y ...M..l.....e..A...d.e!.E..3.......k1.......6gY).../....pQ..?..s.W.)+R.S5..../.0..vz.^.......k.....v..9..A.NG...N~#..$.B...*s,(.o.@.ar.!.J.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):640684
                                                    Entropy (8bit):7.99860205353102
                                                    Encrypted:true
                                                    SSDEEP:12288:eV7ivfl+kbkIrWu+2aoRjwv/cSUWauGPo2v65s4QqcT3ZCCz6CSj8aC:fdhr1+3y4MWaC2CO4V+3ZCCDsO
                                                    MD5:F93364EEC6C4FFA5768DE545A2C34F07
                                                    SHA1:166398552F6B7F4509732E148F93E207DD60420B
                                                    SHA-256:296B915148B29751E68687AE37D3FAFD9FFDDF458C48EB059A964D8F2291E899
                                                    SHA-512:4F0965B4C5F543B857D9A44C7A125DDD3E8B74837A0FDD80C1FDC841BF22FC4CE4ADB83ACA8AA65A64F8AE6D764FA7B45B58556F44CFCE92BFAC43762A3BC5F4
                                                    Malicious:false
                                                    Preview:MSCF............D................4...............?..........~..................M. .content.inf."..........M. .Quotable.thmx..^.u.n..[...............&...U..F.......UU.M.T5.UUQS..j..#>43fD.....`....Vr......19'...P..j.-...6n.0c....4$.c....$.4.k3aQ$.lCN.#.[.."qc....,Z...,Qt@!.@...... ...H.......9.9.y.{....[.`..s3.5.....B....W.g.d...[uv.UW..............P.8.(.?......3.....'/F...0...8.P. .O..B....K...g..L.......#s...%..|4.i....?.3b.".....g...?.........2.O23..'..O~.+..{...C.n.L......3......Y.L...?K...o......g....@.]...T..sU.....<.._.<G.......Tu.U2..v.&..<..^..e.].cY;..9.%..}...I.y.;...WM...3>.:.=.|.-.AtT2OJ.I.#...#.y....A....\]$r...lM.%5.."...+7M..J.....c...".&$.... Y.r.B;..81B. +H...b....@7K.*.F.Z...v..=..ES.f.~.."...f..ho.X.E.a`~*...C>.&..@\.[....(.....h..]...9&...sd.H .1.x.2..t.rj..o..A..^qF.S9.5.....E.{...C|.w.c/V...0Q.M...........O.7;A4u...R..Z.B.7a.C`....p.z.....f!|.u.3t....2e.wWH..'7p....E_...e.._;..k....*&E.^.f=V..{*..al.y:.4a...+.g...-..>e
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):698244
                                                    Entropy (8bit):7.997838239368002
                                                    Encrypted:true
                                                    SSDEEP:12288:bUfKzAwwP7XAMWtr4FvMRt4lX0hnBdThiSb32+TdysrQgn7v4EemC6:sr7AMkJ34xu1bm4ZrQaY6
                                                    MD5:E29CE2663A56A1444EAA3732FFB82940
                                                    SHA1:767A14B51BE74D443B5A3FEFF4D870C61CB76501
                                                    SHA-256:3732EB6166945DB2BF792DA04199B5C4A0FB3C96621ECBFDEAF2EA1699BA88EE
                                                    SHA-512:6BC420F3A69E03D01A955570DC0656C83C9E842C99CF7B429122E612E1E54875C61063843D8A24DB7EC2035626F02DDABF6D84FC3902184C1EFF3583DBB4D3D8
                                                    Malicious:false
                                                    Preview:MSCF....lh......D...............P...........lh...?..........|..................M. .Berlin.thmx............M. .content.inf..lH.lj..[...............7.I..)........P..5x.B/^y5.xk^^......D.F........s....y...?D.....*.....&....".o..pl..Q.jm?_...6......=%.p.{.)S..y...$......,4..>#.........)..."-....K....4.E...L=.......4..p.c..nQ.0..ZO.#.....e.N..`U......oS....V..X[t.E)|.h..R....$..}.{.F.7....^.....w.,...5rBR.....{.......mi...h.b......w+..;.hV......q..(.7&.Z.l...C."j........[-E4h.....v&..~.p$|\X...8.....Fj'%,.)6w...u|C..,y..E..`*Up../(....2.(....Z.....,.'...d..s..Z....5.g.?Nq..04...f...D.x....q+.b.."v`{.NL....C..... ..n......1N+.I.{W9....2r.0...BaC.....O..=...k..."..8.D\jK.B...Aj....6,B..2...I.. B..^.4..1.K+.....DP...Mr....9..x[...>........?.Zd..'._2.._..>..'.F..#.w...2..~.|........q_Wy.W.....~..Qex.km/..f......t.q..p..gm.|.x.... ,.#\Z....p....a.}...%..v.J.Es......I.b.P?...0......F.x....E..j..6.%..E..-O.k...b .^.h.Cv...Z....D.n.d:.d.F..x...[1...B..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349, number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):953453
                                                    Entropy (8bit):7.99899040756787
                                                    Encrypted:true
                                                    SSDEEP:24576:9B1Onw3vg7aeYPagzbJ5Vhv6LnV2Dhl7GEYqVjcyd:vww3o7BYPJbJ5Vh6UCqZfd
                                                    MD5:D4EAC009E9E7B64B8B001AE82B8102FA
                                                    SHA1:D8D166494D5813DB20EA1231DA4B1F8A9B312119
                                                    SHA-256:8B0631DA4DC79E036251379A0A68C3BA977F14BCC797BA0EB9692F8BB90DDB4D
                                                    SHA-512:561653F9920661027D006E7DEF7FB27DE23B934E4860E0DF78C97D183B7CEBD9DCE0D395E2018EEF1C02FC6818A179A661E18A2C26C4180AFEE5EF4F9C9C6035
                                                    Malicious:false
                                                    Preview:MSCF....]M......D...............=...........]M...?..........}..."..............Li. .content.inf............Li. .Gallery.thmx.].(.Vq..[.....0Y..........v.....w.wwwww.wwwwww.w.....".83....y8..mg...o*..U..N(..@uD.:O<........{.G....~~.....c.c.5..6./|G .@#1O.B.............PT@...b.d.~..U....B.{.........0.H.....`.H.`..'S.......Ic..W..x...z....... .........g......._....o......S......p...$....._........._...K......x..?.6.U~...'./.r.................../.......5.8..2........2b.@j ....0.........``....H... ,5...........X........|..Y.QoiW..*|.......x.sO8...Yb....7...m..b.f.hv..b......=...:Ar.-...[..A\.D..g..u....].9..M...'.R-`.....<..+.....]...1.^..I.z..W{.._....L.. ...4;..6O.....9,.-.Vt+b/$7..}.O05.Y...-..S.....$*.....1."Z.r;.!..E.mMN..s .U...P%.[.P...cU...j...h.d.../.s..N/..:..X*...p5.7\}h.Q ..._.F.X.C..z$.nV..+.k..|.@.L...&.........^#.G.a..x..w!wx.8e+..E. i..$?9..8...:......|..[."..y..&y..?...W....s..._...3Z0c.....i.q.........1c.jI....W..^%xH.._...n.......&J..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609, number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):1065873
                                                    Entropy (8bit):7.998277814657051
                                                    Encrypted:true
                                                    SSDEEP:24576:qehtHA3nsAOx7yN7THwxdGpkw8R60aTcua5U4c:hhmnsBMNAxdGpV5za5Uv
                                                    MD5:E1101CCA6E3FEDB28B57AF4C41B50D37
                                                    SHA1:990421B1D858B756E6695B004B26CDCCAE478C23
                                                    SHA-256:69B2675E47917A9469F771D0C634BD62B2DFA0F5D4AF3FD7AFE9196BF889C19E
                                                    SHA-512:B1EDEA65B6D0705A298BFF85FC894A11C1F86B43FAC3C2149D0BD4A13EDCD744AF337957CBC21A33AB7A948C11EA9F389F3A896B6B1423A504E7028C71300C44
                                                    Malicious:false
                                                    Preview:MSCF....q.......D...........................q... ?..........{...%..............M. .content.inf.Q_.........M. .Savon.thmx...O>.o..[..............&.5....UUcC.C....A...`TU...F....".54.E.....g.-.7-D....1g...p.6......@..w(....h'?.....(..........p..J.2n$4.........A......?...........@.C.W.R.5X..:..*..I..?....r.y..~!.....!.A.a...!........O.........5.x<C...?.?....C.C.......'....F../....../.$................4.7...................P...(.w.}6.........7.....01.1r........._..?.............'.._..JOx.CFA<.........*0..2.?...>F.../...;..6-8..4...8&yb....".1%..v'..N...x......}.gYb..~L.....f[..!......Y.G.....p..r...?.p...F.Vy.....o.Whll...+...M.V...:.]...B.%.H....n..@.].zaVxf...y{.@....V.t.W....$Kp-.....7W.J..h..0A3mK.=.ub..R...W......*'T2..G#G,.^..T..XZu...U. ...76.d..#.I.JB.v...d...%.....6..O.K.[.:.L.\.....1.D..2a.>f......X...b5...ZgN.u.f...a!..."...sx....>..?.a.3.8.^._q..JS1.E..9..Lg.n.+....lE.f:j.9)Q..H1=..<.R.......{c>:.p[..S.9h.a.gL.U....8.z..z.!.....2I.~.b..2..c...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309, number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):1097591
                                                    Entropy (8bit):7.99825462915052
                                                    Encrypted:true
                                                    SSDEEP:24576:UE9BMy98gA4cDWHkSrDans3MfEE6w8OaVuCibol0j41dwD:UE9Bdy3D4keQWt7w85VuVoaj4/Q
                                                    MD5:BF95E967E7D1CEC8EFE426BC0127D3DE
                                                    SHA1:BA44C5500A36D748A9A60A23DB47116D37FD61BC
                                                    SHA-256:4C3B008E0EB10A722D8FEDB325BFB97EDAA609B1E901295F224DD4CB4DF5FC26
                                                    SHA-512:0697E394ABAC429B00C3A4F8DB9F509E5D45FF91F3C2AF2C2A330D465825F058778C06B129865B6107A0731762AD73777389BB0E319B53E6B28C363232FA2CE8
                                                    Malicious:false
                                                    Preview:MSCF............D...............-,..............x?..........}...-...RU.........M. .Circuit.thmx.....RU.....M. .content.inf.g...&|..[......=..R.....=.*,.!QA?h..Q.!....Uk!.HJ.......VKuk.....q.w.w.U.....;...K.@.URA..0..B..|rv.ND(.`{..@.1.}...s?.....-...O.(V.w..1..a.....aW...a.Z..aX....5.I...!..........(. ./.d...me.( ..f.........w.......Xp.s....c..vB.98.....C.J......V ..ML.M...B.n.>...|....u!.5@t..q4....(K...u qL.S....>/%v%.2..TF.].e..'..-..L.N..c].a..(WU\o.%^..;...|o.6..L..[..;&....^p.Lu.sr,-.R=.:.8.>VOB...:.?$.*h.o....Zh.h....`.B.c.../K......b^...;2..bY.[.V.Q8....@..V7....I0c.cQN7..I.p..}..!..M....1K....+....9.2......a..W.V..........;.J .i......]%O.-......CeQ.0.c....MbP3.0.w..8w..Y...|...H;#.J.+M......>.`y..aWk|.i.BF.pJv;.....S..6....F.....RLG~..........J.=......"..........H.....h..o...u........M.6F?.F.p.B.>./*l....J.R..#P.....K......<iu..gm^..n...#c..zO"7M.O......4'>A..(.E.Cy.N.)....6.tx.r[.....7.......m.t..E?.....5.5.6.\..{.V.T.D.j..=~a^.I
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417, number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):1310275
                                                    Entropy (8bit):7.9985829899274385
                                                    Encrypted:true
                                                    SSDEEP:24576:NN3M9UHpHZE4aubaPubP3M6d71FdtmFAjq+54/79LVzG+VnS:NN3M9UJHZE4abPyU4JtmFCq+q/7JlVS
                                                    MD5:9C9F49A47222C18025CC25575337A965
                                                    SHA1:E42EDB33471D7C1752DCC42C06DD3F9FDA8B25F0
                                                    SHA-256:ADA7EFF0676D9CCE1935D5485F3DDE35C594D343658FB1DA42CB5A48FC3FC16A
                                                    SHA-512:9FDCBAB988CBE97BFD931B727D31BA6B8ECF795D0679A714B9AFBC2C26E7DCF529E7A51289C7A1AE7EF04F4A923C2D7966D5AF7C0BC766DCD0FCA90251576794
                                                    Malicious:false
                                                    Preview:MSCF...........D...............9..............XJ..........}...6..............M.. .content.inf............M.. .Droplet.thmx..m7.>J..[...............2.QQPIj.*.."o^R.H5*^...^(e.W...R..x..^`..m...."..+.....{o.......Q.-....$V.N>...T]..L.... ..N.h..dOY.......S......N.%.d..d....Y.....e..$...<.m...`............@....=.z..n..[...,G..1Fn.qPDH{C<...3.Q...2..r..*...E.E.E.ErM"&a..'..W....:...?I..<.I..6o.`.d.?!..!..._.4\.._.E..).._O.S....; ..#..p.H.....c....o\.K..?$U.e.........!...J.v.....gNe._..[....#A.O.n_.....gm:P._.........{@..-g..j.69b.NH.I.$Hk?.6.n...@......'.C.._.U..:*,j.-G.....e.#.Sr.t.L......d[.[...s.....rx.3.F[.5o..:....K*.x..)M.fb...3IP.&h.Q.VX^%U.......x..l......@6.k.P..zSW.?....F..[L...4..b.l.w."&.....`.j...i.5}".~.-.....{\.:...o.'H\*+)....3.Y......\...f:.;....e........4't7..f...w..j...3....N..9`.J...P..?.....=3_.y]...f.<.......JM5.}Q/ .F.a..Z.._yh......V..>m .......a....f....!.hz..\.....F_..'z...,....h.=.......=.o..T....3.e..........$..g.2.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 15691 bytes, 2 files, at 0x4c "gb.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):31835
                                                    Entropy (8bit):7.81952379746457
                                                    Encrypted:false
                                                    SSDEEP:768:ltJDH8NmUekomvNufaqA8Pi6x5q3KQIGu:lvINukgzP7x5mRIGu
                                                    MD5:92A819D434A8AAEA2C65F0CC2F33BB3A
                                                    SHA1:85C3F1801EFFEA1EA10A8429B0875FC30893F2C8
                                                    SHA-256:5D13F9907AC381D19F0A7552FD6D9FC07C9BD42C0F9CE017FFF75587E1890375
                                                    SHA-512:01339E04130E08573DF7DBDFE25D82ED1D248B8D127BB90D536ECF4A26F5554E793E51E1A1800F61790738CC386121E443E942544246C60E47E25756F0C810A3
                                                    Malicious:false
                                                    Preview:MSCF....K=......L...........................K=...?..................q<......................gb.xsl.................Content.inf.EF/.....[...A....3D.4..oVP!i/......t.6..l&9r0.8......c..q.^........$/..(./H ...^_Z0\4.42WU......P.F..9.._....'.D..<H@..E.b,K..9o..wo..v|..[.{7m.......|}aI..|g....IF2au?.1,..3.H.......ed....-.........m....$..8&0..w........2....s....z..d.Z.e.....@$r[..r..4...."E.Q@...Hh.B"b>...$.L.$.P.._..~.?./T..@..F..?.~G...MS..O%Z3*k..:..._...!GF..U...!..W..$..7...j......xy0..../.j..~4......8...YV....Fe.LU..J.B.k%BT5.X.q.w.a4....5..r...W.6.u...]i...t.....e.\.K............#t.c5.6....j...?#..{.m3.L9...E/....B[R.k(.'....S.'.}!j.tL..v....L....{<.m4......d_kD..D.....4`aC....rg..S..F.b..^........g;.`?,......\..T.\.H.8W.!V...1.T1.....|.Uh....T..yD'..R.......,.`h..~.....=......4..6E..x#XcVlc_S54 ..Q.4!V..P...{w..z.*..u.v....DC...W.(>4..a..h.t.F.Z...C.....&..%v...kt....n..2....+.@...EW.GE..%.:R`,}v.%.nx.P.#.f.......:.5(...]...n3{...v........Q..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969, number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):1766185
                                                    Entropy (8bit):7.9991290831091115
                                                    Encrypted:true
                                                    SSDEEP:24576:O/gjMj+RP9Q07h9F75a0BXjBccHMVk2Hq2SkGa0QglyZtxmdPP2LcSUtfgfp16Yx:kJ6RP9Q07/X5V7yVF0QgktxAPutUt0zP
                                                    MD5:828F96031F40BF8EBCB5E52AAEEB7E4C
                                                    SHA1:CACC32738A0A66C8FE51A81ED8E27A6F82E69EB2
                                                    SHA-256:640AD075B555D4A2143F909EAFD91F54076F5DDE42A2B11CD897BC564B5D7FF7
                                                    SHA-512:61F6355FF4D984931E79624394CCCA217054AE0F61B9AF1A1EDED5ACCA3D6FEF8940E338C313BE63FC766E6E7161CAFA0C8AE44AD4E0BE26C22FF17E2E6ABAF7
                                                    Malicious:false
                                                    Preview:MSCF............D...............)q..............0?..........{...H..............M.. .content.inf.;.#........M.. .Slate.thmx.p.+..P..[......U..............p..K.!.......*...K..w..v........=....D$r...B....6 ...X.F0..d..m.s...$$r........m.)6.m3....vXn.l..o...a...V......Ru.:=2M.........T.....4S`EP......\..r,..v...G.P......'._H0]..%_............X.P.,.............H.?.-.H..".......M..&..o....R........<......`...D.H.._.G.Qv..(.*.U,.9..D...."..T..i.e../.e.."....,S...o.X.....c./..V....Z..o.O..2....{...+... ....0.@J.R.Q.m.....{.....h?u.q.O{...l.d)..Yk`.....#...u.-.m..#CXwrz4..7.>......v.E:.#.oGSKS.TX.Chm.4aQ......avH..{..j+@6[k].....`c..W8..j.v.Zh.]....4......K..#Hzyd..K}.....H|<H..\(l...+..%Z......~.S:^..d>..1..H%..7N-v.....Wu.*..b^.B.....k0gc.2.{.!...E7.}3.d...{.Ye...&#f6...:2......v..&!..k0d.p.b...,..$.....Y..60...h.N}.r...<[./........{...Es..&.nf.....2.@Fh3.9.G....l.[.C..SD/6.H.K....}..m....M..........gl.P.]..I......5....e.c...V....P...[.=.......O.eq+
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129, number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):2591108
                                                    Entropy (8bit):7.999030891647433
                                                    Encrypted:true
                                                    SSDEEP:49152:ZSBBeAefkpB5iXfQJgi7JBaCCRZ3cM2VDHkvSJO6qzI1tE9Rn:EBI6gbCkMPDHKSJO6qsP6n
                                                    MD5:BEB12A0464D096CA33BAEA4352CE800F
                                                    SHA1:F678D650B4A41676BA05C836D462F34BDC5BF648
                                                    SHA-256:A44166F5C9F2553555A43586BA5DB1C1DE54D72D308A48268F27C6A00076B1CA
                                                    SHA-512:B6E7CCD1ECBB9A49FC72E40771725825DAF41DDB2FF8EA4ECCE18B8FA1A59D3B2C474ADD055F30DA58C7E833A6E6555EBB77CCC324B61CA337187B4B41F7008B
                                                    Malicious:false
                                                    Preview:MSCF.....D'.....D............................D'..D..........z...^..............M7. .content.inf............M7. .Mesh.thmx....&~j..[.....0.................]............ww,v.\....D......3m..m!f..0..E{..?..`..A...k.:....I..........|bmG.FS...f.;.J.vzb.......R.......-....|.......ESD.....".4M..M..t.N....y..,..#.4.5.2.......'.8.Q..3.D..T....!.......&rJg...s........(..9........Dw..'....9.-..G.c............E.. .O.....a..O.._..s..)7Wz~....bJ..D...o....0..R/.#...?.......~6.Q?....?y...g.?............TP..r-...>....-..!.6...B.....\../...2....4...p$...Oge.G.?.....S.#x(..$.A~.U.%f....dJ..S.f{.g.._..3{.fm2.....Z.\o&.[k.m....ko.8..r.-.Go.OQ..'!6..f.L...Ud.$.q*.L.....R.. J.T&4g...7.2K...#k.[.].:....lk.....;c..DRx.`..&L..cpv*.>.Ngz~.{..v5.\...'C.<R:.C8.|.fE{......K...).....T...gz}..rF..Q.dof7.....D.f=cm...U|.O.]F...5zg(.. ....S..._?D....^..+.i...Z.....+X..U!4qy..._..`I..>./.W.7......=.O....BG..=..%9|...3.?...}.$"..H..u...0.......a..:t?.....8...Z..#g.=<.e.`\......KQ..U....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852, number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):1881952
                                                    Entropy (8bit):7.999066394602922
                                                    Encrypted:true
                                                    SSDEEP:49152:6Wp9u/ZAvKz7ZFCejPiSmYXKIr6kBwBUA:6W6Bn7ZFNiiKo2l
                                                    MD5:53C5F45B22E133B28D4BD3B5A350FDBD
                                                    SHA1:D180CFB1438D27F76E1919DA3E84F307CB83434F
                                                    SHA-256:8AF4C7CAC47D2B9C7ADEADF276EDAE830B4CC5FFE7E765E3C3D7B3FADCB5F273
                                                    SHA-512:46AD3DA58C63CA62FCFC4FAF9A7B5B320F4898A1E84EEF4DE16E0C0843BAFE078982FC9F78C5AC6511740B35382400B5F7AC3AE99BB52E32AD9639437DB481D1
                                                    Malicious:false
                                                    Preview:MSCF.....x......D...............l............x..`?..........|...D..............M[. .content.inf...!........M[. .Damask.thmx...o.PI..[.............../.TU.jj0..3jCUPU.jF...m.UU.P}.....PU..*........w..#....E..].................A.. w.$..@..'g.......6%:..r9..d.M;M+.r.8[d{.s..dh..(P..........!.. ..ne..f.Nc..#..Y..q....KB}..b].@..F.&.t....E.........@&.m......$w......q...:.H....p.p.....?.9x.. .....?...ao....I....................o......g.u..;."....O;....{..(k..._.w/.Z......Jb..P.O?...........?....F....ty..72......! #....v..J......?.....!,.5.7..Em.....is.h.. \.H*)i1v..zwp.....P.....x].X{O//..\....Z>z....6...+..a.c...;.K..+...?014..p.w%o^.....]...MguF...`....r.S.......eF..):.dnk#.p{..<..{..Ym...>...H......x.}.hI..M....e......*G.&.?..~.~G6.....+...D..p...._...T....F6.[Cx./Q..Xe.>.;.}>.^..:..SB.X..2.......(A..&j9....\\.......Haf+]Y...$t^Y=........><.w....tL../E...%6.Vr~MI...l.....<.0.I....7.Q8y.f.uu...I.p..O..eYYS.O......9..Qo.......:..........o.............{
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):307348
                                                    Entropy (8bit):7.996451393909308
                                                    Encrypted:true
                                                    SSDEEP:6144:7vH3uG+yiWx0eVJyORloyyDqnHefzOs81MrXLXx7:b36yiWH/LRS2CJl1
                                                    MD5:0EBC45AA0E67CC435D0745438371F948
                                                    SHA1:5584210C4A8B04F9C78F703734387391D6B5B347
                                                    SHA-256:3744BFA286CFCFF46E51E6A68823A23F55416CD6619156B5929FED1F7778F1C7
                                                    SHA-512:31761037C723C515C1A9A404E235FE0B412222CB239B86162D17763565D0CCB010397376FB9B61B38A6AEBDD5E6857FD8383045F924AF8A83F2C9B9AF6B81407
                                                    Malicious:false
                                                    Preview:MSCF....tq......D...........................tq.. ?..........|..................Mn. .Banded.thmx............Mn. .content.inf..;.u.i..[...............?....^.j.{j.B...$M/!...W....{!..^0x/.6...&............w......$.B..J.?a.$=...P..L...d..........+./.\..E:h.....-.$..u-.I..L\.M.r..Y..:rtX:....8...........+8.}{......&.-..f.f..s3-P.''.r...Z-"/E../...^%^N(,.$..$.H..O........q>...|.|......y..m.)u....`.....z.n..-.[.5....xL....M...O..3uCX..=4.....7.yh...dg.;..c.x.4..6..e..p.e"..,.!.St{..E..^I.9j....;..`.Y..#.0..f...G.....9~./....QCz.93..u%hz.........t9.""........)..7K.c~E!..x.E.p...[......o..O.j.c.......6.t{...".....t9V;xv....n<.F.S2.gI.#6...u..O..F.9.[.L.....K....#..zL..I...o....k...qog.......V..BKM..#.bET.)..&4..m.w...*....E.a[.Q.y.B...w...r.nd...)...<..#..r[4.y...#.z.....m?.2K.^...R{..m..f......r?]..>@...ra$...C+..l].9...."..rM9=......]".'...b&2e...y..a..4....ML..f...f"..l..&.Rv=2LL..4...3t_x...G....w..I.K....s.t.....).......{ur.y2...O3.K*f.*P(..F..-.y.Z...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID 59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):2527736
                                                    Entropy (8bit):7.992272975565323
                                                    Encrypted:true
                                                    SSDEEP:49152:NFXdpz4d98p/q5jA4q+9Uf5kx6wHR8WfPJZVhWzH4dRze76YP9nJ7yyAInT76nSY:NFXdKx5sM9SmxHKexZVhutJJVpCSqa0Z
                                                    MD5:F256ACA509B4C6C0144D278C7036B0A8
                                                    SHA1:93F6106D0759AFD0061F73B876AA9CAB05AA8EF6
                                                    SHA-256:AD26761D59F1FA9783C2F49184A2E8FE55FCD46CD3C49FFC099C02310649DC67
                                                    SHA-512:08C57661F8CC9B547BBE42B4A5F8072B979E93346679ADE23CA685C0085F7BC14C26707B3D3C02F124359EBB640816E13763C7546FF095C96D2BB090320F3A95
                                                    Malicious:false
                                                    Preview:MSCF.....R&.....D............................R&.8?..............Z..............M). .content.inf..,........M). .Main_Event.thmx......R..[...............=.1.^xa..^...../..^x....QA^"....^/.I.{/F..F..........6Vn. ..._Hmc......<....#.{.@.....Xl../Y....Ye..'V.f.S.Vf.T..0t+..y...5O...{.....-.dT...........!...[ .ns..k.....QAA.. ....B..u.`.....{.\u8.0.....@t........K....@..w.......>...-1F...........1.E....O............_M.m..CP.O......X......g......].../..:C...Q...i.._"...M..1o...S../...9....k;...}S........y..;1o....1h......t.CL.3...].@...T...4.6.}.....M...f...[.s.."f....nZ.W......0.c.{.`.^..Oo.[.JT.2].^.f..a....kO......Q..G..s.5...V.Wj.....e...I,]...SHa..U.N.N.....v.C.....x..J{.Z.t...]WN...77BO-J......g......3:i..2..EFeL.,n..t:..,~4gt.w...M.5.'h.L..#..A&.O.ys%K.Z....F.PW..=jH...jGB.i..j.J.^.#.\n...J@.....-5.f.1jZ68.o...H2.......$O...>..ld&,#$.&_....yl.fkP$.........l....s....i.tx.~<.z...>..2.Gx..B..z.E.3.N<....`$.....b..?.w.[.X..1.=q!.s......v.......r.w
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x4c "chicago.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):33610
                                                    Entropy (8bit):7.8340762758330476
                                                    Encrypted:false
                                                    SSDEEP:768:IlFYcxiahedKSDNAPk5WEEfA8Pi6xnOKMRA58:2JitdKsNAM5WBDP7xOKMq58
                                                    MD5:51804E255C573176039F4D5B55C12AB2
                                                    SHA1:A4822E5072B858A7CCA7DE948CAA7D2268F1BB4B
                                                    SHA-256:3C6F66790C543D4E9D8E0E6F476B1ACADF0A5FCDD561B8484D8DDDADFDF8134B
                                                    SHA-512:2AC8B1E433C9283377B725A03AE72374663FEC81ABBA4C049B80409819BB9613E135FCD640ED433701795BDF4D5822461D76A06859C4084E7BAE216D771BB091
                                                    Malicious:false
                                                    Preview:MSCF....:D......L...........................:D...?..................XC.....................chicago.xsl. ...............Content.inf.!..B...[...H."m..3C.6...WP!i/Z..vn._...^omvw+...^..L.4o...g..y......^..x...BH.B.K....w.....F........p ./gg.h.0I',.$..a.`.*...^..vi..mw..........K....oQ............P...#...3.......U(.=...q.~?..H..?.'I4'.......X...}w.vw.....f.n..f{3.....-....%dK&q..D.H.Z..h-..H.[$ %.."..e....1...$.............'.....B..%..4...&`S!DQ...M.......N~............S..'....M..4E.^..dej..i..+.`...6F%sJ....Q..d.(*.s.Z...U-5Eh.s.CK...K..X$......j..T.?.`.|...=..R...-7...*...TU.....7a...&I.noOK|.W.R-+S.d..rR.....{h.Y...)..xJ..=.XM..o...P'.I4m..~I..C..m.....f.....;{Mzg+Wm.~...z...r-.....eK...lj:^.1g5...7.h(T"..t?5......u.....G.Z<..sL.\{...8=t...Z...'tps.:...|....6.....S..X...I...6l.M.....aq.;YS....{:.&.'.&.F.l...\.[L.%.so\.v.Lo...zO.^^...p..*9k...).CC..F0>L...VUE4.......2..c..p.rCi..#...b.C@o.l.. E_b..{d...hX.\_!a#.E.....yS.H...aZ...~D3.pj: ss?.]....~
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 15338 bytes, 2 files, at 0x4c "gosttitle.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):31482
                                                    Entropy (8bit):7.808057272318224
                                                    Encrypted:false
                                                    SSDEEP:768:LgHv7aLOcoLGQ4EykdrHwLa+A8Pi6Iv8ACIa:LwvWyx4EykdTwLaWP7I0ACIa
                                                    MD5:F10DF902980F1D5BEEA96B2C668408A7
                                                    SHA1:92D341581B9E24284B7C29E5623F8028DBBAAFE9
                                                    SHA-256:E0100320A4F63E07C77138A89EA24A1CBD69784A89FE3BF83E35576114B4CE02
                                                    SHA-512:00A8FBCD17D791289AC8F12DC3C404B0AFD240278492DF74D2C5F37609B11D91A26D737BE95D3FE01CDBC25EEDC6DA0C2D63A2CCC4AB208D6E054014083365FB
                                                    Malicious:false
                                                    Preview:MSCF.....;......L............................;...?...................;......................gosttitle.xsl.$...............Content.inf....v....[...=..Ic.32.E...`o.............m....4uk[.,.......{...}k{.R@(Hq..68nv...@.D.....$...j....8Q..........8.8........3...*.bi?Wt...:(..J.;&eii..io.w..z...`.'..i.MLR@.>....N..3`P.>$X@(r.#.D..(....P"_..I.$o.. L!y...I...H.........{.{....{.3....7..w..{w.2sn.dYn.lW...l...c$.UH....L6. .D$$...!F.!... .D............_..'.`.Q.v>..Z..f.n.l....0o.......bK...?s..eO....'.>t......S'..........~....h...v&7:q.x9|qs...%....:..D...ag.....e..'...".A.Y..?w"....p1t.9J.~.4.........~vj.n.8.;.O......../.}..io{p...e...\m.d`.gAm.......1"...N*...8..g"......~..[.e+.....\6i4.....%...Rq.U-p?..4P..4.f.?N.vI?.M\i.;.s..E.L.hu.*...\..5....N......]......\`...rS.\g.....2..!a).?.l.!i.^.t.u...x...g/.A..v.E...\.@.>kM...&.g.....%.......{.....2..E.g...'..[w...N.w..& 4M.a.cu.%:...\.D..Q..C.'fm..i....@._......QI.. ....h..|fB.il.(`..h.d;.l...`.s:
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 12767 bytes, 2 files, at 0x4c "ieee2006officeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):28911
                                                    Entropy (8bit):7.7784119983764715
                                                    Encrypted:false
                                                    SSDEEP:384:WnJY165YD0tPYoCKa3HueqRyzVscLk1Yj2GjcgbA8E0GftpBjE2kWTpjFLrHRN7N:X4rtPzCK6uRoljXBA8Pi62ZphL0HRA5p
                                                    MD5:6D787B1E223DB6B91B69238062CCA872
                                                    SHA1:A02F3D847D1F8973E854B89D4558413EA2E349F7
                                                    SHA-256:DA2F261C3C82E229A097A9302C8580F014BB6442825DB47C008DA097CFCE0EE4
                                                    SHA-512:9856D88D5C63CD6EBCF26E5D7521F194FA6B6E7BF55DD2E0238457A1B760EB8FB0D573A6E85E819BF8E5BE596537E99BC8C2DCE7EC6E2809A43490CACCD44169
                                                    Malicious:false
                                                    Preview:MSCF.....1......L............................1...?...................0......"}..............ieee2006officeonline.xsl.:...............Content.inf.........[...G."...3$pE...G B....m3o[...I2&.f.,\..........}.n..{..e.8!^.3.A@...x..... .D.52gU..]..."..N8....s..CS..J3..HV...m...y..o....F.z......V.j._....=~k.....'.dY........1........#...d13.g.&C...C.xw.`f.hf..........]M....m.m....ud...,+.H~..cL...e#;(RI...eA....I.b...E...2..(...$.j...L...$..A....'[...H9..&..G.Q....".M.yl....]..?j%+....O~.*....|.se...K\.B"W..F.5.......=s...l.Y...K..yN.TBH[...sTWR.N.d...WEa....T.d.K.^sauI......m..s=.,qso5.b.V.s.]..9..,k4.\..L.;D...........;r.C...7.w.j..:N8.V6..a.3..j:A.mA..To..$.5....:./..p.x.3.=..__...8.EB.K.*..].-."..5-XU..J.....=o..K.Wavg.o].z.9.gk.._.........MZ.<.5............OY.n.o...r.9v.c.......[n.[..D...d..}.j.....LB,]_.9..St.@..C....\...^....-&.njq..!P....G^.....w.7.p~.......M..g.J............t1......q.w.rx...qp.....E.........-...2..G.........z.]B........d....C.@...@.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):22149
                                                    Entropy (8bit):7.659898883631361
                                                    Encrypted:false
                                                    SSDEEP:384:b98FG/zdCbf7BOEawSi8E0GftpBjEPTFPxFLrHRN7S5ll7PK/pA2:N/zAbDae8Pi6PFPSRIA2
                                                    MD5:66C5199CF4FB18BD4F9F3F2CCB074007
                                                    SHA1:BA9D8765FFC938549CC19B69B3BF5E6522FB062E
                                                    SHA-256:4A7DC4ED098E580C8D623C51B57C0BC1D601C45F40B60F39BBA5F063377C3C1F
                                                    SHA-512:94C434A131CDE47CB64BCD2FB8AF442482F8ECFA63D958C832ECA935DEB10D360034EF497E2EBB720C72B4C1D7A1130A64811D362054E1D52A441B91C46034B0
                                                    Malicious:false
                                                    Preview:MSCF....u.......D...........................u....?..................................HexagonRadial.glox.................Content.inf.........[.....`........./.mT.T6...CP..z5...0.PcUmCUSUCU.Q.P.0..f............^...H..2e.[..8...ld......*F.%.j.w!R..NA.L............ .r..z....$&.........P.=.r...O...e..dfv_.i%.C....^......?..x...+d..].B.3..EU...|Cc..z.`lQp..fr.....8!;.8.p.ZwH\.........~..T.t..]..H.]..S.2..Vt.....r.H../..-8........!:.Y&..|A..J.U...-.%..k..U...4m.. .q../..b.8.vc~......_q1.?..Bh.v.....L..I.$I..s.".u.. Y....I^5.v...3.......].^)b.t.j...=...Ze~.O...|.}T.._9c........L....BV.^......X..?.....{.>.j..5.m...d.7........g[..f.nST...i..t..|.T.jjS..4p.Pxu..*..W...|.A)..|9;....H.e.^.8D..S...M..Lj.|...M.m+..H.....8.&-....=.L.....n.v..M.9...l....=r......K.F.j.(.(xD.3..r'9.K..-...5..Z..x....._....a[...J...`.b_a\\j.ed..\.3.5....S.T...ms.....E...Xl.y.LH=...}..0.T...04.4..B[..H.....B{B9.h..=.8Mn.*.TL.c..y.s.?.c9$l...).h).6..;.X../_>Pl...O...U.R..v.dy$A
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 14813 bytes, 2 files, at 0x4c "iso690nmerical.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 7 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):30957
                                                    Entropy (8bit):7.808231503692675
                                                    Encrypted:false
                                                    SSDEEP:384:rKfgT03jNkAFbgUQWtxq9OGh1bBkd/1MVHb5iVOdMgbA8E0GftpBjEl8tFLrHRNF:r303jOrUQAkfhopWHbA8Pi6l8zuUIq
                                                    MD5:D3C9036E4E1159E832B1B4D2E9D42BF0
                                                    SHA1:966E04B7A8016D7FDAFE2C611957F6E946FAB1B9
                                                    SHA-256:434576EB1A16C2D14D666A33EDDE76717C896D79F45DF56742AFD90ACB9F21CE
                                                    SHA-512:D28D7F467F072985BCFCC6449AD16D528D531EB81912D4C3D956CF8936F96D474B18E7992B16D6834E9D2782470D193A17598CAB55A7F9EB0824BC3F069216B6
                                                    Malicious:false
                                                    Preview:MSCF.....9......L............................9...?...................8......1P..............iso690nmerical.xsl.................Content.inf...A@...[...5.....33.E...P.../..........5sv.]3srm8.T.=.......}.v.T.. ..4IH.r.%Z.(.q.\+K..[,....E....A......#CEF..}p..Y/s$...YKI.#M.?.t.1#C....I..v.vn...-...v7../S.m.Ma.....!.Y....4.......3.3....c&R9..%......(J..BDMI.>7J.....".....}.w.}w.wg.v...^.n.{....{f.mlI..%.#..I..S....D..QJ U......4........K.(@....DH.....}...8;..z...&0%e..G.OAM..x.3......\....zS9....}......89.B...e.W.p{;.....m.m3...}....../...q.~..;.,..".j.g..^N............iC.../|...g.=..9.Q].Gf.....QA....74..v.....9.n[......0.}..jo{y./.2..Ym......;u...b.(Jz^.....~..uM...{s../..#.)n2..S.S.c..6)U.V....!.'R.......P.S.D..S.p/......D.......{......?.u.",...Mp._....N..+..=Y#..&0w....r.......$.xwC......P.e7.>O....7....].y%q^S'....*.C.`.?..}Q..k../u.TK...y........S...{T.?......[.H.'L..AS.Y.|*..b...J.H-.^U>'9..uD[.".b[.l.......o..6.L).h.B0RJa.b..|m:.):......F
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID 19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
                                                    Category:dropped
                                                    Size (bytes):3256855
                                                    Entropy (8bit):7.996842935632312
                                                    Encrypted:true
                                                    SSDEEP:98304:wh7I1aeH9YvgK+A+a7GiiQzP4YZDpQ2+Sd6Y:w21ay93aypQzzhpBL/
                                                    MD5:8867BDF5FC754DA9DA6F5BA341334595
                                                    SHA1:5067CCE84C6C682B75C1EF3DEA067A8D58D80FA9
                                                    SHA-256:42323DD1D3E88C3207E16E0C95CA1048F2E4CD66183AD23B90171DA381D37B58
                                                    SHA-512:93421D7FE305D27E7E2FD8521A8B328063CD22FE4DE67CCCF5D3B8F0258EF28027195C53062D179CD2EBA3A7E6F6A34A7A29297D4AF57650AA6DD19D1EF8413D
                                                    Malicious:false
                                                    Preview:MSCF....Gm1.....D...............cM..........Gm1..D..............o... ..........MP. .content.inf...7. ......MP. .Vapor_Trail.thmx..n...N..[......L........7...+I..x...P7/...BH..Rm.\yqi.x..B....{.m.............=.....p.%.@......BpV.[......C.4..X./..Y.'SB..........0.Gr.FG.).....R\...2..Jt..1..._.4_B..................cn7H.-.....Q...1..G{G.~.. '.$......@.(....=@=..`....@.@.A. ....'.4`. .@....D...'....S.s..9.7" /....?.aY.c.........LG....k...?_.....P.....?.1.....FB..m..t...['......:...?...W..../~..z.Tr...X.@...._....3..N..p.....b...t.....^..t...~..t.8A...t_....D..3R.Z.=..{.A.8).3-5..v.isz....0A~%.s.D.4....k.K......8......)R.}f.E..n.g&:W...'E....4%T..>......b.y..[..zI....e...j.s....F.....|7826U.C.,..BY.U.F.f......"..#.m..,..._...#.\.....gPP.2.}Kas......g..3.d0.Z.Z.]..n......MY]6.....].m..D.6...?.n.20.,.#...S...JK..#.W.%.Z4.....i..CBf...../..z......n.N...U.....8t...ny...=.!..#..SF..e...1.P..@.Qx*.f.;..t..S.>..... F..)...@.Y..5j....x....vI.mM....Z.W..77...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):31083
                                                    Entropy (8bit):7.814202819173796
                                                    Encrypted:false
                                                    SSDEEP:384:0XbSq3W46TVZb5fOFo1HtZwGqtRT44hS+nyBoiuFgbA8E0GftpBjEcBFLrHRN7Ku:0XpOflfOFo1DMr/iuuA8Pi6cfKjW66b
                                                    MD5:89A9818E6658D73A73B642522FF8701F
                                                    SHA1:E66C95E957B74E90B444FF16D9B270ADAB12E0F4
                                                    SHA-256:F747DD8B79FC69217FA3E36FAE0AB417C1A0759C28C2C4F8B7450C70171228E6
                                                    SHA-512:321782B0B633380DA69BD7E98AA05BE7FA5D19A131294CC7C0A598A6A1A1AEF97AB1068427E4223AA30976E3C8246FF5C3C1265D4768FE9909B37F38CBC9E60D
                                                    Malicious:false
                                                    Preview:MSCF....[:......D...........................[:...?...................A..............CircleProcess.glox......A..........Content.inf......9.B[.....@*........!...(A.D..K.W.wwpwJj\.K\w...]...K.!.....@0..?,...}won`... ....&I..(;.....X.u..^.R..^......_:....W>f\....T...B..i`|q.....................i.5....(........0q7@.@..F...?A.`.....,L.......5.+../56..a`....1C5..9.*I.N.......@|<+./......... .ya....>l.,t.......y.y5...FF.,F..jCA...SA..H....8u.L..eM?.w8.......~^.Mr.[...(.._......u..+.......j..TJ.:<.3.X`...U.bz...[...r-...[...+..B.......}...\'.i...C.8.B_...c.8</..s.....VQ.Y..m.,.j~;y ...2.5.VQ...K..jP..2..r-...HA...."..9).7.....5.E._.wq.......!.+n+.f...s].4M'.1&...5....4..k..NV.M1.7`a..<.P4.|.mrd.i.R...u...............v.}..n\.C$.....[..2c.^..W..g..._.0.C.o....%.z.!.;.@y.`\..UO#i.)...Q...........L. .\:_..H.{.W...@...T.4..A.a...Wo?o$4.....#.V.s8M.Gh..p?A...Y.....)...........r|...!..o9...8..%#.[....;...3<Z...g....~.Z....,.(...qA.'x#..xC..@...HOuW.[.[....c.........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):20235
                                                    Entropy (8bit):7.61176626859621
                                                    Encrypted:false
                                                    SSDEEP:384:j3W3yGyjgbA8E0GftpBjEHvFLrHRN7pDAlI66Yv1:j3WFyAA8Pi6HVpDZ66c1
                                                    MD5:E3C64173B2F4AA7AB72E1396A9514BD8
                                                    SHA1:774E52F7E74B90E6A520359840B0CA54B3085D88
                                                    SHA-256:16C08547239E5B969041AB201EB55A3E30EAD400433E926257331CB945DFF094
                                                    SHA-512:7ED618578C6517ED967FB3521FD4DBED9CDFB7F7982B2B8437804786833207D246E4FCD7B85A669C305BE3B823832D2628105F01E2CF30B494172A17FC48576D
                                                    Malicious:false
                                                    Preview:MSCF............D................................?..................................BracketList.glox.................Content.inf....7r...[.... G.q..@...B.....?X!.A.......!........X..Vk.JK...Z..=......PD.....P....5...jp..+..T....b.)np5.7.....Zz........... ..!.....S......1....`....h......T?.Nq../......z....[..:..5f;....O...d.FxD...4...Z....[..a...w..W.[..P...5.]...6..."...+t].!...2\%%`Q.\..)...=>.)......a.$.2.,...2,.Lw.?..+..qf....h....T/B.....}T.E...'.%.....,.......X....b..gt.hPYc|.....a...j...=...{..a.`!8!..|...L.T..k..!,.R.z/W....{..,...+..w.m..sQ..7<x..B....?....\.)..l...d...}.....v..W.C..'=p1c.Z=.W.g.e....&wm..N,..K.T../.oV../=9.}.....".28...r.Q....dzj{....S...1m...x9_...2PXpa...Q.n.$z...c..SGq...k......}kPE..*...3.|.5A.>..6.......+)qCB....q....qNkGe...W]..o..Z...J.<.i......qq.8....q..BE.(...._h.U.\@3.F...KdO..=1j+....).*Q.|B..Z..%......LDYk....j.....{klDW..#CVy}...X..O!..}..s..&..DC.....tL.j..b.......[...n.'..1..Xc...9Q..gM.....n..3...v.....~.).
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 3400898 bytes, 2 files, at 0x4c "Insight design set.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 106 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):3417042
                                                    Entropy (8bit):7.997652455069165
                                                    Encrypted:true
                                                    SSDEEP:98304:1YYkj2mRz6vkkB15AW4QD0ms+FdniD60bDUpS:qYkj7d6vP7NZDLn+PM8
                                                    MD5:749C3615E54C8E6875518CFD84E5A1B2
                                                    SHA1:64D51EB1156E850ECA706B00961C8B101F5AC2FC
                                                    SHA-256:F2D2DF37366F8E49106980377D2448080879027C380D90D5A25DA3BDAD771F8C
                                                    SHA-512:A5F591BA5C31513BD52BBFC5C6CAA79C036C7B50A55C4FDF96C84D311CCDCF1341F1665F1DA436D3744094280F98660481DCA4AA30BCEB3A7FCCB2A62412DC99
                                                    Malicious:false
                                                    Preview:MSCF......3.....L.............................3..?..............j.....3.....t.4.............Insight design set.dotx.................Content.inf...QJ.N..[.........R.....L....N).J|E.B.$.B).3,...n.....JW....k.U1..M...3#.5....$^.....;vR...Z.nj...#......^*......a.{..(..o.v...!L`...T.-&jZ`.\.*0.....G.."b.m..F.X......$>%..?.D..H.l.j....$.......MrQ......q-....hx...6.D.3...j....n..U#R..3....sm?..xJr..............$G8..t.g...?.g.}......$P._...7.#..w..9DR....*lu....?..'.Ai..v.vl..`......B..N_....W./.;...c=oYW.lL'bv.......+...9.P..B=...*Y.SX=EL.5o....?H.e|.Fn.M[...d.v.....i......9..U..H....uq.Nrn..@..e...3....8.....s8}z..$........B....26...d..?.l....=.aeM.[..|n....H.;..7A.`....=.F...V.Y.l..8.........%e.x0S.....~..2..%.....U..#.r_.0V.v.6w.l.......Y.........v..o+....*sn.$^'.Il...akUU....w....~.....&8.Vwj.....Q.uQ..&..G.($.2.s.?m.B.~j.*..+G.W..qi..g..5.)){O........o.ow.(;.{...y;n...J...&.F2.@.;......[{'w..........`....czW.........?W...}..w....x..........
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):23597
                                                    Entropy (8bit):7.692965575678876
                                                    Encrypted:false
                                                    SSDEEP:384:y6aR//q0bJi/Uj+957G8E0GftpBj/4YOFLrHRN7LxhKll7PK/ph:y6I/Li/UjmVG8PiZ4YsLxh6Ih
                                                    MD5:7C645EC505982FE529D0E5035B378FFC
                                                    SHA1:1488ED81B350938D68A47C7F0BCE8D91FB1673E2
                                                    SHA-256:298FD9DADF0ACEBB2AA058A09EEBFAE15E5D1C5A8982DEE6669C63FB6119A13D
                                                    SHA-512:9F410DA5DB24B0B72E7774B4CF4398EDF0D361B9A79FBE2736A1DDD770AFE280877F5B430E0D26147CCA0524A54EA8B41F88B771F3598C2744A7803237B314B2
                                                    Malicious:false
                                                    Preview:MSCF............D................................?..................................pictureorgchart.glox.................Content.inf.W..y....[.............../.jC....U.CUUUTU.5...jjPU..MP....T..0*....o0.......Y.=....P.({.3.p..."pA!>r../3.q..7...........!...TO....(..%......6...3E?....~......CZmndse.Qy....p....h....=.:5...F..%.E.&.v.`I~. ..%._..b]..Y..Q..R.........nN.q8c..a..L..X/.M...PP.q..SpZ.K]>D"Pf..B.c....0..|I.Q.,.g/..Kev.../..=......w..}3.....(....+#T.....K`N.u..Z.....rriK.(...(...6.<R.%.]..NX..b..].C.u....++......Ia.x. .7....J.#............w>....7..R...H>....@%....~.yA.......~.UB..*. .P..$...-...v.....=M."....hw..b....{.....2pR....].C..u@=G."Y..;..gc/N.N.YB.Z.q.#....$....j.D.*.P..!.)S.{..c....&'E.lJ%.|O.a...FG.|.....A..h.=c7.)d.5...D...L...IQ..TTE.*NL-.*M..>..p0.`......m..,.w#rZ..wR\@.Wn..@Q...}..&...E...0K.NY....M.71..`.M./:.>..._L..m...,U.l....._fi...nj9..,..w.s.kJ.m.s.M.vmw.!.....B.s.%.-').h.....)c.l....F..`3r...-.....0..7..&N.....n.#H...<7
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 18672 bytes, 2 files, at 0x4c "APASixthEditionOfficeOnline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):34816
                                                    Entropy (8bit):7.840826397575377
                                                    Encrypted:false
                                                    SSDEEP:768:i3R9VYnIYfPYmqX0CnF1SRHVnLG8Pi61YbEIFO:ih9VjYfPYlk+F1SJxP71YbEIFO
                                                    MD5:62863124CDCDA135ECC0E722782CB888
                                                    SHA1:2543B8A9D3B2304BB73D2ADBEC60DB040B732055
                                                    SHA-256:23CCFB7206A8F77A13080998EC6EF95B59B3C3E12B72B2D2AD4E53B0B26BB8C3
                                                    SHA-512:2734D1119DC14B7DFB417F217867EF8CE8E73D69C332587278C0896B91247A40C289426A1A53F1796CCB42190001273D35525FCEA8BA2932A69A581972A1EF00
                                                    Malicious:false
                                                    Preview:MSCF.....H......L............................H...?...................G......................APASixthEditionOfficeOnline.xsl.H...............Content.inf..h;.....[...Q..\..3S.5..oVP!i/Z.Ls...]q$...xY..+W.qm..B..y/.5.s..x$../K./.x.$.....}.......\........LNf..Hd.&."Ip.L.Mr-@.D..kW~i...^.....F.....T.U....../..0..2.{.q.T.`'{.00.{.B...>.R..2....1.~_.f..s...........~....~[..v..w..v....$[K.r$#[6...d;[...#.9.-...G..Z..eAR.0")%JI?&....$..$.H..$(........f.> k....hP...p...!j.T......l7..../3..(2^V...#..T9...3.@[0...le:...........E....YP.\.....au1...\.S|..-.duN.Z..g.O......X8....1.....|,.f/..w.|Wk]zJz.g'./7h..+.....}............x....s.2Z\..W.{...O....W.{j.U..Q....uO=.p.M k.E.S{SUd.@....S.Syo8>......r......8..............Z?>.mUAg....?o....f.7..W.n...P..........d.S?...\..W`...c.ua..........#.Y...45...F(d.o\09^..[.}...BsT.SD..[l.8..uw.7l..S.9T.KR..o......V..]...M .....t.r...:P...M....4.F.....@..t.1t..S...k.2.|5...i.%H..<.J..*.0n.....lZ.....?.*?.~..O .)..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 27509 bytes, 2 files, at 0x4c "Equations.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):43653
                                                    Entropy (8bit):7.899157106666598
                                                    Encrypted:false
                                                    SSDEEP:768:+bjfeR1OOZvv439PlDe5/QzhgFSo0UEDmJwkqTA8Pi63Bsgn66w:IM3CN9ZzhFbUUwaP73BsB6w
                                                    MD5:DA3380458170E60CBEA72602FDD0D955
                                                    SHA1:1D059F8CFD69F193D363DA337C87136885018F0F
                                                    SHA-256:6F8FFB225F3B8C7ADE31A17A02F941FC534E4F7B5EE678B21CD9060282034701
                                                    SHA-512:17080110000C66DF2282FF4B8FD332467AF8CEFFA312C617E958FDFEBEE8EEA9E316201E8ABC8B30797BB6124A5CC7F649119A9C496316434B5AB23D2FBD5BB8
                                                    Malicious:false
                                                    Preview:MSCF....uk......L...........................uk...?...................j......r...............Equations.dotx.................Content.inf.94v..R..[..... .............v........." Vw.w..r.....D.V5.p...W......b;....\x.....f.-...............l.....L.F..*..@..BnF.I.....%1..0....&.X.......X-.\.\.>..A....@..:...N .G./.Sp.A0.0.`.....q....b... ......S.{K...V....J............>\....\.E.#.,$.hxu.F.Fo....<...{..6../..#..l>d...w...&...S.....L.].....^..L......;~l.......qw.o. .....v.u.W`.4Z.A.....dC..Q)9.c..qgtfJ..G.(.J....q4V.).mK4;..zY..b.5&....V...0X.].Z..U.Lx..^..:8XQh.....7yy.._5............c.W...c...xY..%..G.$....kg^.1g.9.....z^.'...q."..K)a[.pW .LS.:Q8.....2..._q.os....y...d11.*.m....8.,.^.4_?i.e.u.,....._y.....zZZA.D.D<..+....{....Sfnv...t.....0...vV..y.r..3..%.<.t......;.h.wh.-.g.>..5...R...........y..]^..R..<...>$~.'...kk.n..H.EN.eQ.Q.O./='....)t.l0,/].....FNN......?...&..'.eS....K.K.v".^L..x=.^......1x|....=}@...B.kq;_a..C.q?..Y9.v......Q..u.G..V.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 15327 bytes, 2 files, at 0x4c "sist02.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):31471
                                                    Entropy (8bit):7.818389271364328
                                                    Encrypted:false
                                                    SSDEEP:768:eNtFWk68dbr2QxbM971RqpzAA8Pi6TlHaGRA5yr:eNtEkpGSbuHAkP7TlHaGq54
                                                    MD5:91AADBEC4171CFA8292B618492F5EF34
                                                    SHA1:A47DEB62A21056376DD8F862E1300F1E7DC69D1D
                                                    SHA-256:7E1A90CDB2BA7F03ABCB4687F0931858BF57E13552E0E4E54EC69A27325011EA
                                                    SHA-512:1978280C699F7F739CD9F6A81F2B665643BD0BE42CE815D22528F0D57C5A646FC30AAE517D4A0A374EFB8BD3C53EB9B3D129660503A82BA065679BBBB39BD8D5
                                                    Malicious:false
                                                    Preview:MSCF.....;......L............................;...?...................;......g...............sist02.xsl.................Content.inf....!....[...=.rF..3U.5...g.i?..w.oY..If'.......Y.;.B.....Wo.{T.TA.~......8......u.p....@Q..k.?.....G....j.|*.*J69H.2.ee..23s..;3..i..L.,...0se.%J........%.....!.....qB...SC...GAu5.P..u7....:.|.$Fo............{.......v.v.g..{o....e.....m.JeRG..,.%.1..Lh.@8.i.....l.#.HB`B....C......D@....?....P?..................|.9..q.......9.n.....F...s,....3..Q..N......y......_i..9|.<w...'q.Tq...U.E.B...q.?.4..O(_O.A.......*jC.~.21.7.....u.C...]uc.....-.g.{C~9q.q.1.1...4..=.0.Z.^....'../....-.6.K.....K...A#.GR..t.@.{.O.......Q5..=....X...^...F3.e.E.Z..b+R..?Z..0T1.....gQz.&....%y=zx.f.....6-*...u.Rm..x<...?...!g@.}..).J...:*...9.s&.v..}..'...\..Sd..F...........kQr.....h..3..1....B...B{M...%O.59.\.#....s/.pE.:}...k_.P.>.zj....5|.9+....$M..L........(...@#.....N.....N.*..........E..7..R$.:9!r>7.....v...>..S.w....9..]..n.w.;&.W..<r\S....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 30269 bytes, 2 files, at 0x4c "Text Sidebar (Annual Report Red and Black design).docx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):46413
                                                    Entropy (8bit):7.9071408623961394
                                                    Encrypted:false
                                                    SSDEEP:768:WaxA0CH65GY3+fvCXCttfR8JEBrkquwDn+QV5V+vNWBatX/xG8Pi65sMuMjvU+mQ:hne65GYOfKXMSEBrBtDnzFAI4JxP75sM
                                                    MD5:C455C4BC4BEC9E0DA67C4D1E53E46D5A
                                                    SHA1:7674600C387114B0F98EC925BE74E811FB25C325
                                                    SHA-256:40E9AF9284FF07FDB75C33A11A794F5333712BAA4A6CF82FA529FBAF5AD0FED0
                                                    SHA-512:08166F6CB3F140E4820F86918F59295CAD8B4A17240C206DCBA8B46088110BDF4E4ADBAB9F6380315AD4590CA7C8ECDC9AFAC6BD1935B17AFB411F325FE81720
                                                    Malicious:false
                                                    Preview:MSCF....=v......L...........................=v...?..................5u......................Text Sidebar (Annual Report Red and Black design).docx.v...............Content.inf..C,.zd..[............... .w.....b...wwww]r..W\ww...... .hh...........o.nz.....Ku.7..-.oH...h;.N..#.._.D,}......!Q$..Un.tI11..$w.r3... ..p...=.1....""..n...*/....h.A...Y..c,.Q.,......",..b.1.w..$.....l../;..J.....~.. ....+.R#....7.-..1.x.feH.@.......u...(.DQ%.wL.N|.xh...R..#....C...'X.m.....I{W.....5.C.....\....z.Y.)w..i...%....M..n.p.....{..-G9..k.bT.6........7....).....6..ys.....R.e.....0.Xk`.3..X\xL..4J"#.f...:....r..2..Y.uW..052.n.+ ..o..o..f&u.v.&9y.P..6.K..in.DU.#.~....4i..6;.5.w..i...g.(....../..0*Vh...C..//....W..:w......7.6....]....4.*9...sL.0k...zHh..2N.H...*..]..(.x.:..........Y.+...-.....&.*^..Q.sW...v..w.....k.L.e.^.W4iFS..u.....l.g'...b~:Zm...S.2.|......5S..=.............l.../|....G|.9 ..#.q...W.Q...G=.."W..'.6....I....D._.{.g.47....V.1._..<?....m............)..T.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):20457
                                                    Entropy (8bit):7.612540359660869
                                                    Encrypted:false
                                                    SSDEEP:384:KyeISBuydn5rpmp77G8E0GftpBjE/kFLrHRN7ngslI66YVj:KHISBvd5rpmFG8Pi6/6nK666j
                                                    MD5:4EFA48EC307EAF2F9B346A073C67FCFB
                                                    SHA1:76A7E1234FF29A2B18C968F89082A14C9C851A43
                                                    SHA-256:3EE9AE1F8DAB4C498BD561D8FCC66D83E58F11B7BB4B2776DF99F4CDA4B850C2
                                                    SHA-512:2705644D501D85A821E96732776F61641FE82820FD6A39FFAF54A45AD126C886DC36C1398CDBDBB5FE282D9B09D27F9BFE7F26A646F926DA55DFF28E61FBD696
                                                    Malicious:false
                                                    Preview:MSCF............D................................?..................................chevronaccent.glox.................Content.inf..O.$N...[.........B.....?.....$Zy..Zkr...y<.....Di-.aVX/....h..-.~........#.../.Fz....T...p....A..eHMe[..p...=................f..../%o......F@..=..$.B!....}.0..g..^vlI......f.W.F...Nm..2`...)...,.HL4.nsl.F.ir.k..e.!^.j2.v.iT....t...*..!h..Y...2Q..-.x.,.Xj.U.cj,....9.....)..W..n3f.......(cH.D.4M.!.+..4..3r..y......|r..@.PD.R..#...F..nJAR..1{-.....u3..$..L.b+h....:lZ.>....q.?. ~l..^.%.m....a...cG.h.?.|.?7.'....b.G.4..'..A...o.Z...//..?...d..*.....C..Z.....]Yv.g.]..... .........]x.#=.../.7;R.j....G.....zq=O`[.'5g.D.u..)..../../.v.JmCW.da....3.f..C.z%...S=....;A.q.|....z.E.aRu........ k..J"+.f.S.@.........eD4....\0..t./U..%.H..........M:..U.......J...Z..H.DG..u^..D..P....`.^b.........`c......#.....c.?...#..C.V.&.'..f.'...f.[..F.O..a...&..{TiXg4; .X."..0...B.#..^..........N"..w.@f...gd.S..K.....E....ZR...;.twR>.z.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 15461 bytes, 2 files, at 0x4c "gostname.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):31605
                                                    Entropy (8bit):7.820497014278096
                                                    Encrypted:false
                                                    SSDEEP:384:7SpOUxgQ9gFodHZktfHa2TSmcAg76j8/xorK0JoZgbA8E0GftpBjE2PzFLrHRN7S:OngHltf7Bcp/xoB3A8Pi625D8RA54
                                                    MD5:69EDB3BF81C99FE8A94BBA03408C5AE1
                                                    SHA1:1AC85B369A976F35244BEEFA9C06787055C869C1
                                                    SHA-256:CEBE759BC4509700E3D23C6A5DF8D889132A60EBC92260A74947EAA1089E2789
                                                    SHA-512:BEA70229A21FBA3FD6D47A3DC5BECBA3EAA0335C08D486FAB808344BFAA2F7B24DD9A14A0F070E13A42BE45DE3FF54D32CF38B43192996D20DF4176964E81A53
                                                    Malicious:false
                                                    Preview:MSCF....e<......L...........................e<...?...................;......................gostname.xsl."...............Content.inf.[.......[...>..|..32.E..o`h....W.>.^...v..5...m.w.$.U..U......m.mu...'4....m`.9F.. ...I..PTS..O.D...GM#...#CUE.`.`%n..N...G,.~..+.6cv.L...G.m.Y..vy.....Yh9/.m,..wtw..;....Ka.a.{.\...'.....<X....%)...G..d......R./..4$..32..@....f.h....w..ov.}w..[.....{.v.......dr..&w#G..$3.zI&f..(C..L.z5J... .`...!.!4. ...!.` .$........w.J.X7.w_..@.w..f]=.C.....I-....s.s_.x...~..A... ...z...nM..;....Z....vt....6...~.w.....*x.g.h.T.J..-.3=....G.n..ti.A...s...j$.Bf..?......6.t.<j...>.."....&=BO?w.uN.o.t.-r..K....>C..^G..p...k...>.xZ.[fL..n.."].W#...|.i.0W.q.F: ..<#w......w....s....."...n.qu.../rI.....q....P~.B..|b?.N.}..MyO..q..:q.7..-~.xa.S...|.....X.....g.W.3.mo..yy.GG.s>....qy....r........#.F.P..A.......A....b.2..14.8.i6..w.S...v~{0z.<.Z...^!.;2mSV.i....{...U...+...r.;...h.++..T6.a...$....j5F+..1t....b......|.Q\d-.S..2... ......Y..A...s....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 16689 bytes, 2 files, at 0x4c "iso690.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):32833
                                                    Entropy (8bit):7.825460303519308
                                                    Encrypted:false
                                                    SSDEEP:768:+0TU06CkaUYMoi//YX428RaFA8Pi6e9iA4I3w:vICTm/QorUpP7eAA4I3w
                                                    MD5:205AF51604EF96EF1E8E60212541F742
                                                    SHA1:D436FE689F8EF51FBA898454CF509DDB049C1545
                                                    SHA-256:DF3FFF163924D08517B41455F2D06788BA4E49C68337D15ECF329BE48CF7DA2D
                                                    SHA-512:BCBA80ED0E36F7ABC1AEF19E6FF6EB654B9E91268E79CA8F421CB8ADD6C2B0268AD6C45E6CC06652F59235084ECDA3BA2851A38E6BCD1A0387EB3420C6EC94AC
                                                    Malicious:false
                                                    Preview:MSCF....1A......L...........................1A...?..................S@......v...............iso690.xsl.................Content.inf.B.9.....[...A.c...32.E...P..'.^}.f...ikMJ....m..s..U.w{m{{...}n.4........I. ..9..d..I.......P|....F...F.......&&J.:I.34......+*M3..4mr.........m.r..m)....dK.wiw...H,...r........y.$..Cu...L...dH.../..V......g.PG$R39...4O..............{w..^....c.m.m.o.....#..Fgs..6.....b....3.I..O....B..B..1h"....K|f .41......_..g.N.<.>........(....o3a.M)....J..}....-......8.......g.hm!r<...-..1.1....q.?....S.m...`L.g#.K.igv.].ghD....L...p5..?.......iP.[JS.J..?z~.T/.Q...E.K.......P+\LW.-.c..[9.n.7.....P...*[.A1....m...4h.9...N[....h5 n%k.~RR.*c..n..=...4....).eH.-./..>....*.r..S.*..dE.........pF..s.A..?...f..u.+.{..?>N.4].}Xb.M......y......'.2..'..........J4{r..r.3........5>..a0.>.u_.y@g....+y.yu--,ZdD.........5]3..'.s...|.....K.....T..G.G.e...)..\x..OM.g...`..j0......BfH...+.....:......l`.qU...;.@...",.."........>;P.B.^F...3!......Rx.9..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 15418 bytes, 2 files, at 0x4c "harvardanglia2008officeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):31562
                                                    Entropy (8bit):7.81640835713744
                                                    Encrypted:false
                                                    SSDEEP:384:yhsBScEWkrljntbzuMmWh7ezPnGgbA8E0GftpBjohgsRFLrHRN7ybll7PK/p:MsBScwtnBmWNeTzA8PiuWsvyDI
                                                    MD5:1D6F8E73A0662A48D332090A4C8C898F
                                                    SHA1:CF9AD4F157772F5EDC0FDDEEFD9B05958B67549C
                                                    SHA-256:8077C92C66D15D7E03FBFF3A48BD9576B80F698A36A44316EABA81EE8043B673
                                                    SHA-512:5C03A99ECD747FBC7A15F082DF08C0D26383DB781E1F70771D4970E354A962294CE11BE53BECAAD6746AB127C5B194A93B7E1B139C12E6E45423B3A509D771FC
                                                    Malicious:false
                                                    Preview:MSCF....:<......L...........................:<...?..................D;.......V..............harvardanglia2008officeonline.xsl.L...............Content.inf.Vu......[...E..o..3D.5..nF.A..+.e.....6r..f........M3...-.s.m.... $r.b.!.q!.....G...0.\.......fd......%m...'1Y..f..O...*.#.P.,{..m...|..ww.{.m...f...n%...,..y...0y...8.Q...`.../.q....a...',.V......8.7..8t..................6.]..6..nw..ynm..-l.Y..,.I?..$....+b9$E!S@"..) .4........H...lA...@!a.F.l$..0#!.....n&.5j.t+..1f|.+....E.zDk.l8.+<q.^.........\5.l..iT.9...........Y..6.^,.o.bn.E*5w..s.../...W.gS..j9..'W.F......].4\Mzz..Td..Ho..~.Q...Z..D..O.JP..m..s.j.:..........y._.....#.*.rD....60.\!y........p.o3,..Ub,......[[L.{.5.....5.7UDB9.{;;g.z.z..jM.G.MY.oe.....(r..B6..CV.7Fl.Z/....-.O.vY.c...-..........b.T)3.u..f~x2.?.8.g.x.-.....Qt_...$e.l..jtP..b....h..*.sW0.`.....c...F_....t.........LC..*5I.X$^.;&....#.._\J..........;..wP..wX.qy.qs...}46..fK.XN.&0........k1....8...............'t.......}.......O_.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 19375 bytes, 2 files, at 0x4c "turabian.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):35519
                                                    Entropy (8bit):7.846686335981972
                                                    Encrypted:false
                                                    SSDEEP:768:2LFougzHaUdBKUsM+Z56zBjA8Pi6bo+ld8IX:MFodzHaULR9P7bo+l6IX
                                                    MD5:53EE9DA49D0B84357038ECF376838D2E
                                                    SHA1:AB03F46783B2227F312187DD84DC0C517510DE20
                                                    SHA-256:9E46B8BA0BAD6E534AF33015C86396C33C5088D3AE5389217A5E90BA68252374
                                                    SHA-512:751300C76ECE4901801B1F9F51EACA7A758D5D4E6507E227558AAAAF8E547C3D59FA56153FEA96B6B2D7EB08C7AF2E4D5568ACE7E798D1A86CEDE363EFBECF7C
                                                    Malicious:false
                                                    Preview:MSCF.....K......L............................K...?...................J.......@..............turabian.xsl."...............Content.inf._.......[...T.....C4.5...E0B.]...+.-f....rc.[52.$...a..I....{z...`hx.r...!.. $...l..\....#3EF..r..c;<p...&n.\b..K..0Y..c+.2...i..B..wwY..77,...........}.q.C.......n..,.....prrx.QHy.B#..,.'....3....%1.``..hf...~...[.[n.v.s..y.vw....;..s.G293G&H....$E......m.&^..iy/.4.C...D...".(H&..&.I4._...!...... ........q.k1.d.....qc.3.c.....;.5.......y}...}&...+.WAN.,zVY.Q....V.Tz........g..H..c...E2jY...4g?.yf<....V.M.s.$..k.Id....+..?..._.\.s.k..9..I%;.yWQ..S..]..*.n<.7........=......"Q.*E.....MG..j.Yt..!U....Q.j...v.h-.~b..e&.......;...\.....:.....=..Xv1&q........6\...xw.%*.VdS..H...o...s.....+..%[../>.t..I....F.....".G|.....=....[..S..3..a.C.ZZ...tK.6N..b........)>........I..m..QE.M.nv.MVl.....vCG>,.suP.gqo.rr....J`m....J.b..},[F*....e.A.]..r....C4.?JJs6..l.].9...Q.B.~.......\d%.X ...8A....rH....&?#...^.....4.h.{>
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):22008
                                                    Entropy (8bit):7.662386258803613
                                                    Encrypted:false
                                                    SSDEEP:384:M7FUtfIdqSHQs7G8E0GftpBjED/C4RQrFLrHRN7TT8DlvQyUTL2mH:sWgdqR2G8Pi6D6YQZTTMvU+mH
                                                    MD5:ABBF10CEE9480E41D81277E9538F98CB
                                                    SHA1:F4EA53D180C95E78CC1DA88CD63F4C099BF0512C
                                                    SHA-256:557E0714D5536070131E7E7CDD18F0EF23FE6FB12381040812D022EC0FEE7957
                                                    SHA-512:9430DAACF3CA67A18813ECD842BE80155FD2DE0D55B7CD16560F4AAEFDA781C3E4B714D850D367259CAAB28A3BF841A5CB42140B19CFE04AC3C23C358CA87FFB
                                                    Malicious:false
                                                    Preview:MSCF............D................................?..................................architecture.glox.................Content.inf..q5.^...[.....0y......../..CL.C5.Q..U5g.z....UUUMPC...C..P....T.....=..s..4c...-3H..E...2..2*..T...../.i.;$..............%...................'h.........#0.......[........c.h.....O...%.61...[.J..:.,^....W.]$..u...N.R.....H.......:%I.g5Kd.n6...W2.#.UL..h.8NN../.P...H.;@.N.F...v."h..K.....~.....8...{.+...&.#A.Q'..A.....[NJ.X.....|.|.G5...vp.h.p..1.....-...gECV.,o{6W.#L....4v..x..z..)[.......T.....BQ.pf..D.}...H....V..[._.'.......3..1....?m..ad..c(K.......N.N.6F%.m......9...4..]?...l6..).\p;w.s....@...I%H.....;\...R......f...3~:C...A..x....X...>...:~.+..r@..."......I..m.y..)F.l..9...6....m...=..Q.F.z..u......J].{WX...V.Z.b.A0B..!....~.;Z.....K.`c..,X.MFz....].Q.2.9..L."...]...6...JOU..6...~../......4A.|.......i.LKrY...2.R.o..X.\....0.%......>H.....8.z..^....5d|...4|...C......R28.E......a....e...J.S..Ng.]<&..mm
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                    Category:dropped
                                                    Size (bytes):26944
                                                    Entropy (8bit):7.7574645319832225
                                                    Encrypted:false
                                                    SSDEEP:384:sbUX16g8/atF4NB3TJOvqeMRD/8svIZj/OwgbA8E0GftpBjEYwFLrHRN7mYll7PY:sbhg8yY4nMZK2hA8Pi6Yum4IVR
                                                    MD5:F913DD84915753042D856CEC4E5DABA5
                                                    SHA1:FB1E423C8D09388C3F0B6D44364D94D786E8CF53
                                                    SHA-256:AA03AFB681A76C86C1BD8902EE2BBA31A644841CE6BCB913C8B5032713265578
                                                    SHA-512:C48850522C809B18208403B3E721ABEB1187F954045CE2F8C48522368171CC8FAF5F30FA44F6762AFDE130EC72284BB2E74097A35FE61F056656A27F9413C6B6
                                                    Malicious:false
                                                    Preview:MSCF....0*......D...........................0*...?..................t,..............ConvergingText.glox.....t,..........Content.inf..C..)t-[.....@.........=...xxA. ...E^....x.x.^.......x..^^...DF.......s..d.P.....5.;..]...2.t.w.....O9.G..;.'.T....@I.,.q.u.3..P...9... ....`J.......g.(....).,.h0.....$.3..;.._.....~.de.jj.....U..K.0....`.@.H.1.x.Z.@..q....?....x.wW.....+am8A".....I..)..]...s..-z.2S+|.Cb.t6f],.n.LV......OVg....O.at|..-..x.....:....]s...u..g}.P..v.3....^.".%..%...#.2.....l00...n.......r8.p.....^.....n.)..,..t.^$b...b.q.W...F..R...n.-.+..'........Aw=._OwH....8.:s..{.#..{N.hW..`.._........Wy....>U.?....-.8tg...=..y..@.,.v|......l...t..l#{...H....9..|......~...De..#@y.&K....U...q.c.zK..D.<pV.....Ql..&Y...=#...w....r.`#2....Ug.J(..T...KmW.@...!....j:......M......!..E.7#s.t..F.aU..N....-.i......|w.lr..G.n.,.......=Kl.-m.?F.....v]?.......{q.U.t...<.|..u.....3R.`.t.T.>;v.....KQ...S...7..1...N.kN.y.)v.....3H:..D.{.+.(......u..^W&.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:GIF image data, version 89a, 15 x 15
                                                    Category:dropped
                                                    Size (bytes):663
                                                    Entropy (8bit):5.949125862393289
                                                    Encrypted:false
                                                    SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                                                    MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                                    SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                                    SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                                    SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                                    Malicious:false
                                                    Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):30
                                                    Entropy (8bit):1.2389205950315936
                                                    Encrypted:false
                                                    SSDEEP:3:nRnlj:
                                                    MD5:7B72C0030FAF2FEBEB5B34BB3B3AAB23
                                                    SHA1:C83FC400623AA314C6BA60F10EACD661CF75BC4C
                                                    SHA-256:514E3B85B7DEF996D5380A75F1A58262BEB028B07B6FAC2877BB56196D8E91DB
                                                    SHA-512:0DD62BD20EB4C35237833408E8338EA5AF1CE3C90A9FF362C943A2DB0CB593CCE68DE65E86B6C15B3D6E92D6B9E261DD95EA47246F5152263A7339D628079C57
                                                    Malicious:false
                                                    Preview:..............................
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Oct 4 11:02:33 2023, mtime=Wed Nov 20 07:33:06 2024, atime=Wed Nov 20 07:32:59 2024, length=498193, window=hide
                                                    Category:dropped
                                                    Size (bytes):565
                                                    Entropy (8bit):4.688287661784987
                                                    Encrypted:false
                                                    SSDEEP:12:8prBZb1BssL61+34jAjvv2T0laQ+30pLrBmV:8RB1zsqv3cAjv+T0C30pLrBm
                                                    MD5:DAFDD032AA21910B60D0B84946BA49CC
                                                    SHA1:B5256965769BD271D2754A76FA0C3B63955D9404
                                                    SHA-256:0AA2263A22B501413A918D2589FF0DD9F1F1FF79F5C945076B1372346D3771EC
                                                    SHA-512:AF6FDB12438366CE372480014E7B7E64B0BB3AA1BDE0DE3C87C0C53FF6EB931201191175A7D35B8CDA05B4B6AD9F45D9AB1E9148D94B6CD679406204E7067ABF
                                                    Malicious:false
                                                    Preview:L..................F.... ....t........h.&;.....&;............................~.2.....tY D .020240~1.DOC..b......DWQ`tY D...........................&..0.2.0.2.4.0.4.1.8.1.2.4.3.3.1...d.o.c.x...d.o.c.......^...............-.......]............F.......C:\Users\user\Desktop\020240418124331.docx.doc../.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.0.2.0.2.4.0.4.1.8.1.2.4.3.3.1...d.o.c.x...d.o.c.`.......X.......123716...........hT..CrF.f4... .R.T..b...,.......hT..CrF.f4... .R.T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Nov 20 07:33:01 2024, mtime=Wed Nov 20 07:34:18 2024, atime=Wed Nov 20 07:34:18 2024, length=0, window=hide
                                                    Category:dropped
                                                    Size (bytes):1164
                                                    Entropy (8bit):4.6683633900955
                                                    Encrypted:false
                                                    SSDEEP:24:8lJGLog6FKrO16L84fTvQAAmuTqTjpL+AVqyFm:8lYLog6sac84jduTgjAyF
                                                    MD5:70DF3C3AC3FCB75495078E773E90709F
                                                    SHA1:11AC5DCA4E6E72103436216F6116DB8CF1733512
                                                    SHA-256:920492458D2DE1C9D6B7F360320EF2E3028BC2E005D0CBC5DFDF35A47A93A1DE
                                                    SHA-512:F97146FCDD76192E4F5E5FB4FDF2A7337E36A9CFD517288902F9F75E2FE82F6ED906D0F50FA55F12B94D809BBABAD219C1AA83B0A2299DBB792CF96D76D3A8AB
                                                    Malicious:false
                                                    Preview:L..................F...........&;...?..&;...6..&;..........................[....P.O. .:i.....+00.../C:\...................x.1.....CW;^..Users.d......OwHtY.D....................:.....K...U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....tY.D..user.<......CW.^tY.D..............................j.o.n.e.s.....V.1.....CW.^..AppData.@......CW.^tY.D...........................%..A.p.p.D.a.t.a.....V.1.....tY.D..Roaming.@......CW.^tY.D...........................G..R.o.a.m.i.n.g.....\.1.....tY$D..MICROS~1..D......CW.^tY$D..............................M.i.c.r.o.s.o.f.t.....\.1.....tYJD..TEMPLA~1..D......tY!DtYJD..............................T.e.m.p.l.a.t.e.s.......a...............-.......`............F.......C:\Users\user\AppData\Roaming\Microsoft\Templates........\.....\.T.e.m.p.l.a.t.e.s...........................>.e.L.:..er.=....`.......X.......123716...........hT..CrF.f4... ./.......,.......hT..CrF.f4... ./.......,..................1SPS.XF.L8C....&.m.q............/...S
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Generic INItialization configuration [folders]
                                                    Category:dropped
                                                    Size (bytes):91
                                                    Entropy (8bit):4.591125448305807
                                                    Encrypted:false
                                                    SSDEEP:3:M1VFmWXGK6Sm4+WXGK6SpnbJlv:MdmW2K6rW2K6Av
                                                    MD5:9C122D86F66C985E5149AE90717B395B
                                                    SHA1:E08A24E25B5746F0FCF31878A658C9D7DBBBA97F
                                                    SHA-256:1E9006C83210916EF969A4F5C16CDC53EC0820931A958899CBD568CE7CF7A5D7
                                                    SHA-512:C799DA5CA5FB0B1A136678A3D37B54D58762BB2B73ABF510011901D78239E50E8ED7FEA677F81229B1E6AEA820C4B9B7864D80FBB4E90BA070CE10EF44DF44AF
                                                    Malicious:false
                                                    Preview:[doc]..020240418124331.docx.LNK=0..[folders]..020240418124331.docx.LNK=0..Templates.LNK=0..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):562113
                                                    Entropy (8bit):7.67409707491542
                                                    Encrypted:false
                                                    SSDEEP:12288:/dy5Gtyp/FZ9QqjdxDfSp424XeavSktiAVE0:/dizp1ndpqpMZnV
                                                    MD5:4A1657A3872F9A77EC257F41B8F56B3D
                                                    SHA1:4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B
                                                    SHA-256:C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
                                                    SHA-512:7A2932639E06D79A5CE1D3C71091890D9E329CA60251E16AE4095E4A06C6428B4F86B7FFFA097BF3EEFA064370A4D51CA3DF8C89EAFA3B1F45384759DEC72922
                                                    Malicious:false
                                                    Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):1649585
                                                    Entropy (8bit):7.875240099125746
                                                    Encrypted:false
                                                    SSDEEP:24576:L368X6z95zf5BbQ6U79dYy2HiTIxRboyM/LZTl5KnCc:r68kb7UTYxGIxmnp65
                                                    MD5:35200E94CEB3BB7A8B34B4E93E039023
                                                    SHA1:5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D
                                                    SHA-256:6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD
                                                    SHA-512:ED80CEE7C22D10664076BA7558A79485AA39BE80582CEC9A222621764DAE5EFA70F648F8E8C5C83B6FE31C2A9A933C814929782A964A47157505F4AE79A3E2F9
                                                    Malicious:false
                                                    Preview:PK..........1A..u._....P......[Content_Types].xml..Ms.@.....!...=.7....;a.h.&Y..l..H~..`;...d..g/..e..,M..C...5...#g/."L..;...#. ]..f...w../._.2Y8..X.[..7._.[...K3..#.4......D.]l.?...~.&J&....p..wr-v.r.?...i.d.:o....Z.a|._....|.d...A....A".0.J......nz....#.s.m.......(.]........~..XC..J......+.|...(b}...K!._.D....uN....u..U..b=.^..[...f...f.,...eo..z.8.mz....."..D..SU.}ENp.k.e}.O.N....:^....5.d.9Y.N..5.d.q.^s..}R...._E..D...o..o...o...f.6;s.Z]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...S.....0.zN.... ...>..>..>..>..>..>..>........e...,..7...F(L.....>.ku...i...i...i...i...i...i...i........yi.....G...1.....j...r.Z]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o|^Z....Q}.;.o...9.Z..\.V...............................jZ......k.pT...0.zN.... ...>..>..>..>..>..>..>........e...,..7...f(L.....>.ku...i...i...i...i...i...i...i........yi.......n.....{.._f...0...PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):558035
                                                    Entropy (8bit):7.696653383430889
                                                    Encrypted:false
                                                    SSDEEP:12288:DQ/oYjRRRRRRRRYcdY/5ASWYqBMp8xsGGEOzI7vQQwOyP:DQ/nRRRRRRRRxY/5JWYZ3GGbI8YA
                                                    MD5:3B5E44DDC6AE612E0346C58C2A5390E3
                                                    SHA1:23BCF3FCB61F80C91D2CFFD8221394B1CB359C87
                                                    SHA-256:9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2
                                                    SHA-512:2E63419F272C6E411CA81945E85E08A6E3230A2F601C4D28D6312DB5C31321F94FAFA768B16BC377AE37B154C6869CA387005693A79C5AB1AC45ED73BCCC6479
                                                    Malicious:false
                                                    Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):570901
                                                    Entropy (8bit):7.674434888248144
                                                    Encrypted:false
                                                    SSDEEP:6144:D2tTXiO/3GH5SkPQVAqWnGrkFxvay910UUTWZJarUv9TA0g8:kX32H+VWgkFxSgGTmarUv9T
                                                    MD5:D676DE8877ACEB43EF0ED570A2B30F0E
                                                    SHA1:6C8922697105CEC7894966C9C5553BEB64744717
                                                    SHA-256:DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
                                                    SHA-512:F40BADA680EA5CA508947290BA73901D78DE79EAA10D01EAEF975B80612D60E75662BDA542E7F71C2BBA5CA9BA46ECAFE208FD6E40C1F929BB5E407B10E89FBD
                                                    Malicious:false
                                                    Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):523048
                                                    Entropy (8bit):7.715248170753013
                                                    Encrypted:false
                                                    SSDEEP:6144:WfmDdN6Zfv8q5rnM6vZ02PtMZRkfW5ipbnMHxVcsOWrCMxy0sD/mcKb4rYEY:xDdQXBrMi2YtggW5ObnMH1brJpUmBU0N
                                                    MD5:C276F590BB846309A5E30ADC35C502AD
                                                    SHA1:CA6D9D6902475F0BE500B12B7204DD1864E7DD02
                                                    SHA-256:782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
                                                    SHA-512:B85165C769DFE037502E125A04CFACDA7F7CC36184B8D0A54C1F9773666FFCC43A1B13373093F97B380871571788D532DEEA352E8D418E12FD7AAD6ADB75A150
                                                    Malicious:false
                                                    Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):3078052
                                                    Entropy (8bit):7.954129852655753
                                                    Encrypted:false
                                                    SSDEEP:49152:bSEjlpY8skyFHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9Hu:bfp5sksA3cimUVxV05aJE2fKaDOXdN9O
                                                    MD5:CDF98D6B111CF35576343B962EA5EEC6
                                                    SHA1:D481A70EC9835B82BD6E54316BF27FAD05F13A1C
                                                    SHA-256:E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734
                                                    SHA-512:95C352869D08C0FE903B15311622003CB4635DE8F3A624C402C869F1715316BE2D8D9C0AB58548A84BBB32757E5A1F244B1014120543581FDEA7D7D9D502EF9C
                                                    Malicious:false
                                                    Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):777647
                                                    Entropy (8bit):7.689662652914981
                                                    Encrypted:false
                                                    SSDEEP:6144:B04bNOJMngI856k0wwOGXMaXTLaTDmfBaN2Tx9iSUk1PdSnc0lnDlcGMcEFYYYYt:xbY6ngI46Aw5dmyYYYYYYYYY7p8d
                                                    MD5:B30D2EF0FC261AECE90B62E9C5597379
                                                    SHA1:4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3
                                                    SHA-256:BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
                                                    SHA-512:2E728408C20C3C23C84A1C22DB28F0943AAA960B4436F8C77570448D5BEA9B8D53D95F7562883FA4F9B282DFE2FD07251EEEFDE5481E49F99B8FEDB66AAAAB68
                                                    Malicious:false
                                                    Preview:PK.........V'B.._<....-.......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):924687
                                                    Entropy (8bit):7.824849396154325
                                                    Encrypted:false
                                                    SSDEEP:12288:lsadD3eLxI8XSh4yDwFw8oWR+6dmw2ZpQDKpazILv7Jzny/ApcWqyOpEZULn:qLxI8XSh4yUF/oWR+mLKpYIr7l3ZQ7n
                                                    MD5:97EEC245165F2296139EF8D4D43BBB66
                                                    SHA1:0D91B68CCB6063EB342CFCED4F21A1CE4115C209
                                                    SHA-256:3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C
                                                    SHA-512:8594C49CAB6FF8385B1D6E174431DAFB0E947A8D7D3F200E622AE8260C793906E17AA3E6550D4775573858EA1243CCBF7132973CD1CF7A72C3587B9691535FF8
                                                    Malicious:false
                                                    Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):966946
                                                    Entropy (8bit):7.8785200658952
                                                    Encrypted:false
                                                    SSDEEP:24576:qBcvGBGhXQir6H1ws6+iU0YuA35VuinHX2NPs:ccvGBGdQ5CsMxQVj3yPs
                                                    MD5:F03AB824395A8F1F1C4F92763E5C5CAD
                                                    SHA1:A6E021918C3CEFFB6490222D37ECEED1FC435D52
                                                    SHA-256:D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD
                                                    SHA-512:0241146B63C938F11045FB9DF5360F63EF05B9B3DD1272A3E3E329A1BFEC5A4A645D5472461DE9C06CFE4ADB991FE96C58F0357249806C341999C033CD88A7AF
                                                    Malicious:false
                                                    Preview:PK..........1A.......F`......[Content_Types].xml..n.@.._.y.ac $..,........-..g@.u.G.+t.:........D1...itgt>...k..lz;].8Kg^....N.l..........0.~}....ykk.A`..N..\...2+.e.c..r..P+....I.e.......|.^/.vc{......s..z....f^...8...'.zcN&.<....}.K.'h..X..y.c.qnn.s%...V('~v.W.......I%nX`.....G.........r.Gz.E..M.."..M....6n.a..V.K6.G?Qqz..............\e.K.>..lkM...`...k.5...sb.rbM8..8..9..pb..R..{>$..C.>......X..iw.'..a.09CPk.n...v....5n..Uk\...SC...j.Y.....Vq..vk>mi......z..t....v.]...n...e(.....s.i......]...q.r....~.WV/.j.Y......K..-.. Z..@.\.P..W...A..X8.`$C.F(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........c..0F...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP..........(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-.............0A...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP.........w(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........T..GI..~.....~....PK..........1A.s@.....O......._rels/.rels...J.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):1204049
                                                    Entropy (8bit):7.92476783994848
                                                    Encrypted:false
                                                    SSDEEP:24576:+3zSQBxvOUIpHLYTCEmS1Wu09jRalJP3sdgnmAOFt0zU4L0MRx5QNn5:+bvI5UTCPu09qP3JPOFoR4N5
                                                    MD5:FD5BBC58056522847B3B75750603DF0C
                                                    SHA1:97313E85C0937739AF7C7FC084A10BF202AC9942
                                                    SHA-256:44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F
                                                    SHA-512:DBD72827044331215A7221CA9B0ECB8809C7C79825B9A2275F3450BAE016D7D320B4CA94095F7CEF4372AC63155C78CA4795E23F93166D4720032ECF9F932B8E
                                                    Malicious:false
                                                    Preview:PK..........1A..d T....P......[Content_Types].xml..Ms.@.....!...=.7....kX 5o.,L..<..........d..g/..dw.]...C...9...#g/."L..;...#. ]..f...w../._.3Y8..X.[..7._.[...K3..3.4......D.]l.?...~.&J&...s...;...H9...e.3.q.....k-.0>Lp:.7..eT...Y...P...OVg.....G..).aV...\Z.x...W.>f...oq.8.....I?Ky...g..."...J?....A$zL.].7.M.^..\....C..d/;.J0.7k.X4.e..?N{....r.."LZx.H?. ......;r.+...A<.;U.....4...!'k...s.&..)'k...d..d......._E..D...o..o...o...f.7;s..]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...s.....0..O.... ...>..>..>..>..>..>..>.........2V}......Q}#.&T...rU....\..\..\..\..\..\..\..\.W..W.^Z....Q}c;.o...>.Z..\.v...............................*Z....K.X.5X8.obG.MP.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.M.).....j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oZ/-c..`....7CaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,...|...].k.........PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):486596
                                                    Entropy (8bit):7.668294441507828
                                                    Encrypted:false
                                                    SSDEEP:6144:A+JBmUx0Zo24n8z/2NSYFl2qGBuv8p6+LwwYmN59wBttsdJrmXMlP1NwQoGgeL:fNgxz/g5z2BT6+Eu0ntMcczNQG5L
                                                    MD5:0E37AECABDB3FDF8AAFEDB9C6D693D2F
                                                    SHA1:F29254D2476DF70979F723DE38A4BF41C341AC78
                                                    SHA-256:7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
                                                    SHA-512:DE6AFE015C1D41737D50ADD857300996F6E929FED49CB71BC59BB091F9DAB76574C56DEA0488B0869FE61E563B07EBB7330C8745BC1DF6305594AC9BDEA4A6BF
                                                    Malicious:false
                                                    Preview:PK.........V'BE,.{....#P......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):976001
                                                    Entropy (8bit):7.791956689344336
                                                    Encrypted:false
                                                    SSDEEP:24576:zHM7eZGgFiHMRej4N9tpytNZ+tIw5ErZBImlX0m:zHM7eZGgFiHMRej++NZ+F5WvllZ
                                                    MD5:9E563D44C28B9632A7CF4BD046161994
                                                    SHA1:D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11
                                                    SHA-256:86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86
                                                    SHA-512:8EB14A1B10CB5C7607D3E07E63F668CFC5FC345B438D39138D62CADF335244952FBC016A311D5CB8A71D50660C49087B909528FC06C1D10AF313F904C06CBD5C
                                                    Malicious:false
                                                    Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):1463634
                                                    Entropy (8bit):7.898382456989258
                                                    Encrypted:false
                                                    SSDEEP:24576:75MGNW/UpLkupMAqDJhNHK4/TuiKbdhbZM+byLH/:7ZwUpLkulkHK46iiDZHeLH/
                                                    MD5:ACBA78931B156E4AF5C4EF9E4AB3003B
                                                    SHA1:2A1F506749A046ECFB049F23EC43B429530EC489
                                                    SHA-256:943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878
                                                    SHA-512:2815D912088BA049F468CA9D65B92F8951A9BE82AB194DBFACCF0E91F0202820F5BC9535966654D28F69A8B92D048808E95FEA93042D8C5DEA1DCB0D58BE5175
                                                    Malicious:false
                                                    Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):2218943
                                                    Entropy (8bit):7.942378408801199
                                                    Encrypted:false
                                                    SSDEEP:49152:8mwK3gH/l4hM06Wqnnl1IdO9wASFntrPEWNe7:863gHt4hM9WWnMdO9w35PEWK
                                                    MD5:EE33FDA08FBF10EF6450B875717F8887
                                                    SHA1:7DFA77B8F4559115A6BF186EDE51727731D7107D
                                                    SHA-256:5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20
                                                    SHA-512:AED6E11003AAAACC3FB28AE838EDA521CB5411155063DFC391ACE2B9CBDFBD5476FAB2B5CC528485943EBBF537B95F026B7B5AB619893716F0A91AEFF076D885
                                                    Malicious:false
                                                    Preview:PK.........{MBS'..t...ip......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.._..w._..w._..w._..w._..w._..w.n..Ofu.-..K.e........T..q.F...R[...~.u.....Z..F....7.?.v....5O....zot..i.....b...^...Z...V...R...N...r./.?........=....#.`..\~n.n...)J./.......7........+......Q..]n............w......Ft........|......b...^...Z...V...R...N..W<x......l._...l..?.A......x....x.9.|.8..............u................w#.....nD..]...........R.......R.......R........o...].`.....A....#.`..\.....+J./.......7........+......Q..]n.........w9~7......Ft........|......b...^.c..-...-...-
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):1750795
                                                    Entropy (8bit):7.892395931401988
                                                    Encrypted:false
                                                    SSDEEP:24576:DyeAqDJpUDH3xk8ZKIBuX3TPtd36v4o5d4PISMETGBP6eUP+xSeW3v0HKPsc:uRqUjSTPtd36AFDM/BP6eUeW3v0Fc
                                                    MD5:529795E0B55926752462CBF32C14E738
                                                    SHA1:E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF
                                                    SHA-256:8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05
                                                    SHA-512:A51F440F1E19C084D905B721D0257F7EEE082B6377465CB94E677C29D4E844FD8021D0B6BA26C0907B72B84157C60A3EFEDFD96C16726F6ABEA8D896D78B08CE
                                                    Malicious:false
                                                    Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):2924237
                                                    Entropy (8bit):7.970803022812704
                                                    Encrypted:false
                                                    SSDEEP:49152:mc4NEo4XNd5wU5qTkdC4+K9u5b/i40RKRAO/cLf68wy9yxKrOUURBgmai2prH:mJef5yTSoKMF//DRGJwLx9DBaH
                                                    MD5:5AF1581E9E055B6E323129E4B07B1A45
                                                    SHA1:B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD
                                                    SHA-256:BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98
                                                    SHA-512:11BFEF500DAEC099503E8CDB3B4DE4EDE205201C0985DB4CA5EBBA03471502D79D6616D9E8F471809F6F388D7CBB8B0D0799262CBE89FEB13998033E601CEE09
                                                    Malicious:false
                                                    Preview:PK.........{MB.$<.~....p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^.......H^..<}...lA-.D.....lI/...hD.Z....|VM..ze........L..tU...g....lQ....Y...>MI...5-....S......h=..u.h..?;h...@k...h...'Z...D...;.....h=..'Z...D...;.....)^./.../U.../..../U.../..../U..?...'.........Ngz..A.~.8.#D....xot.u.?...eyot.n..{..sk....[......Z..F....l...o)..o..o...oi..o)..o..,..b.s......2.C.z.~8.......f......x.9.|.8..............u................r.nD..]...........w.~7...-...-...-...-...-...-....x.&l........>.4.z.~8..........=E....As.1..q. 9....w.7...1........w.}7......Ft...................o)..o..o...oi..o)..o..w.7a...x0...........d0..............A.......Fl.............Ft................w#...r.nD..]..M...K1.0..7....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):2357051
                                                    Entropy (8bit):7.929430745829162
                                                    Encrypted:false
                                                    SSDEEP:49152:tfVcGO3JiR6SgT7/bOCrKCsaFCX3CzwovQTSwW8nX:pVcG2iRedsaoXSzeOwWEX
                                                    MD5:5BDE450A4BD9EFC71C370C731E6CDF43
                                                    SHA1:5B223FB902D06F9FCC70C37217277D1E95C8F39D
                                                    SHA-256:93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50
                                                    SHA-512:2365A9F76DA07D705A6053645FD2334D707967878F930061D451E571D9228C74A8016367525C37D09CB2AD82261B4B9E7CAEFBA0B96CE2374AC1FAC6B7AB5123
                                                    Malicious:false
                                                    Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):3611324
                                                    Entropy (8bit):7.965784120725206
                                                    Encrypted:false
                                                    SSDEEP:49152:ixc1kZBIabo4dTJyr3hJ50gd9OaFxTy+1Nn/M/noivF0po3M0h0Vsm:ixcaAabT83hJLdoaFxTygxcoiX3M0iCm
                                                    MD5:FB88BFB743EEA98506536FC44B053BD0
                                                    SHA1:B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537
                                                    SHA-256:05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF
                                                    SHA-512:4270A19F4D73297EEC910B81FF17441F3FC7A6A2A84EBA2EA3F7388DD3AA0BA31E9E455CFF93D0A34F4EC7CA74672D407A1C4DC838A130E678CA92A2E085851C
                                                    Malicious:false
                                                    Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):1091485
                                                    Entropy (8bit):7.906659368807194
                                                    Encrypted:false
                                                    SSDEEP:24576:oBpmCkw3Tg/euEB+UdoC4k7ytHkHA6B/puqW2MIkTeSBmKrZHQ:MR3c/AseydwppC7veSBmWHQ
                                                    MD5:2192871A20313BEC581B277E405C6322
                                                    SHA1:1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085
                                                    SHA-256:A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC
                                                    SHA-512:6D8844D2807BB90AEA6FE0DDDB9C67542F587EC9B7FC762746164B2D4A1A99EF8368A70C97BAD7A986AAA80847F64408F50F4707BB039FCCC509133C231D53B9
                                                    Malicious:false
                                                    Preview:PK...........G`.jaV....P......[Content_Types].xml...n.@...W......T@.mwM.E....)....y...H}.N..ll8.h5g6Q.=3_......?...x..e^Di.p.^.ud...(Y/..{w..r..9.../M...Q*{..E...(.4..>..y,.>..~&..b-.a.?..4Q2Q=.2.......m....>-....;]......N'..A...g.D.m.@(}..'.3Z....#....(+....-q<uq.+....?....1.....Y?Oy......O"..J?....Q$zT.].7.N..Q Wi.....<.........-..rY....hy.x[9.b.%-<.V?.(......;r.+...Q<.;U.....4...!'k...s.&..)'k...d.s..}R....o".D.I..7..7.KL.7..Z.....v..b.5.2].f....l.t....Z...Uk...j.&.U-....&>.ia1..9lhG..Q.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.........j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oT/-c..`....7FaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,..7...&(L.....>.kw...i...i...i...i...i...i...i.......I...U_.....vT.....}..\...v..W.!-W.!-W.!-W.!-W.!-W.!-W.!-W.U...7.....k.pT...0..O.... ...>..>..>..>..>..>..>......f..2V}....W>jO....5..].?.o..oPK...........G.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):608122
                                                    Entropy (8bit):7.729143855239127
                                                    Encrypted:false
                                                    SSDEEP:6144:Ckl6KRKwg9jf2q/bN69OuGFlC/DUhq68xOcJzGYnTxlLqU8dmTW:8yKwgZ2qY9kA7Uhq68H3ybmq
                                                    MD5:8BA551EEC497947FC39D1D48EC868B54
                                                    SHA1:02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF
                                                    SHA-256:DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
                                                    SHA-512:CC97F9B2C83FF7CAC32AB9A9D46E0ACDE13EECABECD653C88F74E4FC19806BB9498D2F49C4B5581E58E7B0CB95584787EA455E69D99899381B592BEA177D4D4B
                                                    Malicious:false
                                                    Preview:PK.........LGE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK.........LG.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):5783
                                                    Entropy (8bit):7.88616857639663
                                                    Encrypted:false
                                                    SSDEEP:96:CDG4D+8VsXzXc2zLXTJ2XFY47pk2G7HVlwFzTXNbMfmn2ivLZcreFWw5fc9ADdZm:CDG4DRGY23l2Xu47GL7YtT9V29yWvWdk
                                                    MD5:8109B3C170E6C2C114164B8947F88AA1
                                                    SHA1:FC63956575842219443F4B4C07A8127FBD804C84
                                                    SHA-256:F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
                                                    SHA-512:F8A8D7A6469CD3E7C31F3335DDCC349AD7A686730E1866F130EE36AA9994C52A01545CE73D60B642FFE0EE49972435D183D8CD041F2BB006A6CAF31BAF4924AC
                                                    Malicious:false
                                                    Preview:PK.........A;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........pnB;.M.:....g......._rels/.rels...J.0.._%.n....xp..,{.i2M.........G..........7...3o/.......d.kyU....^..[>Q....j.#P.H......Z>..+!...B*|@...G...E....E]..".3.......!..7....,:..,.......Ot..0r....Z..&1..U..p.U-.[Uq&.......................Gyy.}n.(.C(i.x........?.vM..}..%.7.b.>L..]..PK........EV:5K..4....H......diagrams/layout1.xml.Yo.6........S.`......$M...Q8A...R..T.k...K.4CQG..}.A..9.?R....!&...Q..ZW.......Q....<8..z..g....4{d.>..;.{.>.X.....Y.2.......cR....9e.. ...}L.....yv&.&...r..h...._..M. e...[..}.>.k..........3.`.ygN...7.w..3..W.S.....w9....r(....Zb..1....z...&WM.D<......D9...ge......6+.Y....$f......wJ$O..N..FC..Er........?..is...-Z
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):4026
                                                    Entropy (8bit):7.809492693601857
                                                    Encrypted:false
                                                    SSDEEP:96:VpDCBFLhxaUGm5EWA07yNdKH1FQpy8tnX8Iz3b7TrT502+fPD:VpDYFFRMNU+RtXzLf35t+3D
                                                    MD5:5D9BAD7ADB88CEE98C5203883261ACA1
                                                    SHA1:FBF1647FCF19BCEA6C3CF4365C797338CA282CD2
                                                    SHA-256:8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
                                                    SHA-512:7132923869A3DA2F2A75393959382599D7C4C05CA86B4B27271AB9EA95C7F2E80A16B45057F4FB729C9593F506208DC70AF2A635B90E4D8854AC06C787F6513D
                                                    Malicious:false
                                                    Preview:PK........YnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........bnB;?.......f......._rels/.rels...J.1.._%..f....m/.,x...&.lt.dV.y.|.."v....q..|......r..F..)..;.T5g.eP..O..Z.^-.8...<.Y....Q.."....*D.%.!9.R&#".'0(.u}).!..l....b..J..rr....P.L.w..0.-......A..w..x.7U...Fu<mT.....^s...F./ ..( .4L..`.....}...O..4.L...+H.z...m..j[].=........oY}.PK........J.L6...m....,.......diagrams/layout1.xml.X.n.8.}N.....PG.............wZ.,.R.%.K...J.H]....y.3..9...O..5."J.1.\.1....Q....z......e.5].)...$b.C)...Gx!...J3..N..H...s....9.~...#..$...W.8..I`|..0xH}......L.|..(V;..1...kF..O=...j...G.X.....T.,d>.w.Xs.......3L.r..er\o..D..^....O.F.{:.>.R'....Y-...B.P.;....X.'c...{x*.M7..><l.1.w..{].46.>.z.E.J.......G......Hd..$..7....E.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):4243
                                                    Entropy (8bit):7.824383764848892
                                                    Encrypted:false
                                                    SSDEEP:96:22MQe4zHye8/djzF+JjvtmMkkBpF7e0LTkaf:22De4zHHCvF+nRBDXoaf
                                                    MD5:7BC0A35807CD69C37A949BBD51880FF5
                                                    SHA1:B5870846F44CAD890C6EFF2F272A037DA016F0D8
                                                    SHA-256:BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
                                                    SHA-512:B5B785D693216E38B5AB3F401F414CADACCDCB0DCA4318D88FE1763CD3BAB8B7670F010765296613E8D3363E47092B89357B4F1E3242F156750BE86F5F7E9B8D
                                                    Malicious:false
                                                    Preview:PK........NnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........TnB;..d.....h......._rels/.rels...J.0.._%.n..)"....<.w.&.4..!...y.|.........|.&3.o.....S..K.T5g.U....g..n.f....T*.hcf...D.V..Ft....d....c2".z.....N.s._2....7.0.V.]P.CO?...`...8....4&......_i..Y.T...Z...g....{-...]..pH..@.8....}tP.)..B>..A...S&......9..@...7........b_.PK........r};5.z..............diagrams/layout1.xml.X.n.8.}.........4.+.(...@......(..J..._.!)..b..v.}.H..zf8...dhM....E..I.H..V.Y.R..2zw5L~....^..]...J_..4.\.\......8..z..2T..".X.l.F#......5....,*....c....r.kR.I.E..,.2...&%..''.qF.R.2.....T;F...W.. ...3...AR.OR.O..J}.w6..<...,.x..x....`g?.t.I.{.I...|X..g.....<BR..^...Q.6..m.kp...ZuX.?.z.YO.g...$.......'.]..I.#...]$/~`${.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):16806
                                                    Entropy (8bit):7.9519793977093505
                                                    Encrypted:false
                                                    SSDEEP:384:eSMjhqgJDGwOzHR3iCpK+QdLdfufFJ9aDn9LjDMVAwHknbz7OW:eSkhqglGwERSAHQdLhDn9AKokv7H
                                                    MD5:950F3AB11CB67CC651082FEBE523AF63
                                                    SHA1:418DE03AD2EF93D0BD29C3D7045E94D3771DACB4
                                                    SHA-256:9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
                                                    SHA-512:D74BF52A58B0C0327DB9DDCAD739794020F00B3FA2DE2B44DAAEC9C1459ECAF3639A5D761BBBC6BDF735848C4FD7E124D13B23964B0055BB5AA4F6AFE76DFE00
                                                    Malicious:false
                                                    Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........Ul.<..<"I5...&......diagrams/layout1.xml.}.r.I..s........~Y.f.gzfv......E."w.K..J5m.e...4.0..Q... A.!...%...<...3.......O.......t~.u{...5.G......?,.........N......L......~.:....^,..r=./~7_..8............o.y......oo.3.f........f.......r.7../....qrr.v9.......,?..._O.....?9.O~]..zv.I'.W..........;..\..~....../........?~..n.....\}pt.........b,~...;>.=;>:..u.....?.......2]..]....i......9..<.p..4D..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):11380
                                                    Entropy (8bit):7.891971054886943
                                                    Encrypted:false
                                                    SSDEEP:192:VJcnLYnAVbOFLaCPLrGGbhaWEu6d3RmryqLkeAShObPb1AYcRMMXjkfa0nYBwggD:VcMC8lLrRbhy1ZqLyShYb1FHQ4C0nYQJ
                                                    MD5:C9F9364C659E2F0C626AC0D0BB519062
                                                    SHA1:C4036C576074819309D03BB74C188BF902D1AE00
                                                    SHA-256:6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
                                                    SHA-512:173A5E68E55163B081C5A8DA24AE46428E3FB326EBE17AE9588C7F7D7E5E5810BFCF08C23C3913D6BEC7369E06725F50387612F697AC6A444875C01A2C94D0FF
                                                    Malicious:false
                                                    Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........q.~<.6..9 ...e......diagrams/layout1.xml..r.........{.]..u...xv7b.....HPd....t.q...b.i_a.'..P.f.3..F..1...U.u.*.2......?}..O..V.....yQ.Mf........w.....O....N.........t3;...e....j.^.o&.....w...../.w................e.................O..,./..6...8>^.^..........ru5...\.=>[M?......g..........w.N....i.........iy6.?........>.......>{yT...........x.........-...z5.L./.g......_.l.1.....#...|...pr.q
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):6024
                                                    Entropy (8bit):7.886254023824049
                                                    Encrypted:false
                                                    SSDEEP:96:bGa2onnLYHTSSxpHVTSH1bywZKmpRqiUtFvS9xrPooBpni6eDa16MUELHsrKjRBA:SJonLYzSSr1TuZNwtFZKpiiyrKXuCUd
                                                    MD5:20621E61A4C5B0FFEEC98FFB2B3BCD31
                                                    SHA1:4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4
                                                    SHA-256:223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
                                                    SHA-512:BDF3A8E3D6EE87D8ADE0767918603B8D238CAE8A2DD0C0F0BF007E89E057C7D1604EB3CCAF0E1BA54419C045FC6380ECBDD070F1BB235C44865F1863A8FA7EEA
                                                    Malicious:false
                                                    Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........2..<..]#.....'......diagrams/layout1.xml.].r.8...V.;0.;..aO........{.....V..3].d{..............\. .#.t... ........x<...@7o.]..7.N..@.NF..../....S.../.xC..U...<..Q.=...|..v.....cQ..Y=.....i`.. ..?.;...Go....x.O.$....7s..0..qg....|..r..l.w.a..p.3.Em7v...N............3..7...N.\\..f...9...U$..7...k.C..M.@\.s....G/..?...I...t.Yos...p..z...6.lnqi.6..<..1qg+......#]....|C/N..K\}.....#..".
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):9191
                                                    Entropy (8bit):7.93263830735235
                                                    Encrypted:false
                                                    SSDEEP:192:oeAMExvPJMg+yE+AfJLi3+Xoj7F3sPgMG61J88eDhFWT7hFNsdJtnLYJ7tSh:v2d+hnfJLi3+4ja4WqhFWT7FsdHMA
                                                    MD5:08D3A25DD65E5E0D36ADC602AE68C77D
                                                    SHA1:F23B6DDB3DA0015B1D8877796F7001CABA25EA64
                                                    SHA-256:58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
                                                    SHA-512:77D24C272D67946A3413D0BEA700A7519B4981D3B4D8486A655305546CE6133456321EE94FD71008CBFD678433EA1C834CFC147179B31899A77D755008FCE489
                                                    Malicious:false
                                                    Preview:PK.........]w>....<...5.......diagrams/layout1.xmlz........].r.F.}......1w`.J..'.......w..Dn. d....~........pw...O.......s...?...p7.t>e.r<.]u.e..d..|8..\uo.......K...._.Y..E6.|..y;........y.*/:o./...:[.o.+/.....?.....Z.?..s..d}...S.`...b.^o9.e.ty9_d...y>M.....7...e....."....<.v.u...e:].N.t....a....0..}..bQ.Y..>.~..~...U.|..Ev.....N...bw....{...O..Y.Y.&........A.8Ik...N.Z.P.[}t........|m...E..v..,..6........_?..."..K<.=x....$..%@.e..%....$=F..G..e........<F..G51..;......=...e.e.q..d......A...&9'.N.\%.=N.Z.9.s......y.4.Q.c......|8.......Eg.:.ky.z.h.......).O...mz...N.wy.m...yv....~8.?Lg..o.l.y:.....z.i..j.irxI.w...r.......|.=....s};.\u.{t;i~S.......U7..mw...<.vO...M.o...W.U.....}.`V<|..%....l..`>]..".].I.i.N..Z..~Lt.........}?..E~:..>$......x...%.........N....'C.m.=...w.=.Y...+'M.].2 >.]_~...'.?...:....z.O..Y......6..5...sj?.....).B..>.3...G...p.9.K!..[H..1$v../...E V..?`....+[...C......h..!.QI5....<.>...A.d.......
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):4326
                                                    Entropy (8bit):7.821066198539098
                                                    Encrypted:false
                                                    SSDEEP:96:+fF+Jrp7Yo5hnJiGa24TxEcpUeONo1w2NFocy2LQi33Z:2+f7YuhJdJ4TxEcmKwGkk3Z
                                                    MD5:D32E93F7782B21785424AE2BEA62B387
                                                    SHA1:1D5589155C319E28383BC01ED722D4C2A05EF593
                                                    SHA-256:2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
                                                    SHA-512:5B07D6764A6616A7EF25B81AB4BD4601ECEC1078727BFEAB4A780032AD31B1B26C7A2306E0DBB5B39FC6E03A3FC18AD67C170EA9790E82D8A6CEAB8E7F564447
                                                    Malicious:false
                                                    Preview:PK.........n.A...#............docProps/thumbnail.jpgz.........{4.i....1.n.v)..#.\*....A+..Q(."..D.......#Q)...SQ....2c.ei.JC...N.{......}.s.s..y>....d.(:.;.....q........$.OBaPbI..(.V...o.....'..b..edE.J.+.....".tq..dqX.......8...CA.@..........0.G.O.$Ph...%i.Q.CQ.>.%!j..F..."?@.1J.Lm$..`..*oO...}..6......(%....^CO..p......-,.....w8..t.k.#....d..'...O...8....s1....z.r...rr...,(.)...*.]Q]S.{X.SC{GgWw..O....X./FF9._&..L.....[z..^..*....C...qI.f... .Hq....d*.d..9.N{{.N.6..6)..n<...iU]3.._.....%./.?......(H4<.....}..%..Z..s...C@.d>.v...e.'WGW.....J..:....`....n..6.....]W~/.JX.Qf..^...}...._Sg.-.p..a..C_:..F..E.....k.H..........-Bl$._5...B.w2e...2...c2/y3.U...7.8[.S}H..r/..^...g...|...l..\M..8p$]..poX-/.2}..}z\.|.d<T.....1....2...{P...+Y...T...!............p..c.....D..o..%.d.f.~.;.;=4.J..]1"("`......d.0.....L.f0.l..r8..M....m,.p..Y.f....\2.q. ...d9q....P...K..o!..#o...=.........{.p..l.n...........&..o...!J..|)..q4.Z.b..PP....U.K..|.i.$v
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):7370
                                                    Entropy (8bit):7.9204386289679745
                                                    Encrypted:false
                                                    SSDEEP:192:fYa+ngK2xG6HvLvoUnXxO+blKO1lt2Zg0AV:fYVn8Y6Hv3XxO+8uQZCV
                                                    MD5:586CEBC1FAC6962F9E36388E5549FFE9
                                                    SHA1:D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E
                                                    SHA-256:1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
                                                    SHA-512:68DEAE9C59EA98BD597AE67A17F3029BC7EA2F801AC775CF7DECA292069061EA49C9DF5776CB5160B2C24576249DAF817FA463196A04189873CF16EFC4BEDC62
                                                    Malicious:false
                                                    Preview:PK........;nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........HnB;..I)....j......._rels/.rels...J.@.._e..&6E.i/.,x..Lw'.j........G..\...................)...Y.3)..`...9r{v!......z...#>5.g.WJ%..T..>'m ..K.T.....j6[(:f.)S....C.mk5^.=:...X......C.... I......&5..e..H.1...).P.cw.kjT......C.......=.....}G!7E.y$.(...}b.........b=.<..^.....U..Y..PK.........^5a.2u............diagrams/layout1.xml..ko.8..+x.t.l..J.n.t.Mnw.x. ....B.t$.,.(&i.....(..d.mY......g.../[.<!.{ap>...L...p....G.9z?...._...e..`..%......8....G!..B8.....o...b.......Q.>|.......g..O\B...i.h...0B.}.....z...k...H..t~r.v........7o.E....$....Z.........ZDd..~......>......O.3.SI.Y.".O&I....#."._c.$.r..z.g0`...0...q:...^0.EF...%(.Ao$.#.o6..c'....$%.}
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):5596
                                                    Entropy (8bit):7.875182123405584
                                                    Encrypted:false
                                                    SSDEEP:96:dGa2unnLYEB2EUAPOak380NQjqbHaPKJebgrEVws8Vw+BMa0EbdLVQaZJgDZh0pJ:UJunLYEB2EUAxk3pIYaScgYwsV4bdS0X
                                                    MD5:CDC1493350011DB9892100E94D5592FE
                                                    SHA1:684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA
                                                    SHA-256:F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
                                                    SHA-512:3699066A4E8A041079F12E88AB2E7F485E968619CB79175267842846A3AD64AA8E7778CBACDF1117854A7FDCFB46C8025A62F147C81074823778C6B4DC930F12
                                                    Malicious:false
                                                    Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK.........V.<.S.....Y.......diagrams/layout1.xml.\.r.8...U....m.$.."3.....;...../3.XAn..O.?....V.;...")Nr.O.H....O......_..E..S...L7....8H.y<=............~...Ic......v9.X.%.\.^.,?g.v.?%w...f.).9.........Ld;.1..?~.%QQ...h.8;.gy..c4..]..0Ii.K&.[.9.......E4B.a..?e.B..4....E.......Y.?_&!.....i~..{.W..b....L.?..L..@.F....c.H..^..i...(d.......w...9..9,........q..%[..]K}.u.k..V.%.Y.....W.y..;e4[V..u.!T...).%.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):3683
                                                    Entropy (8bit):7.772039166640107
                                                    Encrypted:false
                                                    SSDEEP:96:GyfQZd6ZHNCWl9aXFkZwIq/QDsRYPf8P9QtDIs5r:G6wYtNZS1k99AmPfSOtD5r
                                                    MD5:E8308DA3D46D0BC30857243E1B7D330D
                                                    SHA1:C7F8E54A63EB254C194A23137F269185E07F9D10
                                                    SHA-256:6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
                                                    SHA-512:88AB7263B7A8D7DDE1225AE588842E07DF3CE7A07CBD937B7E26DA7DA7CFED23F9C12730D9EF4BC1ACF26506A2A96E07875A1A40C2AD55AD1791371EE674A09B
                                                    Malicious:false
                                                    Preview:PK.........a9;lq.ri...#.......diagrams/layout1.xmlz........WKn.0.];.`..J..AP...4E..!..hi$..I......z..D.d;...m.d...f.3o.._....9'.P.I1.F.C...d.D:.........Q..Z..5$..BO...e..(.9..2..+.Tsjp.. Vt.f.<...gA.h...8...>..p4..T...9.c...'.G.;.@.;xKE.A.uX.....1Q...>...B...!T.%.* ...0.....&......(.R.u..BW.yF.Grs...)..$..p^.s.c._..F4.*. .<%.BD..E....x... ..@...v.7f.Y......N.|.qW'..m..........im.?.64w..h...UI...J....;.0..[....G..\...?:.7.0.fGK.C.o^....j4............p...w:...V....cR..i...I...J=...%. &..#..[M....YG...u...I)F.l>.j.....f..6.....2.]..$7.....Fr..o.0...l&..6U...M..........%..47.a.[..s........[..r....Q./}.-.(.\..#. ..y`...a2..*....UA.$K.nQ:e!bB.H.-Q-a.$La.%.Z!...6L...@...j.5.....b..S.\c..u...R..dXWS.R.8"....o[..V...s0W..8:...U.#5..hK....ge.Q0$>...k.<...YA.g..o5...3.....~re.....>....:..$.~........pu ._Q..|Z...r...E.X......U....f)s^.?...%......459..XtL:M.).....x..n9..h...c...PK........Ho9<"..%...........diagrams/layoutHeader1.xmlMP.N.0.>oOa.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):4888
                                                    Entropy (8bit):7.8636569313247335
                                                    Encrypted:false
                                                    SSDEEP:96:StrFZ23/juILHPzms5UTuK9CuZGEoEuZ28H1HiGa2RnnLY+tUb:SPZQ7uCHPzms5UTlqauZVHdJRnLY+tUb
                                                    MD5:0A4CA91036DC4F3CD8B6DBF18094CF25
                                                    SHA1:6C7EED2530CD0032E9EEAB589AFBC296D106FBB9
                                                    SHA-256:E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
                                                    SHA-512:7C69426F2250E8C84368E8056613C22977630A4B3F5B817FB5EA69081CE2A3CA6E5F93DF769264253D5411419AF73467A27F0BB61291CCDE67D931BD0689CB66
                                                    Malicious:false
                                                    Preview:PK.........e.>.......]>......diagrams/layout1.xmlz........Z..6....;..{......lw.E.o....i..T....&...G.+...$..(.6..>Y.pf8C.|3.?..m....xA8v.`.hW..@..Zn..(kb..(.......`.+....Y`...\..qh.0.!&w..)|...<..]Q.. _....m..Z.{3..~..5..R..d..A.O....gU.M..0..#...;.>$...T......T..z.Z.\a.+...?#.~.....1.>?...*..DD.1...'..,..(...5B...M..]..>.C..<[....,L.p..Q.v.v^q.Y...5.~^c..5........3.j.......BgJ.nv.. ............tt......Q..p..K....(M.(]@..E..~z.~...8...49.t.Q..Q.n..+.....*J.#J.... .P...P.1...!.#&...?A..&.."..|..D.I...:.....~/.....b..].........nI7.IC.a..%...9.....4...r....b..q....@o........O...y...d@+~.<.\....f.a`:...Qy/^..P....[....@i.I.._.?.X.x.8....)..s....I.0...|.....t...;...q=k.=..N.%!.(.1....B.Ps/."...#.%..&...j<..2x.=<.......s.....h..?..]?Y?...C.}E.O........{..6.d....I...A.....JN..w+....2..m>9.T7...t.6.}.i..f.Ga..t.].->...8U......G.D`......p..f.. ...qT.YX.t.F..X.u=.3r...4....4Q.D..l.6.+PR...+..T..h: H.&.1~....n.....)........2J.. O.W+vd..f....0.....6..9QhV..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):6448
                                                    Entropy (8bit):7.897260397307811
                                                    Encrypted:false
                                                    SSDEEP:192:tgaoRbo1sMjb0NiJ85oPtqcS+yaXWoa8XBzdJYnLYFtWT7:LR1sk+i4o1qc1yaukzd8MK
                                                    MD5:42A840DC06727E42D42C352703EC72AA
                                                    SHA1:21AAAF517AFB76BF1AF4E06134786B1716241D29
                                                    SHA-256:02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
                                                    SHA-512:8886BFD240D070237317352DEB3D46C6B07E392EBD57730B1DED016BD8740E75B9965F7A3FCD43796864F32AAE0BE911AB1A670E9CCC70E0774F64B1BDA93488
                                                    Malicious:false
                                                    Preview:PK.........k.>........'......diagrams/layout1.xmlz........].r.8.}.V.?p.n....g*5..JUn.....(SU......T.l.......X.d."m."..S....F..P.........-..<Y^..=..e.L....m>.pG.....M~...+\....u}o...".Yn}Y.".-r......0...'/........{........F.~.M8.d....(.....q.D.....4\.;.D,.\.)n.S....Z.cl.|<..7._.dk..7..E.......kS...d.....i.....noX...o.W#9..}.^..I0....G.......+.K.[i.O.|G..8=.;.8.8.8.8.....{..-..^.y..[.....`...0..f...Q<^~..*.l....{...pA.z.$.$R.../...E.(..Q.(V.E_ ......X]Q..Y9.......>...8......l..--.ug.......I.;..].u.b.3Lv:.d.%H..l<...V...$.M..A>...^M./.[..I....o~,.U. .$d\..?........O.;..^M..O...A.$Yx..|f.n...H.=.|!cG)dd%..(... ..Xe......2B."i...n....P.R..E?... Y.I6...7n..Xs..J..K..'..JaU..d..|.(y.a.....d......D.Dr...._.._..m..Yu..6.o.\......&.m....wy...4k?..~........f....0.. \...}iS.i..R....q-#_..g........{Z.u.V.r(....j.I...,R..f.=.n.[.'..L'd.n C.0.I.....RpaV........c.k..NR....)B^k...d.i...d0.E. ^..G.']....x.c.>'..p...y.ny.P.x6..%.J\.....De.B\.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):5630
                                                    Entropy (8bit):7.87271654296772
                                                    Encrypted:false
                                                    SSDEEP:96:n5ni6jKZWsD+QJaUQ7R6qYFF5QS+BEgeJam6S7ZCHuKViGa2CnnLYLt/ht:nccqxIBdQ1QS+uDJanS7ZCHHVdJCnLY5
                                                    MD5:2F8998AA9CF348F1D6DE16EAB2D92070
                                                    SHA1:85B13499937B4A584BEA0BFE60475FD4C73391B6
                                                    SHA-256:8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
                                                    SHA-512:F10F7772985EDDA442B9558127F1959FF0A9909C7B7470E62D74948428BFFF7E278739209E8626AE5917FF728AFB8619AE137BEE2A6A4F40662122208A41ABB2
                                                    Malicious:false
                                                    Preview:PK...........<..W8...j.......diagrams/layout1.xmlz........]......Hy..{...n .l.:.D.vvW..s....-a..fg&.}.\..+......4M..'=...(._.U]U......_.....U...k}.y.,......C..._^.......w/."7....v..Ea........Q..u..D{..{v.x.]....AtB15u..o...w..o.1...f.L...I<[zk7..7^..,.h.&l3...#..)..'H..d.r.#w=b...Ocw.y.&.v..t.>.s..m^M7..8I?o7................H...b....Qv.;'..%.f..#vR....V.H.),g..`...)(..m...[l...b...,.....U...Q.{.y.y.....G.I.tT.n..N.....A.tR..tr....i.<.......,.n:.#.A..a!X.......DK..;v..._M..lSc../n...v.....}.....I.|8.!b.C..v..|.....4l..n.;<9.i./..}!&2.c/.r...>.X02[..|.a.-.....$#-....>...{.M].>3.,\o.x....X%;.F.k.)*".I8<.0..#......?.h..-..O.2.B.s..v....{Abd...h0....H..I.. ...%...$1.Fyd..Y....U...S.Y.#.V.....TH(....%..nk.3Y.e.m.-.S..Q...j.Ai..E..v......4.t.|..&"...{..4.!.h.....C.P.....W...d[.....U<Yb;B.+W.!.@B....!.=......b"...Y.N;.#..Q...0G.lW...]7:...#9!z......|f..r..x.....t........`.uL1u.:.....U.D.n.<Q.[%...ngC./..|...!..q;;.w.".D..lt.".l.4".mt...E..mt
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                    Category:dropped
                                                    Size (bytes):6193
                                                    Entropy (8bit):7.855499268199703
                                                    Encrypted:false
                                                    SSDEEP:192:WavHMKgnU2HUGFhUnkbOKoztj1QfcnLYut3d8:YKeUlGXUnC+HQSMp
                                                    MD5:031C246FFE0E2B623BBBD231E414E0D2
                                                    SHA1:A57CA6134779D54691A4EFD344BC6948E253E0BA
                                                    SHA-256:2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
                                                    SHA-512:6A784C28E12C3740300883A0E690F560072A3EA8199977CBD7F260A21E8346B82BA8A4F78394D3BB53FA2E98564B764C2D0232C40B25FB6085C36D20D70A39D1
                                                    Malicious:false
                                                    Preview:PK........X..<..Zn|...........diagrams/layout1.xmlz........]..H.}......M,l#g.j:.G-eu.*S=.$......T_6..I...6...d.NJ....r.p.p.........|.z.K.M..L.T.(........<..ks.......o...t}...P..*.7...`.+.[...H..._..X.u.....N....n....n|..=.....K.:.G7.u....."g.n.h...O.,...c...f.b.P......>[l.....j.*.?..mxk..n..|A...,\o..j..wQ.....lw.~].Lh..{3Y..D..5.Y..n..Mh.r..J....6*.<.kO...Alv.._.qdKQ.5...-FMN......;.~..._..pv..&...%"Nz].n............vM.`..k..a.:.f]...a........y.....g0..`........|V...Yq.....#...8....n..i7w<2Rp...R.@.]..%.b%..~...a..<.j...&....?...Qp..Ow|&4>...d.O.|.|...Fk;t.P[A..i.6K.~...Y.N..9......~<Q..f...i.....6..U...l. ..E..4$Lw..p..Y%NR..;...B|B.U...\e......S...=...B{A.]..*....5Q.....FI..w....q.s{.K....(.]...HJ9........(.....[U|.....d71.Vv.....a.8...L.....k;1%.T.@+..uv.~v.]`.V....Z.....`.M.@..Z|.r........./C..Z.n0.....@.YQ.8..q.h.....c.%...p..<..zl.c..FS.D..fY..z..=O..%L..MU..c.:.~.....F]c......5.=.8.r...0....Y.\o.o....U.~n...`...Wk..2b......I~
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):3075
                                                    Entropy (8bit):7.716021191059687
                                                    Encrypted:false
                                                    SSDEEP:48:96yn4sOBoygpySCCxwKsZCB2oLEIK+aQpUNLRQWtmMamIZxAwCC2QnyODhVOzP4:l0vCxJsZQ2ofpKvtmMdIZxAwJyODhVOE
                                                    MD5:67766FF48AF205B771B53AA2FA82B4F4
                                                    SHA1:0964F8B9DC737E954E16984A585BDC37CE143D84
                                                    SHA-256:160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
                                                    SHA-512:AC28B0B4A9178E9B424E5893870913D80F4EE03D595F587AA1D3ACC68194153BAFC29436ADFD6EA8992F0B00D17A43CFB42C529829090AF32C3BE591BD41776D
                                                    Malicious:false
                                                    Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK.........nB;O.......k......._rels/.rels...J.@.._e..4...i/.,x..Lw'....v'.<....WpQ..,......7?....u.y..;bL../..3t.+.t.G....Y.v8.eG.MH,....(\..d..R....t>Z.<F-..G.(..\.x...l?..M..:#........2.#.[..H7..#g{...._j...(.....q......;.5'..Nt..."...A.h........>....\.'...L..D..DU<.....C.TKu.5Tu....bV..;PK.........C26.b..............diagrams/layout1.xml.T.n. .}N....).je./m.+u....`{..0P......p..U}c.9g..3....=h.(.."..D-.&....~.....y..I...(r.aJ.Y..e..;.YH...P.{b......hz.-..>k.i5..z>.l...f...c..Y...7.ND...=.%..1...Y.-.o.=)(1g.{.".E.>2.=...]Y..r0.Q...e.E.QKal,.....{f...r..9-.mH..C..\.w....c.4.JUbx.p Q...R......_...G.F...uPR...|um.+g..?..C..gT...7.0.8l$.*.=qx.......-8..8.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft OOXML
                                                    Category:dropped
                                                    Size (bytes):5151
                                                    Entropy (8bit):7.859615916913808
                                                    Encrypted:false
                                                    SSDEEP:96:WkV3UHhcZDEteEJqeSGzpG43GUR8m8b6dDLiCTfjKPnD6H5RhfuDKNtxx3+7tDLp:Wq3UBc9EJqIpGgD5dDL1DjKvDKhfnNti
                                                    MD5:6C24ED9C7C868DB0D55492BB126EAFF8
                                                    SHA1:C6D96D4D298573B70CF5C714151CF87532535888
                                                    SHA-256:48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
                                                    SHA-512:A3E9DC48C04DC8571289F57AE790CA4E6934FBEA4FDDC20CB780F7EA469FE1FC1D480A1DBB04D15301EF061DA5700FF0A793EB67D2811C525FEF618B997BCABD
                                                    Malicious:false
                                                    Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........5nB;.ndX....`......._rels/.rels...J.1.._%..f.J.J..x..AJ.2M&......g..#............|.c..x{_._..^0e.|.gU..z.....#.._..[..JG.m.....(...e..r."....P)....3..M].E:..SO.;D..c..J..rt...c.,.....a.;.....$.../5..D.Ue.g...Q3......5.':...@...~t{.v..QA>.P.R.A~..^AR.S4G......].n...x41....PK.........^5..s.V....Z......diagrams/layout1.xml.[]o.F.}N~..S.......VU.U+m6R........&.d.}...{M....Q.S....p9.'./O..z."..t>q....."[..j>y..?...u....[.}..j-...?Y..Bdy.I./.....0.._.....-.s...rj...I..=..<..9.|>YK.....o.|.my.F.LlB..be/E.Y!.$6r.f/.p%.......U....e..W.R..fK....`+?.rwX.[.b..|..O>o.|.....>1.......trN`7g..Oi.@5..^...]4.r...-y...T.h...[.j1..v....G..........nS..m..E"L...s
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):333258
                                                    Entropy (8bit):4.654450340871081
                                                    Encrypted:false
                                                    SSDEEP:6144:ybW83Zb181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:i
                                                    MD5:5632C4A81D2193986ACD29EADF1A2177
                                                    SHA1:E8FF4FDFEB0002786FCE1CF8F3D25F8E9631E346
                                                    SHA-256:06DE709513D7976690B3DD8F5FDF1E59CF456A2DFBA952B97EACC72FE47B238B
                                                    SHA-512:676CE1957A374E0F36634AA9CFFBCFB1E1BEFE1B31EE876483B10763EA9B2D703F2F3782B642A5D7D0945C5149B572751EBD9ABB47982864834EF61E3427C796
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.. <xsl:output method="html" encoding="us-ascii"/>.... <xsl:template match="*" mode="outputHtml2">.. <xsl:apply-templates mode="outputHtml"/>.. </xsl:template>.... <xsl:template name="StringFormatDot">.. <xsl:param name="format" />.. <xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.. <xsl:when test="$format = ''"></xsl:when>.. <xsl:when test="substring($format, 1, 2) = '%%'">.. <xsl:text>%</xsl:text>.. <xsl:call-template name="StringFormatDot">.. <xsl:with-param name="format" select="substring($format, 3)" />.. <xsl:with-param name=
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):296658
                                                    Entropy (8bit):5.000002997029767
                                                    Encrypted:false
                                                    SSDEEP:6144:RwprAMk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:M
                                                    MD5:9AC6DE7B629A4A802A41F93DB2C49747
                                                    SHA1:3D6E929AA1330C869D83F2BF8EBEBACD197FB367
                                                    SHA-256:52984BC716569120D57C8E6A360376E9934F00CF31447F5892514DDCCF546293
                                                    SHA-512:5736F14569E0341AFB5576C94B0A7F87E42499CEC5927AAC83BB5A1F77B279C00AEA86B5F341E4215076D800F085D831F34E4425AD9CFD52C7AE4282864B1E73
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):268317
                                                    Entropy (8bit):5.05419861997223
                                                    Encrypted:false
                                                    SSDEEP:6144:JwprAJLR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N9
                                                    MD5:51D32EE5BC7AB811041F799652D26E04
                                                    SHA1:412193006AA3EF19E0A57E16ACF86B830993024A
                                                    SHA-256:6230814BF5B2D554397580613E20681752240AB87FD354ECECF188C1EABE0E97
                                                    SHA-512:5FC5D889B0C8E5EF464B76F0C4C9E61BDA59B2D1205AC9417CC74D6E9F989FB73D78B4EB3044A1A1E1F2C00CE1CA1BD6D4D07EEADC4108C7B124867711C31810
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):255948
                                                    Entropy (8bit):5.103631650117028
                                                    Encrypted:false
                                                    SSDEEP:6144:gwprAm795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:kW
                                                    MD5:9888A214D362470A6189DEFF775BE139
                                                    SHA1:32B552EB3C73CD7D0D9D924C96B27A86753E0F97
                                                    SHA-256:C64ED5C2A323C00E84272AD3A701CAEBE1DCCEB67231978DE978042F09635FA7
                                                    SHA-512:8A75FC2713003FA40B9730D29C786C76A796F30E6ACE12064468DD2BB4BF97EF26AC43FFE1158AB1DB06FF715D2E6CDE8EF3E8B7C49AA1341603CE122F311073
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>............<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select=
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):251032
                                                    Entropy (8bit):5.102652100491927
                                                    Encrypted:false
                                                    SSDEEP:6144:hwprA5R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:JA
                                                    MD5:F425D8C274A8571B625EE66A8CE60287
                                                    SHA1:29899E309C56F2517C7D9385ECDBB719B9E2A12B
                                                    SHA-256:DD7B7878427276AF5DBF8355ECE0D1FE5D693DF55AF3F79347F9D20AE50DB938
                                                    SHA-512:E567F283D903FA533977B30FD753AA1043B9DDE48A251A9AC6777A3B67667443FEAD0003765A630D0F840B6C275818D2F903B6CB56136BEDCC6D9BDD20776564
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):284415
                                                    Entropy (8bit):5.00549404077789
                                                    Encrypted:false
                                                    SSDEEP:6144:N9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:y
                                                    MD5:33A829B4893044E1851725F4DAF20271
                                                    SHA1:DAC368749004C255FB0777E79F6E4426E12E5EC8
                                                    SHA-256:C40451CADF8944A9625DD690624EA1BA19CECB825A67081E8144AD5526116924
                                                    SHA-512:41C1F65E818C2757E1A37F5255E98F6EDEAC4214F9D189AD09C6F7A51F036768C1A03D6CFD5845A42C455EE189D13BB795673ACE3B50F3E1D77DAFF400F4D708
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt"......xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.....<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="/">....<xsl:call-template name="Start"/>...</xsl:template>.....<xsl:template name="Start">....<xsl:choose>.....<xsl:when test="b:Version">......<xsl:text>2010.2.02</xsl:text>.....</xsl:when>.......<xsl:when test="b:XslVersion">......<xsl:text>2008</xsl:text>.....</xsl:when>.... <xsl:when test="b:StyleNameLocalized">.. <xsl:choose>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1033'">.. <xsl:text>Harvard - Anglia</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1025'">.. <xsl:text>Harvard - Anglia</xsl:text>.. </xsl:when>.. <x
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):294178
                                                    Entropy (8bit):4.977758311135714
                                                    Encrypted:false
                                                    SSDEEP:6144:ydkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:b
                                                    MD5:0C9731C90DD24ED5CA6AE283741078D0
                                                    SHA1:BDD3D7E5B0DE9240805EA53EF2EB784A4A121064
                                                    SHA-256:ABCE25D1EB3E70742EC278F35E4157EDB1D457A7F9D002AC658AAA6EA4E4DCDF
                                                    SHA-512:A39E6201D6B34F37C686D9BD144DDD38AE212EDA26E3B81B06F1776891A90D84B65F2ABC5B8F546A7EFF3A62D35E432AF0254E2F5BFE4AA3E0CF9530D25949C0
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt"......xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.....<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="/">....<xsl:call-template name="Start"/>...</xsl:template>.....<xsl:template name="Start">....<xsl:choose>.....<xsl:when test="b:Version">......<xsl:text>2010.2.02</xsl:text>.....</xsl:when>.......<xsl:when test="b:XslVersion">......<xsl:text>2006</xsl:text>.....</xsl:when>.. <xsl:when test="b:StyleNameLocalized">.. <xsl:choose>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1033'">.. <xsl:text>IEEE</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1025'">.. <xsl:text>IEEE</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameL
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):270198
                                                    Entropy (8bit):5.073814698282113
                                                    Encrypted:false
                                                    SSDEEP:6144:JwprAiaR95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:We
                                                    MD5:FF0E07EFF1333CDF9FC2523D323DD654
                                                    SHA1:77A1AE0DD8DBC3FEE65DD6266F31E2A564D088A4
                                                    SHA-256:3F925E0CC1542F09DE1F99060899EAFB0042BB9682507C907173C392115A44B5
                                                    SHA-512:B4615F995FAB87661C2DBE46625AA982215D7BDE27CAFAE221DCA76087FE76DA4B4A381943436FCAC1577CB3D260D0050B32B7B93E3EB07912494429F126BB3D
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):217137
                                                    Entropy (8bit):5.068335381017074
                                                    Encrypted:false
                                                    SSDEEP:6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P
                                                    MD5:3BF8591E1D808BCCAD8EE2B822CC156B
                                                    SHA1:9CC1E5EFD715BD0EAE5AF983FB349BAC7A6D7BA0
                                                    SHA-256:7194396E5C833E6C8710A2E5D114E8E24338C64EC9818D51A929D57A5E4A76C8
                                                    SHA-512:D434A4C15DA3711A5DAAF5F7D0A5E324B4D94A04B3787CA35456BFE423EAC9D11532BB742CDE6E23C16FA9FD203D3636BD198B41C7A51E7D3562D5306D74F757
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>...... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$parame
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):254875
                                                    Entropy (8bit):5.003842588822783
                                                    Encrypted:false
                                                    SSDEEP:6144:MwprAnniNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:a
                                                    MD5:377B3E355414466F3E3861BCE1844976
                                                    SHA1:0B639A3880ACA3FD90FA918197A669CC005E2BA4
                                                    SHA-256:4AC5B26C5E66E122DE80243EF621CA3E1142F643DD2AD61B75FF41CFEE3DFFAF
                                                    SHA-512:B050AD52A8161F96CBDC880DD1356186F381B57159F5010489B04528DB798DB955F0C530465AB3ECD5C653586508429D98336D6EB150436F1A53ABEE0697AEB9
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>...</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />......<xsl:variable name="prop_EndChars">.....<xsl:call-template name="templ_prop_EndChars"/>....</xsl:variable>......<xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$parameters" />......
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):344303
                                                    Entropy (8bit):5.023195898304535
                                                    Encrypted:false
                                                    SSDEEP:6144:UwprANnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:6
                                                    MD5:F079EC5E2CCB9CD4529673BCDFB90486
                                                    SHA1:FBA6696E6FA918F52997193168867DD3AEBE1AD6
                                                    SHA-256:3B651258F4D0EE1BFFC7FB189250DED1B920475D1682370D6685769E3A9346DB
                                                    SHA-512:4FFFA59863F94B3778F321DA16C43B92A3053E024BDD8C5317077EA1ECC7B09F67ECE3C377DB693F3432BF1E2D947EC5BF8E88E19157ED08632537D8437C87D6
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$pa
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):250983
                                                    Entropy (8bit):5.057714239438731
                                                    Encrypted:false
                                                    SSDEEP:6144:JwprA6OS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:uP
                                                    MD5:F883B260A8D67082EA895C14BF56DD56
                                                    SHA1:7954565C1F243D46AD3B1E2F1BAF3281451FC14B
                                                    SHA-256:EF4835DB41A485B56C2EF0FF7094BC2350460573A686182BC45FD6613480E353
                                                    SHA-512:D95924A499F32D9B4D9A7D298502181F9E9048C21DBE0496FA3C3279B263D6F7D594B859111A99B1A53BD248EE69B867D7B1768C42E1E40934E0B990F0CE051E
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):51826
                                                    Entropy (8bit):5.541375256745271
                                                    Encrypted:false
                                                    SSDEEP:384:erH5dYPCA4t3aEFGiSUDtYfEbi5Ry/AT7/6tHODaFlDSomurYNfT4A0VIwWNS89u:Q6Cbh9tENyWdaFUSYNfZS89/3qtEu
                                                    MD5:2AB22AC99ACFA8A82742E774323C0DBD
                                                    SHA1:790F8B56DF79641E83A16E443A75A66E6AA2F244
                                                    SHA-256:BC9D45D0419A08840093B0BF4DCF96264C02DFE5BD295CD9B53722E1DA02929D
                                                    SHA-512:E5715C0ECF35CE250968BD6DE5744D28A9F57D20FD6866E2AF0B2D8C8F80FEDC741D48F554397D61C5E702DA896BD33EED92D778DBAC71E2E98DCFB0912DE07B
                                                    Malicious:false
                                                    Preview:PK.........R.@c}LN4...........[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.....D....>.V...f-}..r9....=..Mn..U..5.(.....a...E..b....*..w.$...,O_fu."[P..WU=.;.....5..wdt..y1.......i.44-.r....;./.biG.Cd.n.j.{/......V....c..^^.E.H?H.........B.........<...Ae.l.]..{....mK......B....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):47296
                                                    Entropy (8bit):6.42327948041841
                                                    Encrypted:false
                                                    SSDEEP:768:ftjI1BT8N37szq00s7dB2wMVJGHR97/RDU5naXUsT:fJIPTfq0ndB2w1bpsE
                                                    MD5:5A53F55DD7DA8F10A8C0E711F548B335
                                                    SHA1:035E685927DA2FECB88DE9CAF0BECEC88BC118A7
                                                    SHA-256:66501B659614227584DA04B64F44309544355E3582F59DBCA3C9463F67B7E303
                                                    SHA-512:095BD5D1ACA2A0CA3430DE2F005E1D576AC9387E096D32D556E4348F02F4D658D0E22F2FC4AA5BF6C07437E6A6230D2ABF73BBD1A0344D73B864BC4813D60861
                                                    Malicious:false
                                                    Preview:PK........<dSA4...T...P.......[Content_Types].xml ...(........................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^\-o..D....n_d.jq...gwg.t........:?/..}..Vu5...rQ..7..X.Q."./g..o....f....YB......<..w?...ss..e.4Y}}...0.Y...........u3V.o..r...5....7bA..Us.z.`.r(.Y>.&DVy.........6.T...e.|..g.%<...9a.&...7...}3:B.......<...!...:..7w...y..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):34415
                                                    Entropy (8bit):7.352974342178997
                                                    Encrypted:false
                                                    SSDEEP:768:ev13NPo9o5NGEVIi3kvH+3SMdk7zp3tE2:ev13xoOE+R3BkR7
                                                    MD5:7CDFFC23FB85AD5737452762FA36AAA0
                                                    SHA1:CFBC97247959B3142AFD7B6858AD37B18AFB3237
                                                    SHA-256:68A8FBFBEE4C903E17C9421082E839144C205C559AFE61338CBDB3AF79F0D270
                                                    SHA-512:A0685FD251208B772436E9745DA2AA52BC26E275537688E3AB44589372D876C9ACE14B21F16EC4053C50EB4C8E11787E9B9D922E37249D2795C5B7986497033E
                                                    Malicious:false
                                                    Preview:PK.........Y5B#.W ............[Content_Types].xml ...(...................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.....D....>.V...f-}..r9....=..Mn..U..5.(.....a...E..b....*..w.$...,O_fu."[P..WU=.;.....5..wdt..y1.......i.44-.r....;./.biG=.HK...........&o[B....z.7.o...&.......[.oL_7cuN..&e..ccAo...YW......8...Y>.&DVy...-&.*...Y.....4.u.., !po....9W....g..F...*+1....d,'...L.M[-~.Ey. ......[
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):3465076
                                                    Entropy (8bit):7.898517227646252
                                                    Encrypted:false
                                                    SSDEEP:98304:n8ItVaN7vTMZ9IBbaETXbI8ItVaN7vTMZ9IBbaEiXbY:8ItwNX9BvTvItwNX9BvoM
                                                    MD5:8BC84DB5A3B2F8AE2940D3FB19B43787
                                                    SHA1:3A5FE7B14D020FAD0E25CD1DF67864E3E23254EE
                                                    SHA-256:AF1FDEEA092169BF794CDC290BCA20AEA07AC7097D0EFCAB76F783FA38FDACDD
                                                    SHA-512:558F52C2C79BF4A3FBB8BB7B1C671AFD70A2EC0B1BDE10AC0FED6F5398E53ED3B2087B38B7A4A3D209E4F1B34150506E1BA362E4E1620A47ED9A1C7924BB9995
                                                    Malicious:false
                                                    Preview:PK.........Y5B................[Content_Types].xml ...(.................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^.....g.../i..b../..}.-......U.....o.7B.......}@[..4o...E9n..h...Y....D.%......F....g..-!.|p.....7.pQVM.....B.g.-.7....:...d.2...7bA..Us.z.`.r..,.m."..n....s.O^.....fL.........7.....-...gn,J..iU..$.......i...(..dz.....3|
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):19360
                                                    Entropy (8bit):7.468741288266816
                                                    Encrypted:false
                                                    SSDEEP:384:Jrt+BNxt/ZtNNUUDWmaL+ywdMqRD7WF+TOq64P9kSWk:VAxllNDeLPuHLNx4k
                                                    MD5:67A45D323B1064CE7F4453B036A4B6BC
                                                    SHA1:392175259C809F29FF9337D85574925DF2583C11
                                                    SHA-256:A19FDEEC7BA297340AD1B7667C07595AA51BE3B51CA6B36AC6A86676DF16256F
                                                    SHA-512:4707DC5CE2B0AFB144FA7FA9221BFD0606B5A3C0C64B737B8265292435BD84CE0458B81B1B2E7209AAC0814E56C9AD9AC0832F84BDF28C2589A30AA4FBFFA72E
                                                    Malicious:false
                                                    Preview:PK..........!.Q3.p............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-J\X ......J..0....K......H...R*.D.g..3.H....M!`.l.....J.j;*...>.b.Fa...B....wz...<`F..K6.._s.r.F`.<X.T....7....U.._t:.\:...<&....A%&:f.9..H.hd..*1y.Lx.k)".........e..k.g.....)....&......A...3..WNN.U..e...<....'4(.....x.....nh.t.....p7..j..s...I@.w6.X..C.Tp...r+..^..F.N...".az...h.[!F.!...g...i"...C..n9.~l...3.....H..V..9.2.,)s..GZD..mo6M..a.!...q$.......O..r-.........PK..........!.........N......
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):162
                                                    Entropy (8bit):3.5402134676870975
                                                    Encrypted:false
                                                    SSDEEP:3:KVGl/lilKlRAGl/hhlNbGpFQNoPvF+XMZlSFc2ELlX6+KT:KVy/4KDZyp2NS+iS6RRX6RT
                                                    MD5:9B43D7809A2EE026E0AB9D7B2BA89AD5
                                                    SHA1:EE07AC2D353C0E56882A935E8F627CEDDCD66AFB
                                                    SHA-256:6058D4AB0360BA9FC9E9F64681A8016C0AD45A63BBC5D0C00598CECBC11963AD
                                                    SHA-512:23B4650DB860B3BB8078F7BDE97FF230D685A7A636B16DCA69A9C3B766C2D197672BB8127FB480AAF3435178A6D2EF44A1B01F5F21CA427BF0B2FC6CE99CC3FE
                                                    Malicious:false
                                                    Preview:.user..................................................j.o.n.e.s...................\..5..Xz.kM...P .....i..........\..F...\..eN..eN.M............eN......6...F..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):19360
                                                    Entropy (8bit):7.468741288266816
                                                    Encrypted:false
                                                    SSDEEP:384:Jrt+BNxt/ZtNNUUDWmaL+ywdMqRD7WF+TOq64P9kSWk:VAxllNDeLPuHLNx4k
                                                    MD5:67A45D323B1064CE7F4453B036A4B6BC
                                                    SHA1:392175259C809F29FF9337D85574925DF2583C11
                                                    SHA-256:A19FDEEC7BA297340AD1B7667C07595AA51BE3B51CA6B36AC6A86676DF16256F
                                                    SHA-512:4707DC5CE2B0AFB144FA7FA9221BFD0606B5A3C0C64B737B8265292435BD84CE0458B81B1B2E7209AAC0814E56C9AD9AC0832F84BDF28C2589A30AA4FBFFA72E
                                                    Malicious:false
                                                    Preview:PK..........!.Q3.p............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-J\X ......J..0....K......H...R*.D.g..3.H....M!`.l.....J.j;*...>.b.Fa...B....wz...<`F..K6.._s.r.F`.<X.T....7....U.._t:.\:...<&....A%&:f.9..H.hd..*1y.Lx.k)".........e..k.g.....)....&......A...3..WNN.U..e...<....'4(.....x.....nh.t.....p7..j..s...I@.w6.X..C.Tp...r+..^..F.N...".az...h.[!F.!...g...i"...C..n9.~l...3.....H..V..9.2.,)s..GZD..mo6M..a.!...q$.......O..r-.........PK..........!.........N......
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):2
                                                    Entropy (8bit):1.0
                                                    Encrypted:false
                                                    SSDEEP:3:Qn:Qn
                                                    MD5:F3B25701FE362EC84616A93A45CE9998
                                                    SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                    SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                    SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                    Malicious:false
                                                    Preview:..
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):484249
                                                    Entropy (8bit):7.984757172360552
                                                    Encrypted:false
                                                    SSDEEP:12288:L3bAeAzYVnSbT77gH4UCO0NEXbnbjXLD1I4edM:LUeAmnSbTYbXrnX7hXgM
                                                    MD5:5A95CFF62D9C57C2B57E5326408FFF97
                                                    SHA1:81E88088642C0290DC95E6E9254776FED587B5B7
                                                    SHA-256:4A2B3A87B61D9A5C4C698CAC1E3316C64D9D37AE18355A7E327E68ED0C408973
                                                    SHA-512:4CEFFAC9395A94F43E34DCCAD7859A559DE69A2F1A790F98547719B98AF7AB0971D4F578485595182BF60F412924C770C51EF723C67358D905F9D140F50E0837
                                                    Malicious:false
                                                    Preview:PK..........!...4....J.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................WKo.0.....0t-b....C.....X..Xt.M/HL...Qvb..S.K._.... E........BT...,...l.....:.dYDa...B.6.......n.!f...`+D...X....;.."..F .%...#.....^:.`q....g7P.....#=n....d.u.....L"..|....o.!.y7"..O .{.J....V>)..-='d..W..SJ..".....tfAI.nE.o.P..pAr..!d.2M.OWU.....|p%.H.`t.F.Pv..G..../..B0...xv...4.A@.m..........f..&"n4.w....."..0.e...........H..Z.C.FK.k...........p.;..AC|...h.....!>...#......G..y....W....'=..0D...&.vUh....j
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):162
                                                    Entropy (8bit):4.83040639119635
                                                    Encrypted:false
                                                    SSDEEP:3:KVGl/lilKlRAGlwkrG0vnJLEURgXq2Dttdhk/w3ln4Ahr:KVy/4KDVrlhvRQxT3lnf
                                                    MD5:568E9A6F70190700C648AB6B42F484C9
                                                    SHA1:3682F79EF81678597FD87F94D2BD210723871D91
                                                    SHA-256:04CACD2166C7B8BB125D96AA49C91C187780D9E5364A67E0659DFD040A89A1A8
                                                    SHA-512:115D85B5CDDB37E434B89C6DEB14D8C3B57C131AE690AC24A4C544146A7E21F499558B63B697A3AA9D6FA27ED219BC4CB331A570262BB629677355F5A79D3524
                                                    Malicious:false
                                                    Preview:.user..................................................j.o.n.e.s...K.L.M.\.^.........G.Ol.....#.i!.K.L.....<..S.=.Q.H2...D..H.&;.........al(..}..i....x...=.i
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:Microsoft Word 2007+
                                                    Category:dropped
                                                    Size (bytes):484249
                                                    Entropy (8bit):7.984757172360552
                                                    Encrypted:false
                                                    SSDEEP:12288:L3bAeAzYVnSbT77gH4UCO0NEXbnbjXLD1I4edM:LUeAmnSbTYbXrnX7hXgM
                                                    MD5:5A95CFF62D9C57C2B57E5326408FFF97
                                                    SHA1:81E88088642C0290DC95E6E9254776FED587B5B7
                                                    SHA-256:4A2B3A87B61D9A5C4C698CAC1E3316C64D9D37AE18355A7E327E68ED0C408973
                                                    SHA-512:4CEFFAC9395A94F43E34DCCAD7859A559DE69A2F1A790F98547719B98AF7AB0971D4F578485595182BF60F412924C770C51EF723C67358D905F9D140F50E0837
                                                    Malicious:false
                                                    Preview:PK..........!...4....J.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................WKo.0.....0t-b....C.....X..Xt.M/HL...Qvb..S.K._.... E........BT...,...l.....:.dYDa...B.6.......n.!f...`+D...X....;.."..F .%...#.....^:.`q....g7P.....#=n....d.u.....L"..|....o.!.y7"..O .{.J....V>)..-='d..W..SJ..".....tfAI.nE.o.P..pAr..!d.2M.OWU.....|p%.H.`t.F.Pv..G..../..B0...xv...4.A@.m..........f..&"n4.w....."..0.e...........H..Z.C.FK.k...........p.;..AC|...h.....!>...#......G..y....W....'=..0D...&.vUh....j
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:ggPYV:rPYV
                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                    Malicious:false
                                                    Preview:[ZoneTransfer]....ZoneId=0
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):645
                                                    Entropy (8bit):7.559964658368269
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iXra9/Oso2YyJ2HyhBnfa7mg0lXdunW1ub09pTihao/DV54bKK7:gOsoGWGBniDmXdunWc0LyOt
                                                    MD5:5FB9B6374371EE43814D45058C396A6E
                                                    SHA1:59E4510ADCEEA80E4CA1A54553850E419312C661
                                                    SHA-256:F43A777B06A24810664F3F657EF9D87EB5BCBCC63FA14EEB52F919AA486BE835
                                                    SHA-512:309A5CCD2343EB9D35644A6F2EAC2F043F5B76A7B58030D351865A421D142770A3DC5F15D45853D9704825E4C648DC8DAAE7049B81A7CFA3BBA1632488EE1127
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_10.png
                                                    Preview:.PNG........IHDR.....................sRGB........?IDAT8O..9.Wg....sM......"D.W...A....P...I....7....N.Z.Z..0...%.......B.....'.........3.9s...w...F..^)...Z.{.s.W..s|......$ZN....5f.,.W.!..9......j..$..-U.3..*^a..u..#..K|...S<..%..._L.]../Z4.G....0n .%...,..Z....?.!{%..-.@.K......@-/.mMB......?.q.O..v.~^.|...R<..P...R..}q...o.|........fv......,....\+.#.....Q.?...,.h6....1N.Sd...?.+F...ZD...EK..Kc...!.....7..&...w.7`}.p.4...'..n.k.1.y..w......urw ......._.....H]...$z...2i....l|.....=..i6...\..?X....H..C..=....H.Z.,u,+O.....0.M..:.:%..B\.q.8.{..uJ...p4...yx...?..S......t..d..O.......s.ofr.-..;.9........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x182, components 3
                                                    Category:downloaded
                                                    Size (bytes):126365
                                                    Entropy (8bit):7.974999044640615
                                                    Encrypted:false
                                                    SSDEEP:1536:W/Yj2UE7XNVcz7TL8pCJEgQGlph/tshW1lYKykNwT7/llVm9l8H4/nt2nZ53q/dW:EdXNVcf3egzZUrk+T34wH02nT6/dhsxV
                                                    MD5:F34D087D3AD6E8D706E14A6D1DA499E0
                                                    SHA1:8AB48829F81E4ADCEFB6F0619AF34438780030CB
                                                    SHA-256:1FFF48D144C82599841E1DE79E35E47B77C3C2CA16F2B98AE84B21FD5FD4B8D0
                                                    SHA-512:7337EAC96AD43AB61D5A755F4E2B45759A57EE7CF5804C8C33DD9E72680898D190A6269B4CD825E227F9C88C932AA1C08FCFA991F64142F667670FD73E4B3487
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20247/73770684308FF82FEB23A0C4B115EFFE.jpg
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:DC2928974F1711EFBBD4AA51360F33BF" xmpMM:DocumentID="xmp.did:DC2928984F1711EFBBD4AA51360F33BF"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DC2928954F1711EFBBD4AA51360F33BF" stRef:documentID="xmp.did:DC2928964F1711EFBBD4AA51360F33BF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:downloaded
                                                    Size (bytes):196299
                                                    Entropy (8bit):7.971651336670829
                                                    Encrypted:false
                                                    SSDEEP:3072:fzcVc4KxrlmyMD+NWsJPLNWjo2Fo70gi5c8GhfWoO7kVNzNHmXBewuluB2duzs0K:KcZm3Dj4NeLsfWB6zdmxVnBsuzs0+jWW
                                                    MD5:4F46FB9A5363A3C3F3529329D9CD564B
                                                    SHA1:D5D9B91D8F54652D8546CC0125C9EF08A5A8378E
                                                    SHA-256:1A59C93712A22421F08846BDFC8A7D361C813A544BDA6A9F698F260B570D2DE6
                                                    SHA-512:8A5D685499B87431CD742E40C553AC922E81DBDBA281FE8DC7CF1761607ADC98D6ABDA84BD6AC9AE604CCDE11CE28BD5F095D8C9EC84C49B5A1878B2BC9F2308
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/f4eeef69de694af5b632819bcf8847bd.jpg
                                                    Preview:......JFIF.............C....................................................................C.......................................................................q...."..........................................\.........................!...1.AQ."aq..2.....#...3B...$45Rr.%bst..6Cu7Sv.....8...&9DEc......................................R.......................!..1A..Qa"q...2...#...B....3Rr..$Cbs..456t..%w..7EScuv...............?...U..*.K.V..8 |>....y.).(.)l.H.PV.rs....zw.8&.}!...+......u..."..\..Z...L6.V.JX).........[..R.WQ..t.M......F.).7.OR...u...=..n.2.^[.B.......3....%H.]I..}.9...?...~.....Gy.A).\h+p...;......sH.P..g..v.....'i.E.......;.{.V.x.*.{......._n1..4.v#....<m....J.......}7.c.YK.....l{.....e.^I..P..|goL...c...RG..5..?..J.........%.....I?..M.x?r.i.AVRGo..xMi.):R0...`c....\(.A..TIV7'.n....x.CgbI-g....U..C..A.|..2A.c.......~1..m.......!..~.dIH.8...?_....O/r.T....oO.8...oJ.......W...a.0t.<.....y...................NO..~_w...N......o...dl(..=.=../.w.6S.{
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 6 x 11, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):245
                                                    Entropy (8bit):6.658967091038261
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPkNMRjAAcVAsYEqYUmg70TlRF0icTevExltjp:6v/78CjAAcTqTj7Kl3+aEN
                                                    MD5:59521C2CE7F6172299173DF0F65F6E28
                                                    SHA1:D52C1B8DACAFA0C7C20A8FE4648178C3D0003A7B
                                                    SHA-256:3EB91F60810D0AE50A8DE43E630A358D6066AF74D3B634529B073B33E1AA9346
                                                    SHA-512:21D7A954D050DF43DE601D9C6BED44F91233E84BCDFE46F3D7CE7E7C0B42CCA9AE1EF49F4D015F10261B73DAF1522E8C74D1EB1D4241A2436A6FECA57FA56B15
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/544969427e014b20930d193bb60360eb.png
                                                    Preview:.PNG........IHDR.............\R......sRGB.........IDAT(SU....0.Dgs).CO...,z.i.....zH!...*^Dp...F.o..!c..g.....xC..m.J.=3..i.g(..HDuQ.a...@.In....af.Bx&E.Z...U.|....c..p..]..c..9...Ck} ..s......@5....J...4M..>.zH..,.?7....HB.l......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC (Windows), datetime=2024-03-12T10:20:39+08:00], baseline, precision 8, 1920x637, components 3
                                                    Category:downloaded
                                                    Size (bytes):337811
                                                    Entropy (8bit):7.970831348192287
                                                    Encrypted:false
                                                    SSDEEP:6144:V3ngPxKJ4/4pa+pvha2inyUBIaNRG3IhZQVddNoL6ZCkHIyYDCAtMBASpz1:V34xoK4s+m2iyUmaNkrdzZX3kCAtMBAQ
                                                    MD5:A053A7FCD3F3402DAADD3427AA0AC5A1
                                                    SHA1:9158C0169CE7348DEA7D1CBFE9F42C715A78AEDB
                                                    SHA-256:EB7306BB4A9291592059FA2EA5B1E9417ACAB522973CFF65E570FAE736627DB6
                                                    SHA-512:3843EC7ABED0755C4C26FD4D75170943078EB24834311E272C6E78DA282C8C99F19211A1C433D3C1D9F2B4468AA4334EC7E14F4C3F2E448260488801F690A9F0
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20243/7385b452cd964f1093b3e3222948a4c5.jpg
                                                    Preview:......Exif..II*.......1.......2...2.......P...i.......j.......Adobe Photoshop CC (Windows)..2024-03-12T10:20:39+08:00...........0220........q.......................}.......}.........Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmp:CreateDate="2024-03-12T10:05:24+08:00" xmp:ModifyDate="2024-03-12T10:20:39+08:00" xmp:MetadataDate="2024-03-12T10:20:39+08:00" dc:format="image/jpeg" xmpMM:InstanceID="xmp.iid:1E449E43E01711EE923E93005AE8BC1B" xmpMM:DocumentID="xmp.did:1E449E44E01711EE923E93005AE8BC1
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 29 x 17, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):556
                                                    Entropy (8bit):7.459267764386108
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7JgYlq1LO23svd8f2n7l8ui/tSrKhIdKCNVPwE7q9:lI4LO23SdgAhRo8rK6dxVPv29
                                                    MD5:851519C0C46DD258C9FCE9134614F45B
                                                    SHA1:5D9A9251C98CF1795B18F31BB0E7AED51ABB8D9D
                                                    SHA-256:41F0F2B781B8F8D7088458C304EB861C36B75FDE783E9DE90B4B942CBD6990FB
                                                    SHA-512:FB6738C54A68C0E187870AF102B07D45346876E9AB41CD2D99072250336AF85E948F9F10F40683D392E50ABAF03A119AD9CA4CF4056D6874D800B93EC0CCD9D5
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/mob_zjyw01.png
                                                    Preview:.PNG........IHDR.............!Q.t....sRGB.........IDATHK..MKUQ....kHP........y.Q.N....D.....@..j..A..5...4m.?@....=.-.............."b....fk.....S..o.._.3..0........F.................7`..&"..O....n.7L.m.$....l....#.60..<F...3.....5"ZYiKR;"....5..TZ:gS.#.....J.4.............iIo.....V.3....T.&`..,.D.b...M.R....q.......I............%p...g.s/... "\...L][..'.E.5p.X...x...LA.*U.:}...c]J.O..{....j...6",. .kz.....E2...".t..%i%g...k'O..fs....l9m.\...*....`.M-O.....).6RU..V......=....~iS.>...[i..~...f%.;..w..:s.(2i......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):2300
                                                    Entropy (8bit):4.68357507948936
                                                    Encrypted:false
                                                    SSDEEP:48:cPDEBlFBWhKS+zJN/v+oKIZHBwFdlSBbm/EFHVR:QEBPBYKxzJNnEIJBsbSBbmAR
                                                    MD5:09003B99A664EEF6A1513C4EB35BD352
                                                    SHA1:5541953023981FB3A0BB072C2CEA0F2FA9A70237
                                                    SHA-256:C89AE452EC3CD4E3A6843C26ECCC2FAFE1380DD8352F810E21E6C0EDCBA4F28C
                                                    SHA-512:BA20BB8DD163248BC1B4671E486CCDD48369822BE7BC299FED897DE32B1D773A020C89686BBDE21294AFFA604D4F77EFAC6B9783248D780E17DFA731F0D7776D
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/img/share_friend.svg
                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="48px" height="48px" viewBox="0 0 48 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>share_friend</title>. <g id="..-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="share_friend" fill-rule="nonzero">. <circle id="..." fill="#0266B3" cx="29.2" cy="13.4" r="1.9"></circle>. <circle id="..." fill="#0266B3" cx="29.2" cy="31.5" r="4.1"></circle>. <path d="M24,0.5 C11,0.5 0.5,11 0.5,24 C0.5,37 11,47.5 24,47.5 C37,47.5 47.5,37 47.5,24 C47.5,11 37,0.5 24,0.5 Z M29.2,37.5 C25.8,37.5 23.1,34.8 23.1,31.4 C23.1,30.6 23.3,29.8 23.6,29 L19,25.4 C18.3,25.9 17.4,26.2 16.4,26.2 C13.9,26.2 11.8,24.1 11.8,21.6 C11.8,19.1 13.9,17 16.4,17 C17.7,17 18.9,17.5 19.7,18.4 L25.4,14.4 C25.3,14.1 25.2,13.7 25.2,13.4 C25.2,11.2 27,9.5 29.1,9.5 C31.2,9.5 33,11.3 33,13.4 C33,15.6 31.2,17.3 29.1,17.3 C28,17.3 27.1,16.9 26.4,16
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):9988
                                                    Entropy (8bit):4.389729577080175
                                                    Encrypted:false
                                                    SSDEEP:96:z1D7/GyW/gS+jeYkXG3G75GAv9ePWrIO0CzkL33u31kFBoKo5vIRGCmPzfE2ZjC:ZD7Gff+jUFePWrIdRTBwqQPzc2U
                                                    MD5:B108A04C5653893DC68181B5B6C4039F
                                                    SHA1:E3DF68CD2F8518F4E005FDBFF485334A1076FE82
                                                    SHA-256:AC48C154BB11EA9A54385784073113326B14F23F5E9437AB464229BEC90DB1AF
                                                    SHA-512:823BFD34BC9B670B73E3ED7F1A4FE19302C95BF923FF266D720CF0B4877D50F6952AB4CAEB1E6A04E565C9C8B701A4F6C79D09FFB15D920163EB1C7C19E47E1E
                                                    Malicious:false
                                                    Preview:..(function(root, factory) {.. if (typeof define6 === 'function' && define6.amd) {.. define6(factory);.. } else if (typeof exports === 'object') {.. module.exports = factory(require, exports, module);.. } else {.. root.CountUp = factory();.. }.. }(this, function(require, exports, module) {.. .. /*.. .. countUp.js.. by @inorganik.. .. */.. .. // target = id of html element or var of previously selected html element where counting occurs.. // startVal = the value you want to begin at.. // endVal = the value you want to arrive at.. // decimals = number of decimal places, default 0.. // duration = duration of animation in seconds, default 2.. // options = optional object of options (see below).. .. var CountUp = function(target, startVal, endVal, decimals, duration, options) {.. .. var self = this;.. self.version = function () { return '1.9.3'; };.. .. // default options.. self.options = {.. useEasing: t
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:dropped
                                                    Size (bytes):193584
                                                    Entropy (8bit):7.965177018666499
                                                    Encrypted:false
                                                    SSDEEP:3072:h2C7z1be+S/BsbXOfaXD2+jgAWAOw+AtvHWCqkqiTr187rV2w10bwU6ALODk3u3R:P/V4BDPNANtJjq4wjKLaDke3Q8IE
                                                    MD5:85DA59791EC54A4C86B28C0C5BA9411C
                                                    SHA1:F402B0108D924AF654DAFE59E53A44CA1392DDAD
                                                    SHA-256:CA6D141B6AE60A057DC219444AB0201BFDD98AB3F7F01B4FF90ADD005F84FC7E
                                                    SHA-512:9A749FB39483FEBDC58A5239750E1DBD783F1B9146F43F3DDABAC5E204F6A4DCE9C75789E43918A43F176A967A812BD299C72FE9EE6CAC06CE04142AE97331A6
                                                    Malicious:false
                                                    Preview:......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................q...."...........................................a.........................!..1.A.."Q2aq..#...B...$3..Rr..%456bs..&78Ctuv.......9x....'Ew.FScy......................................M......................!...1.AQ.."aq.2........#3B...Rbr.$4..%5Csu..c.tv................?.......lg....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.682873598437663
                                                    Encrypted:false
                                                    SSDEEP:12288:qJJQFPfTlKrwkWtcEqcKOfp9gd0qOZ+W9f8FS:cJQFBXkQnqc8dYH
                                                    MD5:995AFDE0E7958F3027934A9FED6A9866
                                                    SHA1:4278943C62336CD667C15096111CC49AFBB9386D
                                                    SHA-256:A29E8078505F4A8D239828DE2882C7B16EF98004494712479F0D69C955B823AF
                                                    SHA-512:F55E8EE9BD0EF1185013A0A49C3D2B4D916A12D77D318BF9769D102FD50B4F04A5B117C9898F28C20DEE6D9A941A70E3CB3342ECAEEB16F818ABC8254F834294
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.|...z...z...{...}...~.......................l_w.C&5.1...,...A(G.j`..........wt..lc..hX..k^..fd..\\..XV~.WZ..W]..\^..`a..gi..ru..y~..|...}...........}...}...|...|...z...{...........}...{...z...x...pz..ah..U[..X`..]g..eo..iq..U\~.=A^.3;V.4>W.9C_.DNq.U`..fp..pz..u~..w~..u}..pv..ty..z...w...rz..^d....D...$.......................................................................................................&...)...*...(... ...................................................................................#..!0.<AX.V[|.Y^..Z_..Y_..Y_..[`..\a..[a..[c..\b..\b..\d..[b..NS~..#@.......&...*..*8.>Id.JT|.FPx.3=]..#>...-...!...%...&....................."...'...+.&...+.1.0.=.".F...I...I...F...;.!.&.#...$...%...(...1..)@.'/J.+0N..0O../O.-/N..0O.03O.&'=. !6.()E.+,J.+,L.-.J.55N.[Xo.........hp..>B^.21K.VWt.ch..05Z.AGo.ku..r}..[d..FH_.POk.\Y~.KEo.A<e.a_..d_.._Y..\W~.]X..\X..^Y..b^..a`..fc..je..pj..jf..KIe.77M. !1..!/.EH].pr..........V\..(-L.$-H.@Io.W`..\d.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.208271873957265
                                                    Encrypted:false
                                                    SSDEEP:12288:8DxdTdWi2TaTxl1N7k49ODVxGwA7N9SJmh+F7O3:8Dxz3syTMDVoN8JUg7O3
                                                    MD5:EC791B184AB743F5AFFD5423841AF66F
                                                    SHA1:52E1B51161B20CFE1CB8214A1DE1B7C7203169CA
                                                    SHA-256:A84CB9D1F8829B5B8E8B1A8C19755842869DDA57EFCB3F7A031F30F550E2A2EC
                                                    SHA-512:1DDB29978BDDA425F337E526B3EF4749E9AC34C690AB413998026F68A879F150C3090B5AAF02B09C4CE99796D87EFF7D3835F7C05452C7ACFF83B438A402B69C
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/Sd9155026ae91437691cfa9f7ca73f264-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.,La.3Rh.;Vh.1Md.0Gf.7Ia.,BX.,AW..BW.,?N.$3A..*9.$)9."+;..*;..*9.!)6.!*9.$-=.&.=.*0>.+1?.-1D.+3E.+6G.*8E.)8C.(6?.,89.+25.,.7.*/8.'07.)18.+/8.+/8.)08.)/7.+08.*.7.*.7.+/8.)/7.)/7.,.9.02:.129.217.427.529.74;.:7>.;8?.:8?.<;A.@?G.A?I.A?J.BCL.EFP.EHQ.EIT.IMY.MP].PSb.SXe.SXf.KPc.JNa.FK].EL\.EL\.CK\.@HY.?IU.?GX.AJZ.FJZ.SO].\Xb.ffg.iic.pmk.wvz.hhs.JLe.DFm.GQs.en~.w...t{..ho..Si~.L^t.^^m.]]m.^co.bkm.^df.VXa.YXd.XWc.PQ`.OL^.IId.LLh.UUn.YZs.WYt.QVq.NNs.KEq.C<i.:8U.<:R.<:N.>9J.@:H.D;I.A=I.C=I.EBM.FCN.G@J.G@G.<>@.36=.,2<.)2=.(2=.*3?.*4@.*3@.(2>.)2@.(1@.(1@.(1@.(1@.'3A.&4B.)3B.'3C.*6F.+5G.*7J..=O.:?N.gfg.\eg.@Ki.:Kq.?Vx.Jc{.`r..gr..at..Pr..De|.<]w.8Xr.3Pn..Il.+Gl.-In.1Im.0Lj.0Ni.6Nj.>Pl.QZn.w|..kn..bfw.fkr.bgl.Y\d.QQW.IKS.FHW.GIX.HJ`.ILa.KM`.KJ\.HK^.JMa.MPc.MQe.MPd.PQe.PRe.OSf.PSf.QTg.PSf.OTg.PUi.RUj.VTj.UVg.SUg.TSf.VTg.WTh.YWj.TVe.RSb.NP[.ONV.QNU.NTX.PTX.RRY.QPZ.PNY.OMX.LMW.GHQ.EBK.@@K.:<J.6:I.16G.HM`.NPe.@@W.BBV.>?U.<;V.9;R.<;W.??\.JOj.JTj.LSj.PQi.OTi
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):2873
                                                    Entropy (8bit):5.032515959381224
                                                    Encrypted:false
                                                    SSDEEP:48:U1gv+jyVx2BegHppvkMFALhoj9jtevxNEl/YuRlgaYyKTQgQpMvQ:UtyVx2cgHppvb6LhoBIN0/ZljDKVQpF
                                                    MD5:1ED35ABFA5977EEFB9C92AF91BACE0EF
                                                    SHA1:25D79E21C6C3984CA15114E9A0C22410674F96F1
                                                    SHA-256:503972E16AB207ADB52D5875CB737BEC4197F212431F09CFE620CFD5CF676ADA
                                                    SHA-512:CE38901D7BC1DE0B062A72293E9BE9B136AC223B7BB45F69EA8F59CA4C154FAA976EC8D8F0D43504E28FB03018D9CFBE5B4F114CF5F4ADC93723D8F2524430F6
                                                    Malicious:false
                                                    Preview:.(function (factory) {..if (typeof exports === 'object') {...// CommonJS...factory(require('jquery'));..} else {...// Browser globals...factory(jQuery);..}.}(function ($) {...var pluses = /\+/g;...function encode(s) {...return config.raw ? s : encodeURIComponent(s);..}...function decode(s) {...return config.raw ? s : decodeURIComponent(s);..}...function stringifyCookieValue(value) {...return encode(config.json ? JSON.stringify(value) : String(value));..}...function parseCookieValue(s) {...if (s.indexOf('"') === 0) {....// This is a quoted cookie as according to RFC2068, unescape.......s = s.slice(1, -1).replace(/\\"/g, '"').replace(/\\\\/g, '\\');...}....try {....// Replace server-side written pluses with spaces.....// If we can't decode the cookie, ignore it, it's unusable.....// If we can't parse the cookie, ignore it, it's unusable.....s = decodeURIComponent(s.replace(pluses, ' '));....return config.json ? JSON.parse(s) : s;...} catch(e) {}..}...function read(s, converter) {...var v
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PDF document, version 1.5, 4 pages
                                                    Category:downloaded
                                                    Size (bytes):1248174
                                                    Entropy (8bit):7.533742301531168
                                                    Encrypted:false
                                                    SSDEEP:24576:fefTlrD2s7HDtQNBSWcwDM9ypXzkLHkTO4yEH:fCTlWs7RQNkWlM9ypDqkTO0
                                                    MD5:E994456A2D34639CD0833A2B4A07692C
                                                    SHA1:CC67FD2B25D87A1BF02BD6F1B267E054D95A0CCB
                                                    SHA-256:115756D7CCC1B58588778119483DFD4A133DD1ADB6FCE82D3EFE49A25CE92B46
                                                    SHA-512:0F85B402386E4B1809971C031D51DFA453D653A26903207BC265A5F5665A7B0E4EA15FE9B84922B94A31383FF055E1FA25C3307B5ECCBA3B3F259BDC664E83BF
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/preview/20240402/W242401214-83991
                                                    Preview:%PDF-1.5.%.....1 0 obj.<</Type/XObject/Subtype/Image/Width 86/Height 346/Length 7178/ColorSpace/DeviceGray/BitsPerComponent 8/Filter/FlateDecode>>stream.x..]wT....I..^..V\@...]..b.UX......+V..XVw-k/X..UTTPA..A....H...&.L2!.&...s..p2.y.....w.....}.o..7..C...J.F<&..D=.......`P....`T..&..`T.."..`T...R)..f..")...R.QA.x..hT..uXL.C"@.O.1...mnm..I.`..8...a........f,h..S.@....VE..m.$.O.`..FQ.....$.a...L.*.....,.....S.K.P..(+.SL....!.K......(.....H..P.B..|....e.......l..^.%....f.......`R.............B......@...PpK.....h.!....a...`"&>L..b.(..L0 C..9....[.@5.rG..j}_..3Rc..g.y.[...N.T.....i.../...j.M%.?...0....5.........E.^...Pr0C5.&i.<.hv.l.....~z...\^.3..F.IU.2"t.}.4QNG.A.....R....qW.@.~W.=....z..U..!...G.b.H...H~..e....B........[%....(.l.'........9.A..)A..W..N.._M.*..9#..jw......UJ......G.1.......x$Q:....fq.....P}.....N,.^.Q\.^.JsJ..GO...P}....&.sV=^_.(}+..dn.+;.....y..t.2QP.E....C.*..@.@.!J..j...Q....k...*......T.....K..ww.....}`.....8.p}.FB
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=20, height=3648, bps=254, width=5472], baseline, precision 8, 5448x3294, components 3
                                                    Category:dropped
                                                    Size (bytes):4005014
                                                    Entropy (8bit):7.97656772295358
                                                    Encrypted:false
                                                    SSDEEP:98304:KcP8Ih2qBpGLpkkK/aJLt3Iq05PaaQ2S6YXWs4pI8DpI2AbcMaLNc:KcEIYWpCkk1ZN05g4s9s1MaLNc
                                                    MD5:FA7A4BEDF261BBE4E59FFD25795DBA36
                                                    SHA1:962DDF924541347498582245DBB61B45844C4A97
                                                    SHA-256:2F3070100A9D5C858DCB76D4606FB25CA0832947A0A0EF404BAC9551D869A980
                                                    SHA-512:6F3BD0991AFA02973DEAD14422E60C963D5164C3FA7C6116B3C0FA9BAD7E2DBE313F71DB94C52884B7A29CC4986EE7390E87CED5CE55E81382B0759D83A41E39
                                                    Malicious:false
                                                    Preview:......JFIF.....`.`....".Exif..II*...............`...........@...................................................(.......................i...........%.......<...0...........2...........................................$...0...........1.......,...2.......:...4.......Z...5.......x...N...........H.......H.....+00:00..+00:00..+00:00..434029000514..........,.......................EF28-300mm f/3.5-5.6L IS USM..000021210f............................"...........'...................0231....................................................................................................................18..........18..........18..........0100........H.......................*.......................".......................................................................P...?........`.......`......................2...............................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):745
                                                    Entropy (8bit):7.660578489001142
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iTXILLY+BDvAlrUL6wVLmY2WX6NHGRM/QA4V5vl35hsmvJ3/t8Cm/38VXAPg:DiU+5AlQL6wVKWqNmG4lVPUs3183vgXF
                                                    MD5:CCDFD0EA71133C9A74E0320681967521
                                                    SHA1:8FAEB8E4B29EE62349FCF186093A5BA22A4B4EAD
                                                    SHA-256:1C059E18FDF36475B4810998659F0AF4E2DF67AC1CE851224B3C222BFC04200E
                                                    SHA-512:571AAA6BA3DC4D9D0024A9AFD35BA60344FDD7579B799D8C00A89351A71837BD5E4FB2D0669B69A7CA91BDE8A59C0E47DBBCAA58E924CDDD07C5C3F0C2D0820B
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_12.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8Oe.K.U....7/.6.q..D"%#).4A.#*.+.j..5I.4P....1I......$..A!T(m.Em.vA..BY...K...~=......u.^k.....k.Q....,..\.>l.....]u...<...(..Y.....1.}q....~.s.....g>.`x].%6.s.S..a2^.c...(.].p1...l.....y.....x.s1...E....0..M....%e..'.].......|...Ui.3.b:&...g*Vbt}.....9........3.@\....<..C..........8.Byq..v.$+..bJz.s..e.G0.....}4.5.0........Y.B....q......K1....<.JN...ob.....o..-...0..2%.f..*..|..X.....)Y=JN.g. ?]..r..`....*.f.SlBb.v.aJ....d..i...\E&...-......KlBhz.v.OD..x..X`...*N.*...G.T..:....T......S.x.#o..bZ".xi..q&.M.0J.'....FS.geoV..,.K.g..j..hF..I.|.#F....3......7b..+.%7....).....Y....aP.4B...i.>d.....'eX....bk...&.].M.6...5.!....&.....z7......}n'....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 668x287, components 3
                                                    Category:downloaded
                                                    Size (bytes):100452
                                                    Entropy (8bit):7.9631200664054465
                                                    Encrypted:false
                                                    SSDEEP:3072:iOIj5llUTSWeFW3SDriqzPEpWPR/kD38sk/mvM5x:XS6eFYSDrXzPlPa38sRvMr
                                                    MD5:131E21D21B254C916AF998711FD8CE4B
                                                    SHA1:2465367665B02DDE445D08362B7657861AC8B43D
                                                    SHA-256:DE1290462A8861805FAD492613D71D2C16CDA3EEDCCE35DEC12032628ED058A5
                                                    SHA-512:664404F94231A03AE90B728A725549C52BB247A38E9DDAF8B526F05F2C7BEF1EE04FABDDE4E466D410A8C3320EC54CD407EB33694C2BCF9DD0717C9BA26B470F
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20249/BD40D16F0E249D16898FB5E92B573ECB.jpg
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:1DC734096E8A11EF91499AD71D973B4D" xmpMM:DocumentID="xmp.did:1DC7340A6E8A11EF91499AD71D973B4D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1DC734076E8A11EF91499AD71D973B4D" stRef:documentID="xmp.did:1DC734086E8A11EF91499AD71D973B4D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 10, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):3087
                                                    Entropy (8bit):7.883581814643873
                                                    Encrypted:false
                                                    SSDEEP:96:KSMllcHitlIxv9vk7C1+I4wWHLihk/xCrwR:KSHIIHUCD4waIq
                                                    MD5:D5AA489440524B0FA9B6035490B78818
                                                    SHA1:10B4A911D47EC233A2A99EC15F38A77624DCA934
                                                    SHA-256:CE0A8D560F1797355D08802444C75C6E60E67DC65E680C3C2E4309E75CD84CA1
                                                    SHA-512:DD60A84984CAF0841CEA7FA50A3AE30CC7739890172FE60DC8D1F248D2942772F7B6DE3A770895396356E632B5191D230CD029DDD341296AA5999B9EFCEB93F4
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/jianL.png
                                                    Preview:.PNG........IHDR..............U~.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.46085336827742
                                                    Encrypted:false
                                                    SSDEEP:12288:dPziwHW6gwH6L+WyVZlgCvfK/Bo62EU/gKH07ZRtbxL8hx6AB0l:liQWheWyzu+feBEE+gKU7ZR3whx6AB0l
                                                    MD5:0D313058241030D354794FB995B67332
                                                    SHA1:CCAF7E2B2ABDB6893581FE55A156C73A0170D7F8
                                                    SHA-256:EA568C590C39CD86E66431659876C208F84D8081BC3CB5E41D695B7AE1953A51
                                                    SHA-512:9B1A4CE089EF6010FAA959B80ACBA35DCD50C5E93DB95FED02760F43302F4F7939E47D49A3E22E28A0BE0FA3A1637974478A8270CF6A23AA1EB937585CF25F89
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/Sc58fb7a7f83349fe9b385cd381a925e5-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.....................................................................................z...u...~...................................o...p.......................................|...x...{...}...........................................................................................................................................................................................................................................................................................................................................................]n..Vg..Sd..Sh..F]..:Sx.9Qw.:Px.:Nv.>Ot.`l.......................................................................................{.u.[.^.PxV.UwX.b.b.p.s.y.|.................r...Vdk.Yhl.fsy.\ly.Qct.Mct.Jat.F]o.=Sg.4K].6JZ.;NZ.BVY.DZW.F\X.Nf_.`wl.k.t.p.w.s.|.................Yuh.;ZO.:UN.I`Y.Ufd.Yjh.ixv.........................................................................opq.]bd.MRY.?DO.49G.*1B.&.@.&-B.&-B.+2F
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1432 x 260, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):63028
                                                    Entropy (8bit):7.769644039646089
                                                    Encrypted:false
                                                    SSDEEP:1536:FRzIHwdwVtdGUYaqaovchr8n8GNeJA57QhCY:rIHwdwVhYN9vBnXox
                                                    MD5:5483ECEE9A1AFA60E09698E1B57A793D
                                                    SHA1:D4E8C09B900B4571DC28458F214712C71CC10C79
                                                    SHA-256:4A7F4536A18B7E488B71FDC0F0C77DD75CA435A1D7EBA8B785EFD245A3BB7FD3
                                                    SHA-512:88C78794A0B5DC127BEE792D4B837E4E9ADD2506E0552575EF57BA79B4F9BA43D8C6406227C474DF31E9B7D40DF5D072B7B07942BD5F5C7FB830021EC2427951
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............FQ.....tEXtSoftware.Adobe ImageReadyq.e<..OMiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/" xmlns:xmpTPg="http://ns.adobe.com/xap/1.0/t/pg/" xmlns:stDim="http://ns.adobe.com/xap/1.0/sType/Dimensions#" xmlns:xmpG="http://ns.adobe.com/xap/1.0/g/" xmlns:pdf="http://ns.adobe.com/pdf/1.3/" xmlns:pdfx="http://ns.adobe.com/pdfx/1.3/" dc:format="image/png" xmp:CreatorTool="A
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 668x287, components 3
                                                    Category:dropped
                                                    Size (bytes):106263
                                                    Entropy (8bit):7.985058786228339
                                                    Encrypted:false
                                                    SSDEEP:3072:7tpWzWsmVBhyZD0TZd4+Q7UpTmnmMaqAafM:5kOtyNsdXLEnmtqnU
                                                    MD5:027C5FA8070C9DA676FBD6EA176C19C0
                                                    SHA1:E654FA391B0D90F1A65DBCF05AD1C72BE471EAD2
                                                    SHA-256:F0CB67DDB69E35F2B7CF36DF35869188DD89E5FB3827257422AFE8947CC9536E
                                                    SHA-512:8862DA1EA53A8AECA8311316CB0E4E85669E2BF07279BCF21F17987631E4EF5618E6855C06C83F4BFC4845FB3099BF996CD913FE0EFF341F291C1CFA0CC79505
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:9180D1DDB4ED11EEAE09B5479DCA5EC4" xmpMM:DocumentID="xmp.did:9180D1DEB4ED11EEAE09B5479DCA5EC4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9180D1DBB4ED11EEAE09B5479DCA5EC4" stRef:documentID="xmp.did:9180D1DCB4ED11EEAE09B5479DCA5EC4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (1006)
                                                    Category:downloaded
                                                    Size (bytes):1007
                                                    Entropy (8bit):4.974604064321017
                                                    Encrypted:false
                                                    SSDEEP:24:pd+QgPcJYYsSdm31mirPYnB+bWp9U19emQ/Fd/m:r+rwrsaiwPnB+OeIfdQ
                                                    MD5:B6C87BE9EA10C90E2474D8B4BF31D03C
                                                    SHA1:EDB7351AD33F3A0178094E9B65307342E511480B
                                                    SHA-256:7548514DD1E0FF058AA11EB882C2F40359AB7F29513614950707F36A3A5B10DF
                                                    SHA-512:00AD37FDD3885E29CC8681F538912DFF437C3449E28B281018BC180E4A487E4D6C96FCE3C68EE32C14BC548EE5BCE7D03EE4C4F00795B220EAAB2E6F5EC3EC89
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/default/script/layui/css/modules/code.css
                                                    Preview:. html #layuicss-skincodecss{display:none;position:absolute;width:1989px}.layui-code-h3,.layui-code-view{position:relative;font-size:12px}.layui-code-view{display:block;margin:10px 0;padding:0;border:1px solid #e2e2e2;border-left-width:6px;background-color:#F2F2F2;color:#333;font-family:Courier New}.layui-code-h3{padding:0 10px;height:32px;line-height:32px;border-bottom:1px solid #e2e2e2}.layui-code-h3 a{position:absolute;right:10px;top:0;color:#999}.layui-code-view .layui-code-ol{position:relative;overflow:auto}.layui-code-view .layui-code-ol li{position:relative;margin-left:45px;line-height:20px;padding:0 5px;border-left:1px solid #e2e2e2;list-style-type:decimal-leading-zero;*list-style-type:decimal;background-color:#fff}.layui-code-view pre{margin:0}.layui-code-notepad{border:1px solid #0C0C0C;border-left-color:#3F3F3F;background-color:#0C0C0C;color:#C2BE9E}.layui-code-notepad .layui-code-h3{border-bottom:none}.layui-code-notepad .layui-code-ol li{background-color:#3F3F3F;border-lef
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.253305519033015
                                                    Encrypted:false
                                                    SSDEEP:12288:xt42Jq6T15XFbd1qdCa2NoLUZwEI3uNhikYS3evxelUtPB4EjB:ytLitICfYS3exeeL
                                                    MD5:ADA97F9128F0D4C4A0988681CA3594B0
                                                    SHA1:3375C09581D7E4E1AFBFDE4342D22214C14979C0
                                                    SHA-256:9BE0A06B7094DFB440346AE8FA82864E5D8F6DC3D91D8E6F5FF4C4A1D781ABC8
                                                    SHA-512:22597B0582E62FEE7B25B7D74637F69FC1205AC9402FE3851EE6127EE45DBDC3EE923278A18022ECDDC8AA274E9BC65DFA3E6660A2935D5A3FD3FE36A06D91A3
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S990bb8710a5142cda59261f2f8c3e9c7-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.mnp.mnp.mnp.noq.noq.noq.opr.opr.opr.opr.opr.pqs.pqs.pqs.qrt.qrt.qrt.qrt.qrt.rsu.qrt.rsu.rsu.stv.rsu.rsu.tuw.tuw.stv.tuw.uvx.tuw.tuw.tuw.uvx.vwy.vwy.uvx.uvx.uvx.uvx.uvx.wxz.vwy.wxz.vwy.vwy.wxz.vwy.xy{.xy{.xy{.yz|.yz|.yz|.yz|.z{}.{{}.{{}.{{}.||~.||~.}}..}}..}}..}}..~~................................................................................................................................................................................................................................................................................................................................~~..{{}.zz|.xxz.wwx.wwx.www.vvw.vvx.vvx.uuw.ttv.ttu.uuu.uuu.ttt.ttt.sst.ssu.ssu.ssu.qqs.ppr.qqs.ppr.ooq.ooq.nnp.nnp.mmo.mmo.lln.lln.mmo.lln.mmo.mmo.mnp.mnp.nnp.nnp.nnp.mmo.lln.hhj.cce.\\^.VWX.YZZ._``.hii.pqq.sss.tut.www.{{{.~~|...}...}.yyw.ttr.nnl.iig.cca.\\Z.OOM.CCA.<<:.775.::8.<<:.>><.<<:.;;9.999.998.898.787.333.222.444.555.000.122.?A@.STT.__a.cdf.efg.ghj.jkm
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):20
                                                    Entropy (8bit):3.6086949695628414
                                                    Encrypted:false
                                                    SSDEEP:3:qPH:qPH
                                                    MD5:8DDC9154914B42D4A78E2FCFDD3A42C3
                                                    SHA1:2D966540FE6F49DC4B05F8CEEED012BB885493A0
                                                    SHA-256:DCB678394908A7D49DE7ED14177014B5E28E6EABE825798E2E439D876FFE3646
                                                    SHA-512:20940489CDFB1B6DE8262F52E0CFA1A3634B7F7BEBEC11E5FD45DB173B82573CA0D9BD628F6849A165C6D1BBCA4A3273EBD1F361A543C6BE2F6CD1336CD066B9
                                                    Malicious:false
                                                    URL:https://www.ccic.com/index/script/plugins.js
                                                    Preview:var jsonArrData = []
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 18 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1330
                                                    Entropy (8bit):7.8332046057595575
                                                    Encrypted:false
                                                    SSDEEP:24:JnY8kpBY6I+Bnz0gj8mOz3b7LG/e47Fx7AL61UkI29EEvJ1:JnGB7I+BOZ3b3G/ecf7xN/
                                                    MD5:63263EE4EA2F43777A02ACBAC9D4F096
                                                    SHA1:6D0023130E40B25250496549B77E34CBA9CD9398
                                                    SHA-256:EAD8DA397CDE5EDA9785E59672586B836BF2292D7D4EA680307EE8BBC55C4A5D
                                                    SHA-512:0EAE53EBA68D3BCD6600C7B844B5AC9480770D569C181066BBD3266F0B0FA1A6CE0E170C4A0BA2A8D8407144199FBACD8D582C2569D571ECC5656942D630FA14
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202311/b090f126554e471ea32be886d0d782b9.png
                                                    Preview:.PNG........IHDR...............mJ....sRGB.........IDAT8Ou.}L.u...y^.}.......E.(.Z.$....X:.L.,..2_2.2ww..6u.-./S.(...Kg.f..*2....^ .p.?.s....:Y.:...|v.......{.SU.G....V...Q\...b........tE..[>.2..t..DFb.b....po..jO...PV&...s.).!v.....u........)E..|...&....e....`.....x..Fy.{."...../..&qE....p+.9....... 7...........n..[...<..4..+_u?.zGp..4k..f...>.|.QL..q..o...g.....{.,e5{oZ...U........1...b.3v^.oj_......?.JX..,...C2..&.g..........w.x.z...)i).n.I....>..ar...<..........D...`..I...K..f...fc... ........p.m../6....... ....8..#.\.C.H....In..c.2.._.{..c'u...bS9.Y...5.......Z.c^...q......Y..P.-:H..../Y._..........jjz..e...x.y...[1.Q..+.....p.h-......@k1..J`...',...l....s..D....2....v.x.~k~Znb.'.S5.l.%..CX...{cR.#F.....Z..g;..u...7..2p..........a.=...LY.2...=B....L.s...[!.....h..b.........).f..S2.!.=..}'...g".P.d.g..5.....P.r.O)0#......z.0 .@k.P.ZC...0..R PfU.....[,b.yJP:..|q|.......A...0u..b.!8r1.|^.#mz(/t....}......Ly.......<./u.."....K
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x182, components 3
                                                    Category:downloaded
                                                    Size (bytes):121948
                                                    Entropy (8bit):7.978568468649709
                                                    Encrypted:false
                                                    SSDEEP:1536:Lu6lMuorEpbckpetgRfizQ0GjxQEtU0VPkfmJgLVcmf2Y92tA+CF5TpxqfLnH1Tk:6korEpa3GjxrlVgLVdfxcAN5TvqjnZ1C
                                                    MD5:8D7CCB8559F3DBD3CA72935A816C2FAE
                                                    SHA1:A07D908299C98FC4DB9E90ADE9C792638E00EFD7
                                                    SHA-256:5792BF8FC4BD3224AF895467089AB3204AD3D01A42EC0BC36FC9E1382C47CF7D
                                                    SHA-512:52DE05715F634D70E17811ED0A38A214BA0892F87A5E4E84E5157FF1084133131435ECD84BBEDB51490D7423655D67C984A6AFC926039CDE1B5754D14D49FEB4
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20241/1e6cb098d10f4a41a79a606600ed695d.jpg
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:3F41B4A7B4ED11EEB6A89B3AAE7A16EB" xmpMM:DocumentID="xmp.did:3F41B4A8B4ED11EEB6A89B3AAE7A16EB"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3F41B4A5B4ED11EEB6A89B3AAE7A16EB" stRef:documentID="xmp.did:3F41B4A6B4ED11EEB6A89B3AAE7A16EB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1287
                                                    Entropy (8bit):7.805631724858807
                                                    Encrypted:false
                                                    SSDEEP:24:285RTqy4FCO96UE3kDrXOMt+jOWx1UA0t/QM3PwKrrILOM+cpeUTuM5:28yCyjdDCi+Kq1UPt/Qg7rrkdpek5
                                                    MD5:588DFF761CDF4081CC87D4D91BBE828E
                                                    SHA1:F29BB477971834E6DDDCF5AD96E9DC9C5919517C
                                                    SHA-256:F87D4BFD0B5E414FCD7638A6E84637D590E65162701FDBAA993B926560E096BD
                                                    SHA-512:625EEFCC39F847FCE1356382552D5271C4DC671A58BF947AF385B2E55E3FA0B80C3625B0F2D128F86542D0072BB5E23EFD78919E3D01CBBCF97ADD7ABAAC7CF7
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............w=.....sRGB.........IDATHK..{l.U...g..D.......@.......A.........5.#.?......DcL.H..Bv.ewv. UI.."/.b.....A[..%P....n.7.....;.|.w...`.z.O4s#....K..........L..X7.r.O...!`..G.s...uJ.x...\..........|.0..8|l.v..H2........~.i.........U...N.?.=.......}`@g.V0...`">U...jW.b%.b^K%........%..9..=..g@M..eQc9....X'Nn..3.Q\...........D,.].<~..... ..}.|.kO.z_......w.x..&.e.-u.).rP...4=r.h..I(...1p........%R..bP.&.,....?.Y.[..';.d;...A...m......|......7..Pkq.+{.JZ...#T"2.T.y...WUcQj.0..IR..=.. j..*..I..8B.~...P....,...J..u{.5H".k@.*.(n.g...w..m.Z.+.f.....a..._...i.y:.[..:zH...`.....8..r;.._3 I..J.....P..c=..2Yv..s0.-Bh...7.V.%TQX.|o.e...f...J..{..S0..}....#M..e....+p.uF.a..`.&...7....}.J....<.....G..R..^ru.} c(..l.....%..7R.'J[)....PC....)**...XGA........+...V.;..?...j.K....m.:..fX.T3.B....(...H.....ZH.P...?./.h.[...._.T....b[/...P&..[...\.YO.....OG.......D.GI..q.,J@......R\{.i....j.7.26..4....9...b1...AI\;..@...Y.k....#mgz..4.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC (Windows), datetime=2024-03-12T10:20:39+08:00], baseline, precision 8, 1920x637, components 3
                                                    Category:dropped
                                                    Size (bytes):337811
                                                    Entropy (8bit):7.970831348192287
                                                    Encrypted:false
                                                    SSDEEP:6144:V3ngPxKJ4/4pa+pvha2inyUBIaNRG3IhZQVddNoL6ZCkHIyYDCAtMBASpz1:V34xoK4s+m2iyUmaNkrdzZX3kCAtMBAQ
                                                    MD5:A053A7FCD3F3402DAADD3427AA0AC5A1
                                                    SHA1:9158C0169CE7348DEA7D1CBFE9F42C715A78AEDB
                                                    SHA-256:EB7306BB4A9291592059FA2EA5B1E9417ACAB522973CFF65E570FAE736627DB6
                                                    SHA-512:3843EC7ABED0755C4C26FD4D75170943078EB24834311E272C6E78DA282C8C99F19211A1C433D3C1D9F2B4468AA4334EC7E14F4C3F2E448260488801F690A9F0
                                                    Malicious:false
                                                    Preview:......Exif..II*.......1.......2...2.......P...i.......j.......Adobe Photoshop CC (Windows)..2024-03-12T10:20:39+08:00...........0220........q.......................}.......}.........Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmp:CreateDate="2024-03-12T10:05:24+08:00" xmp:ModifyDate="2024-03-12T10:20:39+08:00" xmp:MetadataDate="2024-03-12T10:20:39+08:00" dc:format="image/jpeg" xmpMM:InstanceID="xmp.iid:1E449E43E01711EE923E93005AE8BC1B" xmpMM:DocumentID="xmp.did:1E449E44E01711EE923E93005AE8BC1
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):651
                                                    Entropy (8bit):7.567754142182313
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iWGZlbXsQaJpbpX+de7jexY3YOyr5Z3zyXLVRz8kQ1F+Ard5FvZ59XiFRR8:xZljsQaJpb9ceeY3YO8Z3m7Lz8kQpd5H
                                                    MD5:1046ADDD9980BEF27E6D912257AC0281
                                                    SHA1:99CED995B7114281092A20872068BA5D5DDE8531
                                                    SHA-256:053009CC04EBEA055B83452B1D9A3D2554B6809C385AE726A6B33A456D6BE061
                                                    SHA-512:ECA58C41320A47C85A492F25C579C8A421F84A798706AC41B194F3AB88DF9765C186DD366B6B41276997D1F1ED459A308081EFCB33C385E9F37D3675016FB88A
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........EIDAT8O..]..w.......B[..1)...h...(OW..(.B..V.0.q.b)Ci..RDH.S.....+\....y....g}.....|.....9..9...;}..o=..|...9va.oH.G.4..q..:...@...f.....yu..N.$......a..!....\.Al.g../...}A.b0.sX.......q........G.j..,.&.....?.06a(.c...\..d.J..`s...1....P...a<f..1..E...`W....M..PB..N.wJ...p..aq...2..{._.wa-..+..w\.(|......f..H........J..[~N...C....Yz0.s"Z.S.S./n......p.c.B.E..9m.R....|.@T>.w..7.. ./..l..nc...X.Z_....$.P.v..$\...J..."'....wDi..O....>L._....7.....EY&....Z'...V..........b+Nc.2.....MC.N...'.....LV.G.o.c.m3.kj./UY...R?...3nw.wc......m.u6t..W.#._.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x408, components 3
                                                    Category:downloaded
                                                    Size (bytes):131382
                                                    Entropy (8bit):7.963767014116794
                                                    Encrypted:false
                                                    SSDEEP:3072:pXJq+VnbHHk1QE+0LnQCJCbQkNTV1KcakYh2Fa:RJ7bHE1X+0sDbQkNRNa5h2E
                                                    MD5:B63638BD19301D670E908C0B86D5E681
                                                    SHA1:F036922B5C9CBBCB2E230DCCA490476446038CB0
                                                    SHA-256:E2636E3C071857868215F7EA7951D421C862955B3F752CA06881DB775F2C1600
                                                    SHA-512:635B5E0FD4C911D812BB13A2F3C03EAC4093AD6D5A99E7845A9DA53A6BC555B7E8A5331B9B8C556E974DFB4839C6B77B7AE1204680F4938A01E9D92A94940AAF
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S600935f3b845491b94ff946b4a342a8a-400.jpg
                                                    Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..c5h'...J.....~]........v.D.I.m........}9..{t.,.....l.B....G=......vT.ay$..........S.6........7\..K......9d..'...:.j\.7+..mSz.W.Mw..|...s...ta...a.G.Q....,.N..._.../.|z.vW.C......w...>.$.#..:....4.....x...T..c.0x.........\..zZ]..%..j....+....C.Fx.8...*...kQ..\..I.w5g...i}7g...qK.F.\...F.....i.......}....$....O.y.l......O~s.....5.|k.....r.s..''v....z.2x..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):700
                                                    Entropy (8bit):7.593819163854851
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7ib/r5yiPKP+jnnearbYI1YC1bgDUX+HCyBkwEridJBzrbdq:o4KP+jzHdqPouhzrbw
                                                    MD5:15B29D6CC25CDFECB4C1E4A08B8086CE
                                                    SHA1:37DBE72C675256A87DE5913E3781698361B1A7CF
                                                    SHA-256:E2271C163A0133D20A18500063526E39C3A3E53831EE60A7F881974DA2CF108E
                                                    SHA-512:245D85000E0709376D589E14757095FD6244C011E7385E434367A0D6416CF2A5ABEEF83571D049B4E14C7FA3BE249692AF09BCDAD4F4E298422C71D188893CA5
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_20.png
                                                    Preview:.PNG........IHDR.....................sRGB........vIDAT8O..[..e....LH.{..Ca...b..JIa.DH..>D..F..B.^B|Q.......$.S1R.R.K`""..H$..(....{..#...7.}k.Z{.........`.......8.'._..e.......1.+...`.~...[...$....c.7&`...U.......je.H.W...O....u.[V4...8.+./.u....b.o..E......j..n1z.K.9>..,..-m...uW......v...Me_._X.>E.zYr/.bt..|..aL....j.rp.>+...E...~...Y...PL..|.~../W....Y.a..gcG...%4.....z.x..T."9.9...........r|.{...)...D.7,.....D.`..k....x.7p...(.........N|.#.pb...y^...U.S.0..M.....).!L.....V!......T(.E^.......u .....+.],.N.."{;Zs.CM<N.Z..}r.+"5.2.Z.i...~....u.....*..w.`1.U..#S..a]m.>..n.c.n.*.....kX....>....U..gP...y.k1...E...6.d.>*i......Z.!.H....|.t.>l.5q.1......S...pP.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):645
                                                    Entropy (8bit):7.559964658368269
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iXra9/Oso2YyJ2HyhBnfa7mg0lXdunW1ub09pTihao/DV54bKK7:gOsoGWGBniDmXdunWc0LyOt
                                                    MD5:5FB9B6374371EE43814D45058C396A6E
                                                    SHA1:59E4510ADCEEA80E4CA1A54553850E419312C661
                                                    SHA-256:F43A777B06A24810664F3F657EF9D87EB5BCBCC63FA14EEB52F919AA486BE835
                                                    SHA-512:309A5CCD2343EB9D35644A6F2EAC2F043F5B76A7B58030D351865A421D142770A3DC5F15D45853D9704825E4C648DC8DAAE7049B81A7CFA3BBA1632488EE1127
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........?IDAT8O..9.Wg....sM......"D.W...A....P...I....7....N.Z.Z..0...%.......B.....'.........3.9s...w...F..^)...Z.{.s.W..s|......$ZN....5f.,.W.!..9......j..$..-U.3..*^a..u..#..K|...S<..%..._L.]../Z4.G....0n .%...,..Z....?.!{%..-.@.K......@-/.mMB......?.q.O..v.~^.|...R<..P...R..}q...o.|........fv......,....\+.#.....Q.?...,.h6....1N.Sd...?.+F...ZD...EK..Kc...!.....7..&...w.7`}.p.4...'..n.k.1.y..w......urw ......._.....H]...$z...2i....l|.....=..i6...\..?X....H..C..=....H.Z.,u,+O.....0.M..:.:%..B\.q.8.{..uJ...p4...yx...?..S......t..d..O.......s.ofr.-..;.9........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:downloaded
                                                    Size (bytes):226001
                                                    Entropy (8bit):7.977882003946192
                                                    Encrypted:false
                                                    SSDEEP:6144:u94LEpZ9mx5B+sVFNIt5O0ZL69XRPJCv5UDedZvDD:G88q+sVot9ZL6DPy+edh3
                                                    MD5:E14AF66DD7F4DB9A42336E61C6F98400
                                                    SHA1:DAF40C501BB15A0D1C748A69C3B1411320C25F4A
                                                    SHA-256:D757C19A8989B71797E8B07313BCE71D30C00149431CF77C237B14ACF35A9D84
                                                    SHA-512:CACA173AAE2609B24503C77C30C950BA418E74CB161BAF8BE62B4404E891E39E0319293954470AE945256AFF02FA53B8E58501EC33639FC940BD930D5ACD4CE8
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/2ef753aab1a64a5281a5710c3cd5589e.jpg
                                                    Preview:......JFIF.............C....................................................................C.......................................................................q...."...........................................b..........................!...1."AQ..a#2q..B...$3R.....45brst..%6C...7u.....DSv...&8c....Tw........................................T.......................!...1A.Q."a.2q..#......3BR.r.....$4bs.6C..%57Stuv.....8c...............?.1.8....../.|8....../.>........:............JH:Q..^....'..']...<b.....~=....Qp%D..% ........-D....k........lt.Ci:......>.+..........H.....W..2. .'....m.Dw.'.}~.7:U......_.?...P.u*{..o.q....p>D.UVm..d1T.....LOe...B"..\{H..6V...C.R.|8..q....)...l...!/<.;..Cae..i....4.V.%he.......Z%.:...P...........B......;xfk..<...OM...!saA.P'{.c.Z.......:f..iL..2T.0&.&H..oM.T..^..~+..<).ch+2.Z.!HP....7...U=.?.{lt.2.E..m8C!e....n.0..R}4..IH ...n...hl..x.=.%>ET.[...*J.V.Bb...A.Z.Jm....8P...)J) ..[.....zv.>_.\..<..C...t...F[....(..6Km!}L.Qm-..s_.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):261
                                                    Entropy (8bit):4.331344834114585
                                                    Encrypted:false
                                                    SSDEEP:6:wLGY3cUX0y4NXhk4EaqURMGf4/tFmAA/BN0nQ3q5n:wXsUEBg9xGf4FFAZqZ
                                                    MD5:413C1C7E3E8F469FF738BF1DABB6B7F3
                                                    SHA1:F91897DEE4D781D7BDFB10A52C47FBBE5DBF7916
                                                    SHA-256:64E3C83129048B6136A6A2EA342AC081690B01362D0D2E44BD7E4C7D82DC8DA3
                                                    SHA-512:33B984129F1008ED9C483365405E1EA9E707E662E40E879E6D6C5659A2318A00388B7D3810976B61F0E2C4AB399FC07BFB36D5803F26486E09EE59A42E0C7513
                                                    Malicious:false
                                                    Preview:$(function () {. try {. if ($('.article-pagenation')) {. if($('.article-pagenation').html().indexOf('_page_break_tag_')) {. require(['articlePagenation'], function (e) {. e.handler(). }). }. }. } catch (error) {.. }.}).
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (65374)
                                                    Category:downloaded
                                                    Size (bytes):86657
                                                    Entropy (8bit):5.200203683784022
                                                    Encrypted:false
                                                    SSDEEP:384:3T/yXPtOxDATAxEZartZy4UZ/YtxrUXWNuUassBmBt+Fwyfvu9kw6ppCti3PNeqL:D4lNTLIr5UZKxLH+FwyfWXi3Ve99vla
                                                    MD5:7F7959A4D2ABAF0008AF064026DFBB2D
                                                    SHA1:D10B86874460BD02CF6570F0DDD71A7BA58AF356
                                                    SHA-256:4FC119F92AE72717A4EB2BD46F49F13B309E9A011233D4D9486B4188EB6319E3
                                                    SHA-512:2A65543E3AC99C80CA071B47DAB567759F92238AFC46067656A85FBB37EC4257AA7B81F63C600BD93ED9EB1CDB82E267E7EBBB6DD50F09284D9E9BB5D4622827
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/css/sm.min.css
                                                    Preview:/*!. * =====================================================. * SUI Mobile - http://m.sui.taobao.org/. *. * =====================================================. */html{font-size:20px}@media only screen and (min-width:400px){html{font-size:21.33px!important}}@media only screen and (min-width:414px){html{font-size:22.08px!important}}@media only screen and (min-width:480px){html{font-size:25.6px!important}}/*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margi
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 19 x 19, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):290
                                                    Entropy (8bit):7.062415864824639
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhP/8C3+cGa4dFNgDeJmS6FN4UzkQHtEXwoFU5834rqAtjp:6v/7nq3a42DeJbK4UIYygSr3s
                                                    MD5:BF677598A57B9539055834AF51CF6062
                                                    SHA1:02B6ADC1CA6AD8F57605EE92943B65C6250D73BA
                                                    SHA-256:A9C6FB05CCD9FEA5E3AAEA84933B182CECA88FC66142544FD0476B387A39F722
                                                    SHA-512:43140EADB4030BDC2D30DE2AA47817B5458F38C7A45C4D3097FFA0F9DCC86636C0E421AF62F63CA9CF2C30AAD8EBB046C4577059E6F9C652DA61A4ADC03DEBAB
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/shadow.png
                                                    Preview:.PNG........IHDR..............Y.G....IDATx^]..j.0........^/..+#B3,.{..Mz.R......E..3).k.f...X.5.V.b...].,Z..0.Z2.......]I...[.L....o.{g..h,.xM.+.......e...".6.ADZR.3..n.9Yr..EW..f..W(+r ..F...4..H....=p.. ..f."8..3...v.=.......o..6...{)...'k%"...Y.....NR..du..........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 800x512, components 3
                                                    Category:dropped
                                                    Size (bytes):409913
                                                    Entropy (8bit):7.95219631986888
                                                    Encrypted:false
                                                    SSDEEP:6144:1Dr23GYmCyvs4vajj+WWQLAHw0Bq/eY/wgOZV5sdrR0Hex3iI+959GXPNYT0Pq3:u8yjPWQE3q/tMcrC+xX+9G/2T0S
                                                    MD5:EC7662C11A879D8DD231993B198BE6DA
                                                    SHA1:CAA34719A3C865F80F6C2C9937E703C3D88A983A
                                                    SHA-256:7BED9DC1A80B4FEA041B55342C10978FF776E6B2F71C09EA9FB7625F0BDD5C4C
                                                    SHA-512:8D4D9BBC0C6FAC1BA05454B8A37EEA1C403C4721BA3C8DF39757C946DB2537C2DD858559C8C64E525494F9991C2FD499DA7BF4C4FB5DE0A7A8D089670303A1DC
                                                    Malicious:false
                                                    Preview:......JFIF.....,.,.....,http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 4.4.0-Exiv2"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:Iptc4xmpCore="http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" Iptc4xmpCore:CountryCode="CHN" photoshop:CaptionWriter="..." photoshop:Category="18" photoshop:City=".." photoshop:Country="CHINA" photoshop:DateCreated="2024-03-10T10:00:50+08:00" photoshop:Headline=".................." photoshop:Source="..." photoshop:Urgency="5"> <dc:creator> <rdf:Seq> <rdf:li>...</rdf:li> </rdf:Seq> </dc:creator> <dc:description> <rdf:Alt> <rdf:li xml:lang="x-default">.........2024.3.10.&#xA; 3.10....................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x182, components 3
                                                    Category:downloaded
                                                    Size (bytes):115722
                                                    Entropy (8bit):7.977452460239957
                                                    Encrypted:false
                                                    SSDEEP:3072:eQiMZ/3qD8eIdOrhQPHsYv3H/RahKXL3k:GMNS89OdTMHZakk
                                                    MD5:C5BE9B537473C18A10075990DDF75F8A
                                                    SHA1:C9C02C7B9E461B7EE952DD516A330BE6FA1044F9
                                                    SHA-256:82ED03BD1E7D79C836C62D30B75F6E7B544F11C71FDC4F6CEC227F6C4B343963
                                                    SHA-512:F70EEDB10C6D23804134B8C3FD5125CC101842A53081A313363E8A800A9288988577A13625B9FEFC89BCEDCA84C43A05D8D4A548B11AB850705837E35FBBEB00
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20249/4032500029B24D3EE1FE705817391533.jpg
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:268ED8396E8111EFA78DD0CA966806A1" xmpMM:InstanceID="xmp.iid:268ED8386E8111EFA78DD0CA966806A1" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DC2928974F1711EFBBD4AA51360F33BF" stRef:documentID="xmp.did:DC2928984F1711EFBBD4AA51360F33BF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):717
                                                    Entropy (8bit):7.62724901467408
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iie3IDIDnzcrxzonzVB5TeFYgh96w5Ooc2Cfk0BXv+DcmTihfz:Se3IIYrRiVfTIz6wQor4kuv+Dhmz
                                                    MD5:E8DFE8DC6C7AB8F08D8C54610F6A8BD4
                                                    SHA1:9D986E44DB738480DBEA875312AF1AFD9C9EABFF
                                                    SHA-256:9E9D400042B19B7AA01E070BF9E0DA80D51E6347854E1BAF670CF88E3BD589C9
                                                    SHA-512:D522BB40670766A26B8AAB7998C335A6D135D9FE9B31C720DD7AFACFEB6252D73DB3D60823DA4F0974DA2065CBA6E1BBFF09053DB5A7CE8D866F8E5A9A194D88
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O..]..g....MhCI...Fyi...`..2.P.............l.Z#.6[.d...9..k[QV..Z...K.._...~...<.}..u.O..{.....a....X....O....x.+..^(.{......V.1.k.*...>.'..ZH.V..q.....x._.[\..?b...[..7V...sp....V..x..v.r6..0..p...........N.O...K....bW..}.ca.uv..ybH...l........H....f..8.c..sz.z..C......8....U..t.t..^.-I.._...P././8^..gk-!.o....U..`.:\.......r3@a.wh.....U.m.`.&.U8..~o.b.x ....-)Bh)v......U... `..8fD...._T..&.....D.p6..GU%.OG.....0.....r.F...K"..+.e...F|..%G....`"NU.bV..u...6z.....q.n...Zl.../..j....B.MW].0...a.....Y]..G....T.q...[.;.6.e.nW.2.$y.Xc.z...o.<.p...:...A...d...bX.!...L......jO.G...8BO..$.Y.R.j...f-.m.<....iKq.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.4846613059975
                                                    Encrypted:false
                                                    SSDEEP:12288:gnDMHKjg5gNOpTyFMUCL0HJ1DPa8t2fwCNMApStFDyHj3WSCnsE1M:aDMqjMtHUCAp1+c2fwcMAGAesEm
                                                    MD5:955A93FD3BC39384CDA0F9487059DF0A
                                                    SHA1:0F248F38B2EB188BA557C816B4A2D874CDDF223C
                                                    SHA-256:8D458D2F422E53748DDD210B3DCD21A0879FFC060F892581945CF2C3B22F3300
                                                    SHA-512:7A30351A0416E760B8481BC8ACA3EAA95EC9AC0003F478C4EE99B7404017C35E3B73CEFA578796E9C5CE72D324E2524AF0B9BC10CAD58B30632DFC5CEDB9CF75
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S9f392d6d854a41fdba3dda8ec2d94263-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.iaY.haY.g`X.g`X.h`V.haV.haV.g`V.haW.kdV.mfT.ngU.ngU.leS.lfS.lgT.lgT.kfS.kfS.mgU.neV.mdU.mdU.mdU.mdU.mdU.kbS.kbS.kbS.jbR.jcQ.jdQ.icP.hcO.jeQ.lgS.nhU.mhT.lgS.kfR.kdT.kcV.kcV.kcV.iaT.iaT.jbU.iaT.g_R.c[N.]XL.ZVJ.YUI.YUI.YUI.YUI.YUI.[WK.[WK.[WK.ZVJ.[WK.\XL.ZVJ.TPD.WSI.]YT.]XU.]XU.^YV.`[X.TOL.WRO.^YV.^YV.]YV.[YV.ZZV.ZZV.ZZV.ZZV.Z[V.[[W.[[V.YYT.WXS.WXS.XYT.ZZU.ZZU.YYU.[YT.^ZU.^[V.a]X.c_Z.f`\.g_].ib^._ZT.b_V.ji].jh\.hfY.fdW.ecV.a_R.][N.jh[.geX.geX.gcW.f_S.d\O.bZM.c[N.c[N.c[N.c[N.c[N.c[N.bZM.c[N.f^Q.h`S.h`S.h`S.jbU.ldW.nfY.nfY.qi\.rl\.rlZ.ojX.kfU.hcQ.f`O.g_S.iaT.meX.meX.g_T.b[R.ibZ.mf].mf^.ng\.phX.qjX.leR.ngR.vpY.vo[.wp].xq^.xq^.xq_.xqb.yqd.xpc.wob.wob.wob.wob.vna.um`.tl_.um`.vna.um`.um`.vna.vna.wob.wob.zre.{sf.xpc.tl_.ogZ.ph[.ph[.ph[.jbU.IA6.e]P.g`P.0)..4,..rj]..{n..wj.yqe.ib\.ofe.kbf.SIR.0&1.............'. ./%(.4*'.8/).@72.8/+.6-).8.+.;2/.9/+.8.,.7.+.:0..=31.=40.@63.I?=.VLG.`WN.cZQ.d[R.g^U.h_V.jaX.jaX.g^U.kbY.md[.ypg..~u.........e\R.F</.MD5.PG8
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 29 x 17, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):556
                                                    Entropy (8bit):7.459267764386108
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7JgYlq1LO23svd8f2n7l8ui/tSrKhIdKCNVPwE7q9:lI4LO23SdgAhRo8rK6dxVPv29
                                                    MD5:851519C0C46DD258C9FCE9134614F45B
                                                    SHA1:5D9A9251C98CF1795B18F31BB0E7AED51ABB8D9D
                                                    SHA-256:41F0F2B781B8F8D7088458C304EB861C36B75FDE783E9DE90B4B942CBD6990FB
                                                    SHA-512:FB6738C54A68C0E187870AF102B07D45346876E9AB41CD2D99072250336AF85E948F9F10F40683D392E50ABAF03A119AD9CA4CF4056D6874D800B93EC0CCD9D5
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............!Q.t....sRGB.........IDATHK..MKUQ....kHP........y.Q.N....D.....@..j..A..5...4m.?@....=.-.............."b....fk.....S..o.._.3..0........F.................7`..&"..O....n.7L.m.$....l....#.60..<F...3.....5"ZYiKR;"....5..TZ:gS.#.....J.4.............iIo.....V.3....T.&`..,.D.b...M.R....q.......I............%p...g.s/... "\...L][..'.E.5p.X...x...LA.*U.:}...c]J.O..{....j...6",. .kz.....E2...".t..%i%g...k'O..fs....l9m.\...*....`.M-O.....).6RU..V......=....~iS.>...[i..~...f%.;..w..:s.(2i......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 824 x 200, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):20634
                                                    Entropy (8bit):7.928024919767521
                                                    Encrypted:false
                                                    SSDEEP:384:r6RSqhnskkYyM9P9dKbifU/D/EXQBy063MdJj3t191lhZl6GLUq:a7hnskNyOPfwifAD/EXcy063MdP9lhXf
                                                    MD5:D97E03CA4B24378A342ED14866F34AC1
                                                    SHA1:3E4E28E8E2705712DDA6A2FF6E669DFB44EC2611
                                                    SHA-256:68145B8F69A0C855F30E569DEC2752A4B4C0432EDD7FBFEA0DE8FCA862FB8A47
                                                    SHA-512:1760D33E0B6AABD13C9CF45C9691D294CC137DEB66069913EDF87B96C2FCD2F8C9B1A4045271F20BD5F77B9EBA051DB9F74FC0DB8410B8AC3FDCE2BE2E4849C7
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/ztzl.png
                                                    Preview:.PNG........IHDR...8.........$.D.....sRGB....... .IDATx^.....I..^........z|I..I..q:vb.*.o.....A..Hj..Y.*. .q...3.......................<..5...f.!....................UU...O]U..~.?..|.>..........G...#.C..G..Xp.. .. .. .. .. ...@.7...-9..,Z......}.}.}.}.}.}.}.......].@..RtE3.>........<.......x?.~......#..=.G....);.4.....9..b.| ..@.9.d}.>\&.......^!...1.`..i}.....D?..!.................@$8......C..AX...................`....................!`.......p...*.....y`=.......>.}.>.>.>....v.Hp..>...J\(q..c.Lq..H.rq...........~...........$....%G...........`.h...G.................o.?..=...................x|.....!8.?....@..@..@..@..@.uQ..................x|...Ga8uU.cH.....4H>......`a...x?F..........>..&....@n0r.....OG......`}..M.?.?.~...(..eQ..w..XUG....)..`.<03>.......N+..y?.~D?@?B?D?.O~ JS........h..nzX....7..>....9.h\^.............`.).....{...x..._..u..`]..........n.....K.D?~..F.. .. .. .. .. `.....}..E~.....<R.+.< ..7...........u....................x.. 8O3....@..@
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 60 x 77, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):981
                                                    Entropy (8bit):7.718026638879048
                                                    Encrypted:false
                                                    SSDEEP:24:0cmCp1T4BZ5EQ8Yx/S/OceDYn5L2fBMY1:0cmUGBZSLzeUnd2yK
                                                    MD5:4E7AAC541A0032FB4EA619FC5BD850A6
                                                    SHA1:832DA898AF3ED8DD878069AB1F4BED00B8C665BD
                                                    SHA-256:D167EFD043A0BA57F0C1DDE2E8932D8D84770AFC3E68C5DEE17AD7731B130D05
                                                    SHA-512:44408CC4AA393E0839A682F43C111696CCAB34E59607AE17BE227577B767F7C82DCE168121B4D022D8019A448ABDC7FF281EC246B6A1FF6B89290FB8E03EDF47
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/sy_date.png
                                                    Preview:.PNG........IHDR...<...M.............sRGB.........IDATx^.n.A...1v.C.;Wx...... :...cw........H......@LBn..u.^.....@b...;.Y.5..iV..3g..w..\.!hz.5.;.....N...l....}..Jm...`...w...<c..o.=.Z..\.~......+..Q...2p.~...t`...u....O...wBm....O...........#...~R.E?. u.....N......f.@....]y7....?...C.%...+o....~R..0.D...2./.]..s?}...x.%..B....s..?..D]+.....n~D.j............o...T&}./....R{. ...f.....l.%.z:5...................?qM...d.u..G.p+..A......h...2.^.`g.....W...Y-..:t.......T..........q......0.J.8.v...;.Q.;+..&.E)...6N......Y.bzy.L]U7.N.........=.99...V;YtE.&.=...{.(-.e.P..`{..........L|..p..lQ2.."S_D.c.)...FkU.(.mTx./..U.lO...n{>..8..<....=.......<?.a..v.bmOD.......J..m...^...%.q'.......-s`{....:.m-...x..Sxt..\.R.,....Yg......E)...6f.*b>l.nj..z^.SW..Z..n;QZFc.W........8...:.?lM.<.....'J.,|t.i.kT..(.-J10u......<a..mQ.;..um...b)..&....*8!;.?.j.{.a..5$.....`.....8<..?..........G.P4.n..O...{..b.../....>n=.a......p.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (322)
                                                    Category:downloaded
                                                    Size (bytes):78234
                                                    Entropy (8bit):5.151398542211602
                                                    Encrypted:false
                                                    SSDEEP:384:IH7fCYpWguu0jcpFXfmagixz5g/LmuaOv4JOC9jIAQekr2iDvOmO0sBufT7C6bCQ:gDgagUZKOJ0FSVlHi
                                                    MD5:C08DEAED87CBCDD6E7ED96E3B048202F
                                                    SHA1:9A5523471F8A69545B05239D90394B8422D4C2A1
                                                    SHA-256:D579D2493007AFCA32A2F3B800B01D64E6E07A696EA2883876BC940D974BC1D1
                                                    SHA-512:90B53D84DEA6ED79DCA61B93F20033BE7D002AEBD3CEA0BFDABEDEEEA6B143ECD51D0C5121ADF35CC63DAA32D4804BB3FF37E2D9C7B01F4E49F66C3983FC69EB
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/index.css
                                                    Preview:@charset "utf-8";./* ...... */.html,body,h1,h2,h3,h4,h5,h6,input,ul,ol,li,input,p,dl,dd,dt,button{. padding: 0;. margin: 0;.}.button{outline: none;border: none;}.body{. font-size:16px;. font-family: "....";. overflow-x: hidden;.}.ul,li{. list-style: none;.}.a{. text-decoration: none;. color: #333333;.}..top_wrap .nav ul li a:hover,..footer_bot_r p a:hover{. color: #DE0617;.}.a:focus{outline:none;}.img{. vertical-align: middle;. border: 0;. border-style:none;.}..clearfix:after{ content: "";height: 0; width: 0;clear: both; visibility: hidden;display: block;font-size: 0;}..clearfix { zoom:1; }..fl{ float: left;}..fr{ float: right;}..core{width: 1200px;margin: 0 auto;}..body {background:#FFFFFF;font-family:"...."; max-width:1920px;margin:0 auto;}..a:hover{. color: #005bac;.}./* .... */..top {. height: 111px;. position: fixed;. top: 0px;. /* padding-bottom: 110px; */. width: 100%;. z-index: 999;. background: #f
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):185
                                                    Entropy (8bit):6.38299318826716
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPl9vtJK6Ptl/12n0EcLmHhr9AJbWMuKvTjSvCF97xNpddJV01reg1p:6v/lhPO6/a0ZShr9AVWvKvTjrF91Npdu
                                                    MD5:5AB2C00425EAD7F7A0C219385D55BF03
                                                    SHA1:F62AAD7C7719300F1D8E922155F451661D41D42D
                                                    SHA-256:32170F852E6761CBBCFBB87175BFD6D84ED73823DEF767B1A7BDD058C6A3030A
                                                    SHA-512:3B531522315BC5F7EDC3CA870D2A91A89D4BAF34DFAB057AD58550FA35D68D8C40E905495050D687339C1150C8FB3B65ECEAADD19E40A5102253CE2DCF3F9D09
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDATx...1..Q......j..x."......,.W.%l..X.W....._v&.9...l.8.wI..$.a,.A|..K.....l.....#..D.s....@q...8.[I..$.a{^..`...?..9,..K.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 19 x 19, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):290
                                                    Entropy (8bit):7.062415864824639
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhP/8C3+cGa4dFNgDeJmS6FN4UzkQHtEXwoFU5834rqAtjp:6v/7nq3a42DeJbK4UIYygSr3s
                                                    MD5:BF677598A57B9539055834AF51CF6062
                                                    SHA1:02B6ADC1CA6AD8F57605EE92943B65C6250D73BA
                                                    SHA-256:A9C6FB05CCD9FEA5E3AAEA84933B182CECA88FC66142544FD0476B387A39F722
                                                    SHA-512:43140EADB4030BDC2D30DE2AA47817B5458F38C7A45C4D3097FFA0F9DCC86636C0E421AF62F63CA9CF2C30AAD8EBB046C4577059E6F9C652DA61A4ADC03DEBAB
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............Y.G....IDATx^]..j.0........^/..+#B3,.{..Mz.R......E..3).k.f...X.5.V.b...].,Z..0.Z2.......]I...[.L....o.{g..h,.xM.+.......e...".6.ADZR.3..n.9Yr..EW..f..W(+r ..F...4..H....=p.. ..f."8..3...v.=.......o..6...{)...'k%"...Y.....NR..du..........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):309
                                                    Entropy (8bit):7.019311728235004
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6DAJprZO5UrO9T0cM+JWLE5PKT+wmOsUSkfHfZZ8zSjp:6v/7PUfZEUrWM+JWLEACi0kf/4WN
                                                    MD5:273CFFAD049D5B4E1F0A9D7AF149E597
                                                    SHA1:14C3EF60D3979DF9E8D13CF39CAD10ED043F5578
                                                    SHA-256:0A0C8700265901B93FEB0814D2DB720D0E4F0B66EBFA98F717D1DC4E28E36646
                                                    SHA-512:82AD162E40244A791A9B39E42F5FCE43E209696A3FB94A23CF374CE84B09D700405A6D26CB3DB9FC84A0D16A5D4ED0226E1BFC4B7A5D09442B1D8EB785C2A49B
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDAT.....J.......4*.&m.N..kX.......m9.9...8..c.E.?...=$E...{.....xQ...H.C.......w.1.f...1...-l.W.o...U.n....&%...Z...9....\.N*..T..k..1iw....vL..^.|.h.#Ms|%..CL.E....^.."........].X..B.#.5.O..Q.9.Q..@k.c.g..w..V.S\q...w.s{.RP?{9{.....".TP......H..7.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):2037
                                                    Entropy (8bit):4.70035091408328
                                                    Encrypted:false
                                                    SSDEEP:48:cPDwo2gXwweZP1+u/Q4Vi49avdHcmBj/wNvsqUR:QwuBcN+u/NZwvjLwNEqUR
                                                    MD5:05D1463CA88C94EB73D7EA96A84E90D0
                                                    SHA1:D529398E71A40E04FD98DCBA156D4C569BDAAE4B
                                                    SHA-256:E97E4BFF9101BBBA4A49A10851BEC874C180A777125ACB7FB80953DBFBAA7429
                                                    SHA-512:11ED41C20BF78D46D523296EE284E3B660140ED2E744AE5BB29B3EB5F7CAD69479187670421C6BD1E06AAAAD88D183FFB41165B5AFF81002134B50E1657EA0C8
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/img/about_sgs.svg
                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="48px" height="48px" viewBox="0 0 48 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>about_sgs</title>. <g id="..-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="about_sgs" fill-rule="nonzero">. <path d="M24,0.5 C11,0.5 0.5,11 0.5,24 C0.5,37 11,47.5 24,47.5 C37,47.5 47.5,37 47.5,24 C47.5,11 37,0.5 24,0.5 Z M38.8,22.2 C38.6,22.5 38.3,22.7 38,22.7 C37.8,22.7 37.6,22.6 37.5,22.5 L35,20.9 L35,33.5 C35,34.9 33.9,36 32.5,36 L28,36 L20,36 L15.5,36 C14.1,36 13,34.9 13,33.5 L13,20.9 L10.6,22.5 C10.4,22.6 10.2,22.7 10.1,22.7 C9.8,22.7 9.4,22.5 9.3,22.2 C9,21.7 9.1,21.1 9.6,20.8 L23.3,12.2 C23.8,11.9 24.4,11.9 24.9,12.2 L38.6,20.8 C39,21.1 39.1,21.7 38.8,22.2 Z" id=".." fill="#0266B3"></path>. <path d="M23.2,14.4 L15,19.7 L15,33.5 C15,33.8 15.2,34 15.5,34 L20,34 L20,26.5 C20,25.1 21.1,24 22.5,24 L25.5,24 C26.9,24 28,25.1 2
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.645333368030347
                                                    Encrypted:false
                                                    SSDEEP:12288:Az/pRSaCnHQBEK08+HxegLFjzQnVqrR/SgINN3ZKZW1P5y1tFeB7b:I/6aCHQBEt8+HfFjcnViSg0JpF5IS
                                                    MD5:A20561C3EB203213B4513C492F7A4ADD
                                                    SHA1:8B9B942F5B2AEC7D2F8319C4F2E3707E52DB3D27
                                                    SHA-256:FA0603ACC252940514D1F0ABAC9886E156C0798E1DA3E8560A97FAB4398E9991
                                                    SHA-512:19E4412D9F11EE7A288B094CA4F02B8F8D4D8E93819FA1A672C8C040BBE89B8BEE286D7C935D656F57CD1C27BFF793162312B244BB83497D50B6BCE38761A4AE
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S7d50d6de512e416fae9b24cc277ddb29-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|..y...u...v....~MF.Z+$.].&.}M@..YJ.Q$..I....h`......z..bK......c.^3#.0...Z/)..\P.q@8..^O.B...N+$.._X..cX..xf...~...{...s..v]..dM..ZE..YE..gR..s\...m..........y..x...............oX..fJ..jM..rU..qV..kQ..fL..aI..ZE..T@..fQ..yb..XE..U?..eO.{J7.pB2.Q%..S#..r:-.h2$.L ..H$..K!..yB2.\.$.pH@.8...6...8...B...E!..H$..L%.._4'.}N?..p]...l...j..v]..gM..K1.zA'..T:..gL..v\...o...............w..te..}k..rb.qHA.xI>..kR..w^.uE<.E$ .Q-)..xk......~...u..yl..\M..M<..^I..w_..g........zA6.g4-..MF..LD.xC:..WL..g\..f[..zp..`V..si..mc..QH..VL..d\.._U..j\..m..{g..y..|..{..ZN.U1*..\O...y..XJ.qMA.eC8.dE;.,...9 ..Z>0.[>5.;.../...E+#.]@5.\=2.S1&.kF4..U>..gO..`J.{Q<.Y4&.V0&.W5'.W9,.b@1.|R>..[C..s[..~c..oX.sL>.N/(.>&%.8 ..S64.tOJ..^W..`U..m`.~TJ.yQI.mG>.pLB.kE<.xPF.R.$.V4-.P/*.Y95.]?:.Z=6.N/*.Z:3.kI@.vOF...z...t..XP.]>9.fLG.|a\.|_X......|..ga...........................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 356 x 200, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):64305
                                                    Entropy (8bit):7.990085399961072
                                                    Encrypted:true
                                                    SSDEEP:1536:+Te24Bd1NhWb4YkFpFcsxeohUmqcFDCg3qp+eFxS:+Mhnugeo5qcJCBjFY
                                                    MD5:D26EC3781A68BEF0DAADBAE3BC2EC77A
                                                    SHA1:47E8FFBF71995C20AF60C0E69A1EF1A2920F3A83
                                                    SHA-256:FEF38BD6CEAB80AF6C1768DF20A2C9A32A4010FD9C518675F0BA23253C9357DD
                                                    SHA-512:6E3A0A4940EBECF2A03C4EB56613376001638FCB2A53895D01A22C48291314C63F00A42E094E315BC4BFD698C152EC0182CDFC1C8DFE46430F11E6BB43A6B08D
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/fafdaadee6104ccfb6d1d74e7ecaa385.png
                                                    Preview:.PNG........IHDR...d................sBIT....|.d... .IDATx^...]Gu7~.]i.z..U..m .`....SR...........%.....@H> 1..I..)..L.......&[.,.e.^v..v.Sg....[.@r..{..)g..3g.....C....1.......9.).v.8....e.k.....TKtUjk.....M..1....).T.7..R$...v..j.Gx>....-g.QI....mB..h.4.P..r.yZ...d.L~.Kd.....G. c.....3..m../5C0....d.g...X.....n...m.{.\...I....X=.....e[.*N.h...?.o/.BY..{C0D";4.....A.A.78.... ...G....}JG..l*.~.M..k:...i.z#eR6...N.....t...+.....Z9..!'u.+'.t.........9fd.....6]...f.>....0.Jp...>U.R<xP#.#..l...D.+...F+.\*...)S..E]c.nL....T.h...P..I...Y...rTeb.y..R.\.}.&.t......|.. .....HI..0..z36...Y.m.). ..@m.az...;../......A.....`,m3.y.Q=2@..7...1u.`...<..9q.....x4..` ..... ..,..J_......+&. .tt..|...."`. .iaZ.+..sS......28...J#..O..$3.I....be(..O.d...H.z......r.~Svf.S.:......%.S.\...;(.v..C.f.I.R.|...|Q*.Wx..)|#%7...X .n.@P...).].8.V.Y.....l.....+-....3..9.[.._j.J....\)..aVp...F.c..@..v$.r..X.W.:F"b.e<R..h[.3m..U.-J..G.G7...j...A.+.I+w..V...V.P...1.) 3.+.Z...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x182, components 3
                                                    Category:dropped
                                                    Size (bytes):126365
                                                    Entropy (8bit):7.974999044640615
                                                    Encrypted:false
                                                    SSDEEP:1536:W/Yj2UE7XNVcz7TL8pCJEgQGlph/tshW1lYKykNwT7/llVm9l8H4/nt2nZ53q/dW:EdXNVcf3egzZUrk+T34wH02nT6/dhsxV
                                                    MD5:F34D087D3AD6E8D706E14A6D1DA499E0
                                                    SHA1:8AB48829F81E4ADCEFB6F0619AF34438780030CB
                                                    SHA-256:1FFF48D144C82599841E1DE79E35E47B77C3C2CA16F2B98AE84B21FD5FD4B8D0
                                                    SHA-512:7337EAC96AD43AB61D5A755F4E2B45759A57EE7CF5804C8C33DD9E72680898D190A6269B4CD825E227F9C88C932AA1C08FCFA991F64142F667670FD73E4B3487
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:DC2928974F1711EFBBD4AA51360F33BF" xmpMM:DocumentID="xmp.did:DC2928984F1711EFBBD4AA51360F33BF"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DC2928954F1711EFBBD4AA51360F33BF" stRef:documentID="xmp.did:DC2928964F1711EFBBD4AA51360F33BF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):17
                                                    Entropy (8bit):3.5724694587701364
                                                    Encrypted:false
                                                    SSDEEP:3:AJAwWVcbn:sAwWV2n
                                                    MD5:CA7F6DF58D657613F7260A93F6FE4490
                                                    SHA1:CAC9C3A25FEFE6D7B809EE78E88F5874A3068792
                                                    SHA-256:2B205AA5B0E5389071BDAA82FE6919F7C413A16998B84E89489724D39E5552FD
                                                    SHA-512:2CDCE67B931AC752B40B5467CF2176FEAB836BFDB71DEC7CBF6D9AE2332CA3BD0544101DC1ED743122EFF07D3B7629C7BD224D75CA8F2DEBBD5BFE7ECBF96002
                                                    Malicious:false
                                                    URL:https://www.ccic.com/api-gateway/jpaas-juba-front-server/sync/detailInfo.do?webid=M2WWuvCTV3aRDeIw4TUa2&hostname=www.ccic.com&cookid=3675963051994579500&visitortype=0&lastdays=-1&l_time=0&old_time=2000-01-01%2000%3A00%3A00&sessionid=12709733121766020000&sessiontype=0&url=https%253A%252F%252Fwww.ccic.com%252F&title=%25E4%25B8%25AD%25E5%259B%25BD%25E6%25A3%2580%25E9%25AA%258C%25E8%25AE%25A4%25E8%25AF%2581%25E9%259B%2586%25E5%259B%25A2&urltype=0&colid=tPqA5TKtWJoafpeYHvX6a&browser=Chrome&os=Windows%2010&terminal=pc&cookie=1&java=1&resolution=1280x1024&color=24-bit&lan=en-us&keyword=null&bookyear=null&num=0.7445040488493628&callback=handleResponse
                                                    Preview:handleResponse(1)
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text
                                                    Category:dropped
                                                    Size (bytes):3698
                                                    Entropy (8bit):5.130559091763356
                                                    Encrypted:false
                                                    SSDEEP:96:pe8kMf/ahrvZf1SJdyH1XErJ9dBueCz6AhWa0xZ:MBoahrBf1SJdeZEbdBueCz6AEJxZ
                                                    MD5:3F9FDC877D887F6BEA476D207BC72EB2
                                                    SHA1:43D9850E9AB7AFA032B298FAFC139EFF16E98634
                                                    SHA-256:2FB1D5FB32241118928A7D0846308B473AAB4BE867C13D406B824D66C3A51FB6
                                                    SHA-512:BED279B819FD7FABEF3257A07E32D042FC824C3AE4D7879F611E4A58ECCA713AF5A96AEEF6D81B7E9EDB3503E356602508D272D163724A46B8676CC2D2850FD4
                                                    Malicious:false
                                                    Preview:var advJsonData.var advUrl1.var bayWindowLength = 0 // .................var advUrl2 = '/script/plugins.js'.if (getQueryString('isPreview')) { // ........ // url = advJsonPath+'global.js'. // url2 = allPageJsonPath+'global.js'. $.ajax({. url: '/api-gateway/jpaas-cms-server/manager/global/params/find',. type: 'post',. dataType: 'json',. data: {. webAdvertiseId: getQueryString("iid"),. },. success: function (res) {. if (res.success) {. var data = JSON.parse(res.data.globalParams.advertiseJson). for (var i = 0; i < data.length; i++) {. loadAdvScript(data[i]). }. }. },. error: function (err) {. throw err. }. }).} else {. if (document.getElementById('pagetype').content != 1) {. var hrefArr = window.location.href.split('/');. var htmlName = hrefArr[hrefArr.length - 1];. if (!htmlName) {. htmlName = 'index';. }. var columnPath = window.location.pat
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 45 x 46, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):2205
                                                    Entropy (8bit):7.873781366142087
                                                    Encrypted:false
                                                    SSDEEP:48:aUfPYORCe8ue9SH1G2mmL6Mr20Mqbl2a/ED1XQEyZyghbTxjGI5dl:aUfPYOb8AHmmLXr2Bqx2a/ED1XQHvx1h
                                                    MD5:D8A2CD7F1BBD4ECF7087CE2522ED4A7D
                                                    SHA1:AC1C18293B6803867939B9FE9839D2E14EC0036B
                                                    SHA-256:E4A1D5BA290280365BB51B8E79E057CB4B0126F6524F5AE42946F1A6F013BB4D
                                                    SHA-512:10FC02702BC649EB93CAAA846A9ABF4307031F7F8E5713314D8EC3B07D277F499A74DD2606A00A61226A99762A79327DA30F9B4FF85B7B7C81A61B4BF4864D06
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...-............4....sRGB........WIDAThC.Ykl.W....Vk.E.....jRJ.z...5....<.........@.V.....xIP......$.B#!@...Y.I.F..&..A...rb..s.....3.....O.3s.w.{.w.=..........6u..Y;88...].2.>..W.c.ccc>..w.ig.Z.S.r........@..r.l..F.Q0...5...P........?.1.Z........pp..|......_.i.wXko......"9.]...>b..E....v~tt.[k..-.p..8q.%........k.p.....t...sy...c......wj.............. 86.ON.8.s.v..'....s....._..In..\.*.{499y.Z...$3.@W.E..r..u....C.b.......9.*...B.....h.u.d......J.....u.x.Z.....N....0.z.~.....d..L.....,..e.]D.f...T*.<.S.....z..Mk.r.3...Y|...DT..h...(....".)Q..%^Ih.....L....X,.Gv:..e..p.....d.....g.|...J..y..:uj....-....p#.V..TJ...%.h..xU.E...N..M.....wQ.}.T*.].f...-...w....J.....s.Z{Wb7.8.m".-..c..{...T..ND..`Y.........h2..:fm.8..X..0.(..e.....M.9sf;...{1hyX....>...t.`......[.n...m5..kLMMu....a.~..W.Pq.S.....H..1hf......I...}J..y....b.JS..T..5.w..K..J)uk^l/c:....xk.P.....`...f..i\.sq.Z....IG....t..s}.3+$...N@c._....X.<k.y.$.z.cG..N..0.J..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 10, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):3087
                                                    Entropy (8bit):7.883581814643873
                                                    Encrypted:false
                                                    SSDEEP:96:KSMllcHitlIxv9vk7C1+I4wWHLihk/xCrwR:KSHIIHUCD4waIq
                                                    MD5:D5AA489440524B0FA9B6035490B78818
                                                    SHA1:10B4A911D47EC233A2A99EC15F38A77624DCA934
                                                    SHA-256:CE0A8D560F1797355D08802444C75C6E60E67DC65E680C3C2E4309E75CD84CA1
                                                    SHA-512:DD60A84984CAF0841CEA7FA50A3AE30CC7739890172FE60DC8D1F248D2942772F7B6DE3A770895396356E632B5191D230CD029DDD341296AA5999B9EFCEB93F4
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............U~.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text
                                                    Category:dropped
                                                    Size (bytes):11676
                                                    Entropy (8bit):4.8028506627815535
                                                    Encrypted:false
                                                    SSDEEP:192:KGEJkziSF9+g+LdT9oerE+8gjJwK5oX+ksIe2:Kdy/+LdxcFgvIe2
                                                    MD5:9E21F05DC47E93496CCFA77C3962575F
                                                    SHA1:949BCC79A965E9FC92575720BDB86032503DD229
                                                    SHA-256:E5DD017F4A531933A2C75D1898BD44E57EBB67FD16877FD67FBC44AEF4A71FE6
                                                    SHA-512:8C2501AEC384DF5AB256E06812BF073ECFA2D5525B277F2E4F6B0BC57BCCAB515B9DA3CFB6D774265EF5631898020BFF7C26ECD3693C4128E79C014D0B5B4BC9
                                                    Malicious:false
                                                    Preview:$(function(){.. . if(document.body.clientWidth > 1200){. // .... ... $(".content_right .head ul li").mousemove(function(){. $(this).addClass("on").siblings("li").removeClass("on");. var _index = $(this).index();. $(this).parents(".content_right").find(".cont > ul").hide().eq(_index).show();. }).. $(".news_news .head ul li").mousemove(function(){. $(this).addClass("on").siblings("li").removeClass("on");. var _index = $(this).index();. $(this).parents("ul").parents(".head").parents(".core").find(".cont>ul").hide().eq(_index).show();. }).. // ..... $(".zyyw_head ul li").mouseenter(function(){. $(this).addClass("on").siblings("li").removeClass("on");. var _index = $(this).index(); . $(this).parents("ul").parents(".zyyw_head").parents(".core").siblings(".zyyw_bg").children(".core").children(".zyyw_cont").children(
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 824 x 200, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):20634
                                                    Entropy (8bit):7.928024919767521
                                                    Encrypted:false
                                                    SSDEEP:384:r6RSqhnskkYyM9P9dKbifU/D/EXQBy063MdJj3t191lhZl6GLUq:a7hnskNyOPfwifAD/EXcy063MdP9lhXf
                                                    MD5:D97E03CA4B24378A342ED14866F34AC1
                                                    SHA1:3E4E28E8E2705712DDA6A2FF6E669DFB44EC2611
                                                    SHA-256:68145B8F69A0C855F30E569DEC2752A4B4C0432EDD7FBFEA0DE8FCA862FB8A47
                                                    SHA-512:1760D33E0B6AABD13C9CF45C9691D294CC137DEB66069913EDF87B96C2FCD2F8C9B1A4045271F20BD5F77B9EBA051DB9F74FC0DB8410B8AC3FDCE2BE2E4849C7
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...8.........$.D.....sRGB....... .IDATx^.....I..^........z|I..I..q:vb.*.o.....A..Hj..Y.*. .q...3.......................<..5...f.!....................UU...O]U..~.?..|.>..........G...#.C..G..Xp.. .. .. .. .. ...@.7...-9..,Z......}.}.}.}.}.}.}.......].@..RtE3.>........<.......x?.~......#..=.G....);.4.....9..b.| ..@.9.d}.>\&.......^!...1.`..i}.....D?..!.................@$8......C..AX...................`....................!`.......p...*.....y`=.......>.}.>.>.>....v.Hp..>...J\(q..c.Lq..H.rq...........~...........$....%G...........`.h...G.................o.?..=...................x|.....!8.?....@..@..@..@..@.uQ..................x|...Ga8uU.cH.....4H>......`a...x?F..........>..&....@n0r.....OG......`}..M.?.?.~...(..eQ..w..XUG....)..`.<03>.......N+..y?.~D?@?B?D?.O~ JS........h..nzX....7..>....9.h\^.............`.).....{...x..._..u..`]..........n.....K.D?~..F.. .. .. .. .. `.....}..E~.....<R.+.< ..7...........u....................x.. 8O3....@..@
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):225
                                                    Entropy (8bit):6.631326953854896
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6XAxjAz6Wqjjqy9CmTcEgvlH3lAZ/iF9oBrjp:6v/7PwYLOqbmTc9lH3lABiFIrN
                                                    MD5:6C365A103073FF2D8303C68856DF0A4E
                                                    SHA1:FF7EF30371233ABE8C548C2F3D5CBB335183CA92
                                                    SHA-256:B97006DDA25F0B3908CE7604108261FF8AB1E1984118F3DAC296428BCF34B1A3
                                                    SHA-512:A18B81BFCEAF82C7DAF68F501186134EF01DDB64D130625074065AA23D78CD420C8A77E43D4263C649BC3125C61352EBCFBB0FF3DED4332562C556E58C7D9B16
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-sidebarToggle.png
                                                    Preview:.PNG........IHDR...............7.....IDATx.....P...o.%.m"..d.1V..aZ\7...F.G.v..!..{...N.a......k.3..._....aA3`..h..))...V.......2.eeV"..K.H...n.....7..N......k.....0..Wa..$X......C..BM........K.G.oq......m........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                    Category:dropped
                                                    Size (bytes):4286
                                                    Entropy (8bit):2.9685570244818322
                                                    Encrypted:false
                                                    SSDEEP:24:sumsdyt7O7ZP1OMcNafEn/c2BBsbEDy4EwxsyMp0ZAwXmAcGtX6bT5Ebpt2Nl:Jdh9HNEn/c2B5D1ZMp0ZAWpl6XaP2Nl
                                                    MD5:6C3C4E29A98A8233DC78C27390276D97
                                                    SHA1:C8767D8C1D3CA36500CB4418AECC5507704E7D37
                                                    SHA-256:B5E98601599254D37183F44AFD726A9E9BF7A4B0C89E17E4B9948CB3F4012937
                                                    SHA-512:6321808D1A1B9E952D14E5216B4272692115E08EFE5DD9744FDB6677552DCA555DB5F530FE6FC7B07F8E38B8CE3BAB14AD3CBE0EFB5B260AA56F7E40AA1033AD
                                                    Malicious:false
                                                    Preview:...... .... .........(... ...@..... .........#...#............................f...f...f...f...f...f...f.".f.b.f...f..f..f..f..f..f..f...f.g.f.&.f...f...f...f...f...f...............................f...f...f...f...f...f.-.f...f..f..f...f.j.f.K.f.=.f.=.f.I.f.f.f...f...f..f...f.2.f...f...f...f...f.......................f...f...f...f...f...f.z.f..f...f.R.f...f...f...f...f...f...f...f...f...f...f.J.f...f..f...f...f...f...f...f...............f...f...f...f...f.).f...f..f.V.f...f...f...f...f...f...f...f...f...f...f...f...f...f...f.I.f...f...f.1.f...f...f...f.......f...f...f...f...f.3.f..f...f.#.f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f..f.=.f...f...f...f...f...f...f...f.(.f..f...f...f...f...f...f...f...f...f...f...f...f. .f...f...f...f...f...f...f...f...f...f...f..f.0.f...f...f...f...f...f...f...f...f...f...f...f...f...f...f.'.f.f.f...f..f..f..f..f..f...f._.f. .f...f...f...f...f...f...f...f...f...f...f...f...f.s.f..f.%.f...f...f...f...f.+.f
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, from Unix, original size modulo 2^32 15555
                                                    Category:downloaded
                                                    Size (bytes):5406
                                                    Entropy (8bit):7.961155741990188
                                                    Encrypted:false
                                                    SSDEEP:96:5eUAOfFeb7xSFyUu30q4GYW57HY6lC4fVWh3j+ils/GjuWlLTI4/CAF5/8PPTW:fAQ4eyUuT1t/NWVj+OjNfJYPbW
                                                    MD5:3175F59212037B1E903D8565528EA38F
                                                    SHA1:FFCA636C8DA0FEA013E7CCF11DC6CA7A65D45A3A
                                                    SHA-256:B04410387B6B16E611E1396CAB87688614AC2151F687807F919026F59779A838
                                                    SHA-512:D948C8B8A07DE70C22685CDE4506F50BF146BFF23D17C3C1F80D1E60591375221E3D4CB7EECA31BD382987E5206D0310B6F7F9C71E62F9118BD8C130F95E3D80
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/view/20240402/W242401214-83991
                                                    Preview:...........[{s.W..[..w.(Q$.t.$.#..)...S.@..Nf3.TK....Jw..U..GH.!0L...HH.Mb...0....,.5_a....nI6....N..v.>.=..s..~...g^.s..N+.n....&..F...g6.&jdF.:..50.m...9_....:...M.5.5.WJV.e....=]`.*Z..w.q....,..wuBa\).....B...0..Qg........4..k.5.).5V.lU..~...~ ....Zf.+.....sY.5g..+4...F.Ycj.*.....*...4.D8.....r.a..{ B.b.(.........q>.e.?.Tl.f.B\.t.'PfI/9..........U0.5.=`\......k.qd....O...{gOM....1...zQ-Y....o;Bb.1....o...K...).f.U...C.9G.{.....M..=.9.....B..Ov!..8..9c...D..P....l..mDK..$.)!.........f..r...]..Q...6...m6..?..a:.b ...H1..Tg.1.h.....m..x..Ye.T...<.].b. 9.k..~.+.!.U.j5.`\..gG..0cV.(....2.^c.lryn..@..UL.qU.V`NG.-.U.].......+6...6*...WL....VsLQ...:T..Y..5...M..x.a..@;.Pz.$ a.....+#,.....a..f..a.M..jj...@.3.b.P.[...w..5..zZ...l:[A...V7.Z.T.).hZ!<8}t@....FQ..EVS40..r]Hm.h.XM....L..Zv..d4f......eV6[..J.%V.g....k..V%h .c......J/f.M.6.h..p+..(..J.f8N!.4.L._j.e..t.c1nI.-G.x(.............6A....KX....#...;......).a:A...X...n...l....k.mE.D.G..X.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):238
                                                    Entropy (8bit):6.687374423372517
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6LPHA1YuN276Q8nKbz7l/DVyVD6NX0Mlkup:6v/7PLPwYuNcZjzB/DVyx8XP
                                                    MD5:D86ED7C2CA30E08F7F3B499DE2DCA107
                                                    SHA1:6E10286DA3A52E0BBA782D0FC4A7C33D10C8F4B9
                                                    SHA-256:3E1AA1DF58B9BA316C01F4E6CE1099E0FC56948836433B9FB34939DE5A5E0E98
                                                    SHA-512:EC30D35314201882898267E3EA8190AAA3C51AD8CB0FE8DA34C2434390A1C45381A8670DD8B3E67C330689FE6715E89949C1080B1D2536544D1523510E6AD5BF
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-pageDown.png
                                                    Preview:.PNG........IHDR...............7.....IDATx...A..@....A'.E....:D..:P...D...H.".Z.E...8..}.....-....?... ..H0..$.Dm.O. y...H.......Xu..Yy,.U......-...........2.9Za..9.yN.b]..2.$...Y...h..7...x..iO.f.jW.........A.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 28 x 62, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1365
                                                    Entropy (8bit):7.801373468631307
                                                    Encrypted:false
                                                    SSDEEP:24:L1350JdKtL+69IR+9xfwepCo+PLomFMectJmnZralsXu9z:ZJ0vKxZGcxfwhoeomFxPZ+AuR
                                                    MD5:64AED0B16C6CC6E3AE445251496D5440
                                                    SHA1:1CD58C842FE1248FC0E68E653516AF585195BBC7
                                                    SHA-256:ADB8D7A214A077B893A8FC4C3AC65596F1A9F069BBA0C6851FE634A904B9B071
                                                    SHA-512:9352790F6E85D78C364B1EDE2766C84038E0C42FA1785223762F5FB080E4EDB1915E294B33960D3D760E1803E8F8F76CB25DD51690AE41D3C1FDCB1BBC7D84BB
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.......>.....8i{.....sRGB.........IDATXG.AL#e...L..vh(.D$..p ..N]..#!.<.@..M$(..O.4.pu. .1..8.......!...A....6T......f;.GfL..;-......~...{.{}_...$v..N.............p.kJz.(..q..G........O...N.x~2.......O.....^.x.j..T........?..../@............H`.f........M.P..y..|.@.-./5.H.T...@$..Tx....xd.PW.#....RHP....5..'.J.sf.)L6..>...,.....@.F...m...4.2RJ.<.s...mA.....S.K.c..(T^.-...V. ..$I........(....~.q....'&mR.6::.......q.`0.........0}...0....,H.....z.....*..................`!...t8...E".udd...%.5......1v*.rxaa.....%.+O.......V.VkN0.......c.=UQ....^[[..M..........._......TU.p......QUUUC.C.P...wxrrrK...$Iq...*$3...8//."......40...o.q..r....U..JJJ....{JKK+h............A...*3..<.......-..yguu...y^.e.W...5).q.....a>......iV..P__...j.I.t.+.$..,...tvv.........D.......L2.(gR.....JmZb.9......6.-.&X[[[.......Q.K...8..."IR....`zz.....g.....V[[{'....VQ.C..D M..E....v{...L_AA..t.............|..'2....+++.............]oss.....1..Y.,_=......Iaaa.....eee....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.657446940944062
                                                    Encrypted:false
                                                    SSDEEP:12288:nkZ82a3ONZlZFs9j7dZ1siZDpGDAvoUVQD7tszy/fWShstHY:kZ82a34lXwRZRDpGMLWDay/flhstHY
                                                    MD5:025AE0C9967E66C3673DB4A135DCBB44
                                                    SHA1:3A840817D964B88B9BAFF08DD35FCC34E4BABB15
                                                    SHA-256:F7BC715D856D6F72DEDE05A5E06C2EAD83D5C180F4A78CA575037D1F22C6FB1B
                                                    SHA-512:3B300B6721AD0B3A267FF6461BE9051072E46249247A69F08FD9AE4704413C310A0CD771B5210ABAFB9A9BE5894D188BE80E848BABDAE320459B4581527BBE0C
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.FSX.ESY.DTX.CUW.CVX.FSY.DRV.DQT.BNP.>KM.<HH.7CD.3>>..99.)43.$.-. ''..!"....... ..."............... .. ".(().122.344.223.,-..../.668.9<<.9<;.79;.89;.99:.899.888.8:9.89:.9:;.9;;.8<=.;<>.;;=.:<;.:;;.9<:.9;;.:;<.89:.9::.99:.:::.9:9.598.698.8:8.9;9.9::.9:<.9:;.:;;.:;<.<;=.<;<.<<<.<<<.<<<.<==.=>>.==>.>>@.??@.@@@.@A@.?@B.?A@.?@?.>>@.>??.>>>.>?>.=>>.@AA.ACC.BCE.CDE.DFE.DEG.DDE.EFF.DEE.DDF.EGG.FFH.HFJ.GGI.GHI.HHJ.HHJ.HHJ.HHI.IIJ.IIJ.IIK.HIJ.HIK.IJJ.HJK.JJL.JJL.IJL.JKK.ILL.ILM.JKM.KLN.LMO.KLN.LMO.NMP.LMO.MNP.MNP.KLN.IIK.DEG.???.777.322./--.*(%.#$... ....... ...!..!! . ... ... ..!!..""!.##".$$".##..""..#$..%&".'(&.))'.)*&.,,%../*.23..875.888.988.772.44/.34/.442.644.876.997.::8.==:.AA?.IGH.HJJ.IJI.JLK.ILK.LMN.NPR.QRS.QRS.PST.QRT.PQS.RRT.SSU.STV.TUW.STV.SVX.TUW.TVX.TUW.TVX.UVX.VVX.VVX.VWY.VWY.WVZ.XW[.VW[.WW\.WX[.WX[.WXZ.WXZ.YY].YX^.XY].WZ].YZ\.YY\.YZ].ZZ].YZ].WZ\.VW[.UTX.QRV.PSU.RWY.X[^.Y\^.Y]^.Y]].Y\^.[\^.Y[].X\].Z[^.\[`.\\_.[]^.Z]^.\]_.[\_.Z^a.[^a
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:downloaded
                                                    Size (bytes):178408
                                                    Entropy (8bit):7.932182929230914
                                                    Encrypted:false
                                                    SSDEEP:3072:m/AOtbG8fi00u44OOLX9FU8npWt8t6q8xQsX4IPaLz5E9PY2j:KAOtbGwis44OOLNFbn4t3jxQsX4jFX2j
                                                    MD5:DA3C6244239A7E7B04B85F474ADE6745
                                                    SHA1:89E7E99B7577267FEADC1FA5C4226AD4D27FD046
                                                    SHA-256:5C23897AADD37EB771CFE49A9328A53CA0903E58F82DD33F2F42E752986014A1
                                                    SHA-512:B1AA3B7E0FFFB28FDFBAB6555E18E7FAB9C73BDCCE8AD2AC4FC34F75DB4DEED9C638A2E83AA719C66C61CA5C53FE3ED357B56D3A782EE79A0518A6BA085F12FE
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/b6221848eb714bf494ae82962c3f7ac5.jpg
                                                    Preview:......JFIF.............C....................................................................C.......................................................................q...."...........................................].......................!..1...."AQ.a.2q.#B..3R...$r..%456bt.....78CDsuvw....&'....(ST....9...................................M.....................!1...A.Qa.."q..2....B...#r....34R.$bs.CSt.....%6c.5DT.............?...V... ..L..9.......M#n..J`..h.#.8...1$q.EIaT.%.dBA.C.........zP.XH.h.%EGh..g.fq....H...W.mk....{.L~|.....R.. ..%<r..B.$.T@0`...N..I.g.q&.2~.. ....K.....).&$."'...GG..%..t..8 .....H...t....jr..i^vv.Yq........H.=.)....y...A..d..& .>fq.......c.6.>.9..g$...v.g...b=...<...'.=.iZDLL...;.u.6..}.. ....g.B9.$.p5...s..2DG....{..j..#.H.......&3#.`kv...a..H..~.H.x..."+@..D....a.L..T..z..7...EEA...G.|.1..&bb:...3$.A..$..3....J........Ds.A.x.. dj,...H..c.&&=.....M*I#H...P...9.06.v..K. ...8J!.....'.s.....?.@k..y$.$..1...3....d..`80>r...B...r.d.z.4..D....zN`
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):745
                                                    Entropy (8bit):7.660578489001142
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iTXILLY+BDvAlrUL6wVLmY2WX6NHGRM/QA4V5vl35hsmvJ3/t8Cm/38VXAPg:DiU+5AlQL6wVKWqNmG4lVPUs3183vgXF
                                                    MD5:CCDFD0EA71133C9A74E0320681967521
                                                    SHA1:8FAEB8E4B29EE62349FCF186093A5BA22A4B4EAD
                                                    SHA-256:1C059E18FDF36475B4810998659F0AF4E2DF67AC1CE851224B3C222BFC04200E
                                                    SHA-512:571AAA6BA3DC4D9D0024A9AFD35BA60344FDD7579B799D8C00A89351A71837BD5E4FB2D0669B69A7CA91BDE8A59C0E47DBBCAA58E924CDDD07C5C3F0C2D0820B
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8Oe.K.U....7/.6.q..D"%#).4A.#*.+.j..5I.4P....1I......$..A!T(m.Em.vA..BY...K...~=......u.^k.....k.Q....,..\.>l.....]u...<...(..Y.....1.}q....~.s.....g>.`x].%6.s.S..a2^.c...(.].p1...l.....y.....x.s1...E....0..M....%e..'.].......|...Ui.3.b:&...g*Vbt}.....9........3.@\....<..C..........8.Byq..v.$+..bJz.s..e.G0.....}4.5.0........Y.B....q......K1....<.JN...ob.....o..-...0..2%.f..*..|..X.....)Y=JN.g. ?]..r..`....*.f.SlBb.v.aJ....d..i...\E&...-......KlBhz.v.OD..x..X`...*N.*...G.T..:....T......S.x.#o..bZ".xi..q&.M.0J.'....FS.geoV..,.K.g..j..hF..I.|.#F....3......7b..+.%7....).....Y....aP.4B...i.>d.....'eX....bk...&.].M.6...5.!....&.....z7......}n'....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x637, components 3
                                                    Category:dropped
                                                    Size (bytes):378552
                                                    Entropy (8bit):7.980382594009579
                                                    Encrypted:false
                                                    SSDEEP:6144:pfDWnwMjpFb/JJszbEotIFHFIEHFMnblSyQCl7xlxbPRsj83A8N/:pfDUnfLotMHqEHFC7xLPRC83j/
                                                    MD5:EC5C2BC464FCA0AFB51C8BE4012ABF02
                                                    SHA1:598937C70943F0650428C37B882617121C240DFE
                                                    SHA-256:11CB22420988FF24FF9AD8AEDEA4F352D0856640778A26D2C69963C20AAD69B1
                                                    SHA-512:308E5EE262FCF3EA5FEF9E2E6EEA1493E51C4CBDD58121208D65B09B6EEEF9C3F7062F145A1DDD868F620B51FDE039952C7FE5821D8E9687286C5A7762E78104
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......Y.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:7C3A8A8CFBBA11EEB90988B32605F4E4" xmpMM:DocumentID="xmp.did:7C3A8A8DFBBA11EEB90988B32605F4E4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7C3A8A8AFBBA11EEB90988B32605F4E4" stRef:documentID="xmp.did:7C3A8A8BFBBA11EEB90988B32605F4E4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):1688
                                                    Entropy (8bit):5.0713346828958334
                                                    Encrypted:false
                                                    SSDEEP:48:c4AlfEtkZAmVbSvViOYNEuqGMX3Hm9m7oKlK4kgF:slfYNmUdiOluqX3Hm9mJE4k2
                                                    MD5:32D87ADEFC9AAE8732107E05B61BC84C
                                                    SHA1:5B323A9868EEEF9F7C703B4EAC847320BB1288BC
                                                    SHA-256:A0574D92FDA687C9B6777EBCDC6FF034BFBD0CDAE8C3A3889A0B71BE94077CBF
                                                    SHA-512:649A84ABE026C267982D0376E42EC03314F366AB5084129A4930DC60CFF2AA6D02A32D1AFBBBBB991499C75D6D5B811DB06BD2ADFD3ABD916E47C5A44B03C5AA
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/img/mail.svg
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 21.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id=".._1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 48 48" style="enable-background:new 0 0 48 48;" xml:space="preserve">..<style type="text/css">....st0{fill:#5C95D0;}....st1{fill:#FFFFFF;}..</style>..<g>...<path class="st0" d="M24.6,28.8c0,0-0.1,0-0.1,0.1c0,0-0.1,0-0.1,0.1C24.3,29,24.1,29,24,29c0,0,0,0,0,0s0,0,0,0....c-0.1,0-0.3,0-0.4-0.1c0,0-0.1,0-0.1-0.1c0,0-0.1,0-0.1-0.1l-3.2-2.5L13.4,33h21.2l-6.7-6.8L24.6,28.8z"/>...<path class="st0" d="M11,19.1v13.4c0,0,0,0.1,0,0.1l7.6-7.6L11,19.1z"/>...<path class="st0" d="M37,32.6C37,32.6,37,32.6,37,32.6l0-13.6L29.5,25L37,32.6z"/>...<path class="st0" d="M36.5,15h-25c-0.3,0-0.5,0.2-0.5,0.5v1.1l13,10.2l13-10.2v-1C37,15.2,36.8,15,36.5,15z"/>...<path class="st0" d="M24,0.5C11,0.5,0.5,11,0.5,24S11,47.5,24,47.5S47.5,37,47.5,24
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 380x160, components 3
                                                    Category:dropped
                                                    Size (bytes):47066
                                                    Entropy (8bit):7.976564512815287
                                                    Encrypted:false
                                                    SSDEEP:768:CeVTD2iPsoxMWle7KZB1rCVK8olpgzTUq1G0jaoiwee4hKjieVmlhdOz:CmZkqMfKz1Kjol4YOpjay/ko
                                                    MD5:87C6C006FECACE9ABC214473B1D65BCC
                                                    SHA1:FAD230CCAD87FE384356E51CCFBA4FDF948BDF23
                                                    SHA-256:00EF9AD922B5644038FA0570A4878E5EC9AA04B8FA3BD3CDDADA854AE23281F7
                                                    SHA-512:EBFC9BB45CD184D43FA1B2E71FABA2B59D5FBC62E4A8EEFA1A5F44651CF9CA441A44E112236AD90086EA39D5C0D043BC2601FA2D5C42348C83FCF3EC6E2A1A8B
                                                    Malicious:false
                                                    Preview:......JFIF.....d.d......Ducky.......d.....(http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC Windows" xmpMM:InstanceID="xmp.iid:7EF5BE88B0FA11EEBB5CCA2ECCDDFCAE" xmpMM:DocumentID="xmp.did:7EF5BE89B0FA11EEBB5CCA2ECCDDFCAE"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7EF5BE86B0FA11EEBB5CCA2ECCDDFCAE" stRef:documentID="xmp.did:7EF5BE87B0FA11EEBB5CCA2ECCDDFCAE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d............................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.348183146473142
                                                    Encrypted:false
                                                    SSDEEP:12288:WgX4dn+VrN/9yVtUN98BH/+SyaNahpnSoZtDKH9nMFnnVdLTx9DNNwkl:vX4B+Vh1y8k1zNqpG9nMFnnTLTx9DMkl
                                                    MD5:FEED81A0B5869100E30E83DFCE9E866F
                                                    SHA1:1D9842E48BEFD9C4E55AD84DBBB8C308F130CBA5
                                                    SHA-256:75CB34EF14B6FDF7D96EB5DDA6EB04788EEB9A45B605F89B699CE6167E739DF0
                                                    SHA-512:7AF4B96A2FFEE029153B698B7E09E0803BF4E2523E4289D47BC3601522315C6CBD1FBB62A8579BFF9AE59343AADC1EF4AC388FB1B0B7503BC72F7CDBDAA45FF4
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|..........................................................................................................................................................................................................................................................|...{...|.......................................z.npN...k...l.......................w...{...........w...c...i...z.......|...z...v...q...i...b...h...{...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):1322
                                                    Entropy (8bit):4.87070943220819
                                                    Encrypted:false
                                                    SSDEEP:24:qkaE+5wE+QIEPMErPKKdNZhcLKi4QnePv+AOP4tP6x4ZRY0eQfCY0w:q4AX+QfPLrrljH2AKyGGRqQfCc
                                                    MD5:66849903ED6FF8C0D66E1FCE2FADE298
                                                    SHA1:21333139ABBCC1D08C0E5A95ABED761D4AD35FDE
                                                    SHA-256:D49CFAAE43BF15C99EAA396B7C2438041495C81E4B7A2F87E809E40D71742FB8
                                                    SHA-512:819864137B5936178BA2168960591D098A211D51EBBA096B952C8E2E70AFDAD18C67266C791DB8A6E9A7C5C30436B4C8FFE2DDCB47DDA5A8E58E2D5C1D880F5E
                                                    Malicious:false
                                                    URL:https://www.ccic.com/plugins/libs/load.js
                                                    Preview:require.config({. paths:{. "adv": '/plugins/advertise/js/adv',. "advEjectWindow":'/plugins/advertise/js/adv/ejectWindow',. "advBayWindow": '/plugins/advertise/js/adv/bayWindow',. "advCouplets": '/plugins/advertise/js/adv/couplets',. "EasyReader": '/plugins/accessiblereading/js/EasyReader.min',. "jplayer": '/plugins/accessiblereading/js/jquery.jplayer.min',. "jqueryMd5": '/plugins/accessiblereading/js/jquery.md5.min',. "jsbrowser": '/plugins/accessiblereading/js/jsbrowser',. "barrierfree": '/plugins/accessiblereading/js/barrierfree',. "articlePaginationLoad": '/plugins/libs/articlePagination/articlePaginationLoad',. "articlePagenation": '/plugins/libs/articlePagination/articlePagination',. "videoLoad": '/plugins/libs/video/videoLoad',. "video": '/plugins/libs/video/video',. "ckplayer": '/plugins/libs/video/ckplayer/ckplayer',. "articleSlider": '/plugins/libs/articleSlider/articleSlider',. "articleSliderLoad": '/plugins/libs/articleSlider/
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1920 x 478, 8-bit colormap, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):395869
                                                    Entropy (8bit):7.997055372678641
                                                    Encrypted:true
                                                    SSDEEP:6144:+6EQ2GRyGIrzMrfIQf2xP9D1r3KXNoA3fKVtt9WStqd:12caKwialD1rERSV5Wxd
                                                    MD5:F983CF4A49B776BA036A42DB0B779A0E
                                                    SHA1:EE310B966A918D400607D6AC41AEDC4436C8D802
                                                    SHA-256:9631A17B0EA39CB61B03A5F03BB6F2EDE980834B873DD8136D7CB43375681902
                                                    SHA-512:9E816B5D09BBF16FFD618CE858666F53B4E23B3636CE92E7B7AA07526A53625D8CADFCF356B0306313D79E08EE757589D4BD51BE0215B7F6ECF1840D40E1A9BF
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zyyw_bg.png
                                                    Preview:.PNG........IHDR.............M(.I....gAMA......a.....sRGB.........PLTE.e..d..`.._..e..f..d..e..d..d..d..^..c..]..d..f..c..e..Q..c..\..T..c..e..S..b..e..c..e..a..c..c..b..b..a..b..f..d..d..a..Q..b..R..S..a..g..c..b..f..O..c..U..a..a..T..`..U..g..c..U..R..P..Q..P..b..d..P..d..U..P..S..b..`..a..b..W..R..R..R..d..[..S..b..c..f..f..W..a..U..S..b..X..T..a..R..S..a..`..V..^..T..R..Q..U..]..`..U..T..Q..Q..Q..e..d.._..\.._..S..Z..\..S..R..c..R..d..S.._..b..R..^..S..b..`..O..]..Z..`..T..R..\..X..P..\..W..U..Y..V..Z..N..d..`.._..R..Y..W..^..V.._..a..`..Z..X..X..V..P..O..b..[..N..Q..V..\..U..c..X..Z..O..a..]..]..e..[..]..\..U..W..d..b..]..^..W..N..W.._..Z.._..Y..T..e..\..\..`..N..Z..Q..^..Z..Z..Y..V..Z..Q..f..`..W..c..N..^..S..e..V..N..P..b..e..]..e..d..d..[..N..S..S..N..S..f..U..V..e..V..c..N..W..V..T..R..c..\..O..P..Q..P..^..O..a..d..g.../b.. .IDATx..M.+.&&Ed*...+....4.)$M.&.-.....'..F.E.M.T..2V..^..Z.......h.K/L..e.z..0.g1.5La7M_..\.Yz......E.:.v7..S....T..=....3..O_.~.=O_./|.._}...1..'y
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):257
                                                    Entropy (8bit):6.840754841393751
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO63ZrnaDSVCAZhb1YCvLmS3BHE+iSxidViirN/T6TDx2up:6v/7P0DSvjb1YCjx3Bk+PxidrN/mx7
                                                    MD5:923CFB0F2A944B5A49F99A6901770F71
                                                    SHA1:77463C425966B8A298A2D87863533E68092676BC
                                                    SHA-256:F09068D019819FCA961F6F1FBE02A267A83186E8A503857291B75C9360C63433
                                                    SHA-512:3E42DACDFFE29F8C065C8C1C8E09D864BA31766495A47BA4F4FFDF586D79656B91423E1445BF617E6CE9DF9287B0F868E13E32533F8C51CE1C490513947AD1E1
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDATx...=J.@...9..*..lg...R.=.x.T......6E....A.D..."..V.?Oa....+...?.g~/..3..../i..#.v.sD.'.0......>.B~..9..gD....|.....M`.[;.e._...@-z..o...m.nY..e.Cy}n.y..c.4a.E....4.....5....+.....P+......3~cYE.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1091
                                                    Entropy (8bit):7.7318245756508786
                                                    Encrypted:false
                                                    SSDEEP:24:rU6uwHYSHq6gUGMFvLrcbI8qCjQUZ/maLUm3cl7nsCj4CuFuiRBhqw:g6uw4SNgUbHCIWR8aL9cdsRCyuqmw
                                                    MD5:06FDEBB55E6F6BE220F65E610B54BBC3
                                                    SHA1:9EEFE6EA4BCBA05711506908C3D96055C9F4D22F
                                                    SHA-256:2E78CB64AD8674DDADEB401DA76FCA0877811AA5BCEA3A38B09389096A914F7F
                                                    SHA-512:AEC4D689E2558F81A74715DD7FB38C80E7F9DD21D61CE9DB87EF26B29B102D2582114A22D296CDEFCD2B3F430A7D9144B8CDA303B47F70531A8B8177D1AEBCA0
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/e9f3ffe059874704b3630813673bcb83.png
                                                    Preview:.PNG........IHDR..............w=.....sRGB.........IDATHK..Kh\U....G.X.&.B.TR.B0....J%.......$X.Hc...+(..M7.P..7.&w.gnj.".Jm....B%fcIm.`H|.N2....1.I.)zVwq.....:WHz/..........\g/......?...D.....U.AyK.n<.l......I.H*e,..z..8[?.s....v].V.V.m.gP..t......:1v.^.{;..he..R..0....w@wS....rq.@.#.8.3!.&...L]E.E.a...76..(...:0.z..?\.....s.....W...THu.?.....<.^.J..(.<....Y..U..D...B..D!..jg...A.)...z[.-.A.|.`5.v.w...`.......1].._..c.H<..l<Wr.\.J........a....:.W.3.L4.D..^@t...h..P}.t..=9...iY.p..E?.........).*...>.y..k%.......o.@..N..QV.|E.9D.{.8..a.U.sfk!....p.X.1w....R...n.8....#Z...a ..$Hz#.Zf..d...wE...)&.I..<]'e.]JQ..ZfM.!.^...i&Y......~.....*....7..jZ.....>....E.I\....k.5.&.`..@.....X......P...`|..JT.H.{Iz..Pm%.w.2.....^.h..p.......b./.@.e..,Qc.c..Cx._N .M(.!.H`Y.8i...:w.&.....&P.GL.d....}.4.........U|".{1......pJ.i..1..Gq..$....`........)..|...y.$.7..#..u.1.QE...G..I2.1.6.WDN........../P........m..S.q.s./..}..N....U....1M.4.,^6........l..x.f..!...S......p..s.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 800x530, components 3
                                                    Category:downloaded
                                                    Size (bytes):745645
                                                    Entropy (8bit):7.938635655036364
                                                    Encrypted:false
                                                    SSDEEP:12288:PbjnWqhIhGP2b1GMK/b9Lj3x6ttMALx9kD1nA/IdJxF3AiRx6veHgT16WxhQSa3k:PbS0Ibb1q5j3x6tPL4DRxhFlsWHgZ6Eh
                                                    MD5:789863D9A3A6D43A2A6CE3FD01CD0CE5
                                                    SHA1:431FCF1FFB263189E3B5F3E88ABBC15476D619CE
                                                    SHA-256:DFDD57A0EE53FD374BA9FADDCFA8B9D9396F68A0121DE3E25C16ED7860F76159
                                                    SHA-512:9A303C6506035B6E82582C6AA5FA6A6FB61E8B949C2F1A776C465F2A282E773E403E0BAE0300B997329C2A459D084F075F6ED7741000C48436C52F81476CC943
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20243/1919c136478b469dba45af1a321e43af.jpg
                                                    Preview:......JFIF.....,.,......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 4.4.0-Exiv2"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:Iptc4xmpCore="http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" Iptc4xmpCore:CountryCode="CHN" photoshop:CaptionWriter=".." photoshop:Category="18" photoshop:City=".." photoshop:Country="CHINA" photoshop:DateCreated="2024-03-05T09:00:38+08:00" photoshop:Headline="..................." photoshop:Source="..." photoshop:Urgency="5"> <dc:creator> <rdf:Seq> <rdf:li>...</rdf:li> </rdf:Seq> </dc:creator> <dc:description> <rdf:Alt> <rdf:li xml:lang="x-default">.........2024.3.5.&#xA; 3.5.....................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):624
                                                    Entropy (8bit):7.560161652355821
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iHj+T8hkczvw71p/r9pcjtLYTlSxuTc9lAq2tXfoz8wZek1:3j+wSa6trLcjtLWPwIFXfooMem
                                                    MD5:03E3101F7A80A31C9930AC70BE34578E
                                                    SHA1:924E653A4AC740D09AD509365775A8A20379D30F
                                                    SHA-256:F1D73D6A710F918DB6B3C993D5D0160F1087E430C59455B5702D296D09D9B766
                                                    SHA-512:F5C244E66B647E81BA9622E65760B271F26E92B9EA1F0A3ED9A415C829F18A74EFB62BFDC9B2CE73E8CB7A2CFC49A7220D32583E25D638258D2EE7FD448600E6
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_22.png
                                                    Preview:.PNG........IHDR.....................sRGB........*IDAT8O..K..i.....=.fA....YL...q..H..&..b7..D...Y....m....QB.......<.y..:....y......s.!z....[...r..9{.....8..cs.......;..}.........M.....$..........v..........*9...c....q............W%6.0....Y:o..H.!..l.N....<...N?`3....p.......2...RR.Oc$.....[...4+p.w../.`+u?v.F....(L~..8..8.m..}.0Y.m!n.6_.C.i./..y5..q.+.8..K..569.jh;z...0L.?.3.8.....aL..4....e{..K<..,.X.pv5d\.....4..f.......Z.&c.lq..v?...b..+....^l.X.1.s..g...K.....X.,.....yf.U....M.....`O....&..S>y...2...X....G...}N....a...vVl9....U..x..../...x.yA..I=W)s)....leD...km.5....B......#.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1200 x 182, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):308642
                                                    Entropy (8bit):7.988099450876988
                                                    Encrypted:false
                                                    SSDEEP:6144:SP+n348iPo0aGl+bbDox+9k7CSqkFrMJfpHrd1C3HjetBLWkNz:SP+3Rij/+joxvCSr2JfpHrd0oLfZ
                                                    MD5:6C877D961DFACB437A4FDA10C54730B7
                                                    SHA1:5E842D07FBBE99B7CF114C50FA2EDD468C4003F8
                                                    SHA-256:9A93ABF19CD51303CCDA553D616FF9614A3D2C2D44B3CE90981FC9792BAB791A
                                                    SHA-512:EF78A500AF51A6409A77E7675ED1C645404D7FE62BBF89B6DD2FD8BA372D59639CA8B93FF46DBD5BE8549217285895A6995A6B44FD4AF379A4E72999D0129C23
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20241/0447ea4d3c4d421e9c6fe4a197afcf62.png
                                                    Preview:.PNG........IHDR..............7t.....sBIT....|.d... .IDATx^..n.u...7.. ...Q.H.@.(Kt..#.\N..~._..G..8...Id..eIU.c.... )..I......1k.^=....I..8..o..V..W....[.'.6.X..........7pt......[..M`.c.no.f.......o....F...........}Fx...{....^.I.)....K.>.X...M......*..}JK.#}J...it}mp.....q.D.z.Kw...H..e.p..@...A...(?..-.e.:~W..'.Ce.-..U..6+..t&....R.P.W...L.....?.$-]~....._.M...U.v....J+..t.uD..p.....(..C........r..$|..6...{J3.s....!.Yl........i\Z_d.......V.2T?...i.Y..?....6..>Q.:.v....J..ez...~./..^y.B'..5~.;..II.......[/...m6.\.^.x,\^....~T..C..kcG...'.....E....xK.&F.'..c.zm..x...k.......O..P.Up;.=......b..[l...5..l.....k.<.V.y -].Ev........Z..;.cchuv...ee..Z..^Z=.i..NR .E..;.U...FU.t.U...*...s...z~0Q.5:.{6Z..'s...z.e.WW-..U....<...1K...=.\.~..^.M-.\i37.L.....#_&.#..r.T.[.m..4.Z..E..I..h.\Q.r......./r.e..p%.1.....ks~7...!.j......T.zB.Z...^.....|s]..2...U.k..B..cq...=}..h.K?.OE_..1\h.Vy.0._.n....a...s.....V.kIs...Z..0....V._....+j.w.;@\....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x369, components 3
                                                    Category:downloaded
                                                    Size (bytes):169994
                                                    Entropy (8bit):7.97940095220045
                                                    Encrypted:false
                                                    SSDEEP:3072:QXr61pvZg+BlHSDAbjvax2iUzXxd5dBGOPySjq6rO4ITemdRTa4P9jTGrq5EO1yP:Qu1HSDAfpxTHnlLOzj9nGrGd1I
                                                    MD5:C020B6E87AAF6399536FD3085CD1A069
                                                    SHA1:A7EB0608472E0A1BA0F8B88A5A4BEAF41FFF179C
                                                    SHA-256:2E542C71AF530829C57232E5FB22D315FC623AAB327B536472A07C3F7C1E5ED7
                                                    SHA-512:89D857BCE08ECF0AB86679B63CF6E36CC68A667DE7B39001EC96045C9B36252130C932E42F7D32F9AB8557D8C953B2854EB54EB8B49C1ED2B5BE1C8F21181F94
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20244/166611c43ef349d88469144863c5a96f.jpg
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:1ED70D2DFAF611EE84C591D1C693F92E" xmpMM:DocumentID="xmp.did:1ED70D2EFAF611EE84C591D1C693F92E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1ED70D2BFAF611EE84C591D1C693F92E" stRef:documentID="xmp.did:1ED70D2CFAF611EE84C591D1C693F92E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):136
                                                    Entropy (8bit):5.969719433977018
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPl9vtJK6PtqshE5k+eFUaqYallaEJx8+f6x3SnjTp:6v/lhPO6fZTUoalrJxVf6xojTp
                                                    MD5:1EC009B6C54709AFA73D99DB10C57039
                                                    SHA1:838ADBE15D84DACEEC25CFD4D8D6AC1580B4F693
                                                    SHA-256:1F18129857BA039238716C12D5DAB4E23E30FF73E3E4D217CF7B65BC058FB22C
                                                    SHA-512:A715EDE13848A77DF5EF2110DFE10B83C76F9C545C83E7272FB16A926983C8F2578B9411C09FF437163F1B0B3E67687D88A89C6003E086B0422733B32FA8FF27
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7....OIDATx.c.;......!..T...........j.c(....@..&....l...<./..."|.<..h......28.!.....+#. ......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (65451)
                                                    Category:dropped
                                                    Size (bytes):89476
                                                    Entropy (8bit):5.2896589255084425
                                                    Encrypted:false
                                                    SSDEEP:1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
                                                    MD5:DC5E7F18C8D36AC1D3D4753A87C98D0A
                                                    SHA1:C8E1C8B386DC5B7A9184C763C88D19A346EB3342
                                                    SHA-256:F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
                                                    SHA-512:6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
                                                    Malicious:false
                                                    Preview:/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):384
                                                    Entropy (8bit):7.1112457972995715
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6kiHN2FOEGWaegKHIfXzpHBbIEgvMMISNdnej4E2oPlTJnLQIjaW85M/w:6v/7PkiHiWCIfXlHZvN+hejTPEImGW/N
                                                    MD5:B58498A5BA191146108D60BF1E079592
                                                    SHA1:53C5A0C4C40F5F47FB6D2F57A82A4A6D0A83FEB0
                                                    SHA-256:0BCE5882A5B8CAABD453FCC98C3D017F5663C845F50A00DCC78DF854248B7D20
                                                    SHA-512:F3854BA432856682FAEBEE10A06EE08831041AFAB7F83992745AB7D5A43ABE4A2F36DCC14FD696C9F8499C510B8ADA15A2A3E896844C48E83B146CE8FD2768C3
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7....GIDAT(Sc` ..W..........K..w.....l.b............>....{vV*..P........o......d.A.....[M..{oM.....$.......3..z....&....>...&'...._......}.#....y{r..#.......6E}...^.......Gs..~.[....w.1.S...&.P.....vx20...+......*...J.@.......@..].-...:.C.M66pi `z..K)..b0d0.T.m..#.4.L..w......F....sp``e@..m._V.?........`%.........!.....0......4a.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (334), with no line terminators
                                                    Category:dropped
                                                    Size (bytes):334
                                                    Entropy (8bit):5.143383590772558
                                                    Encrypted:false
                                                    SSDEEP:6:qHrpu8mgO9lVhn5nXm+PLE9XGipLYmHWDJilzJTDoW7xC7JbDRWPWG3+Y+TMe:ijuHnJXmcE1y6WDslZb41DRWZ3w
                                                    MD5:F67D71DB24C8CABD02BBBC28800200F5
                                                    SHA1:A12BE0EB83EDC9ED193901CFC13FDE1D41EE69E3
                                                    SHA-256:5D93DF4316DE900800DBF8C797B6E3A2CC51329E3990DB056E6C5EEEEC24014D
                                                    SHA-512:085E0831A189DAF01E1BC37033CF689B18533FF4000E23EB735D43E9179A42A75FE715121959EBA9B125AB95AC22E0B8EB66D0EEE7631DB52028E0000BB81F7F
                                                    Malicious:false
                                                    Preview:var juba_uuid = "";(function(){ var juba = document.createElement("script");juba.type = "text/javascript";juba.async = true;juba.src = "https://www.ccic.com/api-gateway/jpaas-juba-front-server/sync/detailcollect.do?webid=M2WWuvCTV3aRDeIw4TUa2";var s = document.getElementsByTagName("script")[0];s.parentNode.insertBefore(juba,s);})();
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):295
                                                    Entropy (8bit):6.879166317647769
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6RshxAW6uUnVfbh+X/MIKVaVcikuAoiqLMReEjHpe3T4/jp:6v/7PRshF6uUhm/MAOi/iCsi4/N
                                                    MD5:8DB4158C49B8A31E311EE501AF30566F
                                                    SHA1:6B17ACD1C4EA6A9D9859819456952EFF133F3CC1
                                                    SHA-256:EC9DD66C32FEDBF6D5E1FD166E01AC13AC751E2441D7FE9AB8DD79DC5C94B825
                                                    SHA-512:F6BC16EC563E614E54060BB7C0911FBE8BBF776F77EF189E8910CB6181E6919384F2E695B24C62D2CD6C419B4357EED408FB2D0EB4C96519D884247C9BC4BFD8
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDATx.c .......n........g..@ .5...GH....H..XAG:....Tp.h4nx.....7a......o'."..3.....~;...........L..2.+../..C@iN..9.J.AD.t3......k# ..%u...sy......A..n...d....f.o...... D..1.P....a.."......?...`i...t1.U<...?..@w_..0....,..L.v..8.-.....A.^8yl....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):5.069578991915547
                                                    Encrypted:false
                                                    SSDEEP:6144:afwMHB8SFItbNxiF3TTW7U7+YpJoyoRgau61Mm/vdLvNJPod3eNftj:i9zL7ajRodofR
                                                    MD5:E1C4C0FA46A5B4AA71934A9375AC17A7
                                                    SHA1:11DE2D6C7E241EC0899DEC462D34DB24271786C2
                                                    SHA-256:0D420B81D3FE8DDC679F6684CF49945D1A2906380C077B707913FA0FC0F192BE
                                                    SHA-512:F9731B6AEF5F0BC9553AFE6E896FA97E2A6A5E99965C5533D207D3796052929DB25074267FDDD2F074FA5FA45FD2B444F30DEC23E048709BF81859808A067A9A
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S0c5ad05ac34647b99d2104db31a1de89-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.........................<DM."%).. !. "#.&*).*//..46.18:.4<>.8@C.:CE.>IJ.BNO.FQR.MVW.PYZ.S]].OZX._ji.............................z...v...lwu.aml.DKN............."".."#.......... ../0).02*.-/'.*,%....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text
                                                    Category:downloaded
                                                    Size (bytes):11676
                                                    Entropy (8bit):4.8028506627815535
                                                    Encrypted:false
                                                    SSDEEP:192:KGEJkziSF9+g+LdT9oerE+8gjJwK5oX+ksIe2:Kdy/+LdxcFgvIe2
                                                    MD5:9E21F05DC47E93496CCFA77C3962575F
                                                    SHA1:949BCC79A965E9FC92575720BDB86032503DD229
                                                    SHA-256:E5DD017F4A531933A2C75D1898BD44E57EBB67FD16877FD67FBC44AEF4A71FE6
                                                    SHA-512:8C2501AEC384DF5AB256E06812BF073ECFA2D5525B277F2E4F6B0BC57BCCAB515B9DA3CFB6D774265EF5631898020BFF7C26ECD3693C4128E79C014D0B5B4BC9
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/index.js
                                                    Preview:$(function(){.. . if(document.body.clientWidth > 1200){. // .... ... $(".content_right .head ul li").mousemove(function(){. $(this).addClass("on").siblings("li").removeClass("on");. var _index = $(this).index();. $(this).parents(".content_right").find(".cont > ul").hide().eq(_index).show();. }).. $(".news_news .head ul li").mousemove(function(){. $(this).addClass("on").siblings("li").removeClass("on");. var _index = $(this).index();. $(this).parents("ul").parents(".head").parents(".core").find(".cont>ul").hide().eq(_index).show();. }).. // ..... $(".zyyw_head ul li").mouseenter(function(){. $(this).addClass("on").siblings("li").removeClass("on");. var _index = $(this).index(); . $(this).parents("ul").parents(".zyyw_head").parents(".core").siblings(".zyyw_bg").children(".core").children(".zyyw_cont").children(
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):2776
                                                    Entropy (8bit):4.7877242254425445
                                                    Encrypted:false
                                                    SSDEEP:48:c4AlfEtrhdZZdG8P6ZgU2B2yTl9b6f8Q1D/mXyHZsqg3WZNy3ZNimNanUH/+dT+5:slfYFdfk8P5Tl9bg8Ql/wfWZNy3ZNimf
                                                    MD5:7EC750C754E782783199B33355DF2968
                                                    SHA1:E97FA577A639761BF3196015B5D128E2FA1AEE4F
                                                    SHA-256:AB4036B339ED8D8CD60BA53282E1A6FE2A7CB2C32D77061B7FB50DA64B94F149
                                                    SHA-512:77D62A0D8B66DA2E8F6BD19301E127D9A00B0C4CD02EC2ADB87B98ED85CDEF16CF3CDB8BBBF5A2911A821D69AE871F65EB3327B055A31FB1D379F5191D98CBE4
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/img/weixin.svg
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 21.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id=".._1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 48 48" style="enable-background:new 0 0 48 48;" xml:space="preserve">..<style type="text/css">....st0{fill:#45B035;}....st1{fill:#FFFFFF;}..</style>..<g>...<path class="st0" d="M24,0.5C11,0.5,0.5,11,0.5,24S11,47.5,24,47.5S47.5,37,47.5,24S37,0.5,24,0.5z M36,34.8l0.6,2.3l-3.8-0.9....c-0.8,0.2-1.7,0.3-2.6,0.3c-4.6,0-8.4-2.9-8.9-6.6c-0.4,0-0.8,0.1-1.2,0.1C19,30,18,29.9,17,29.6l-4.7,1.1l0.7-2.9....c-2.4-1.7-3.8-4.1-3.8-6.9c0-5,4.9-9,10.9-9S31,16,31,21c0,0.3,0,0.5,0,0.8c4.6,0.3,8.2,3.5,8.2,7.4C39.2,31.4,37.9,33.4,36,34.8z"..../>...<path class="st1" d="M30.2,21.7c0.3,0,0.5,0,0.8,0c0-0.3,0-0.5,0-0.8c0-5-4.9-9-10.9-9S9.2,16,9.2,21c0,2.8,1.5,5.2,3.8,6.9....l-0.7,2.9l4.7-1.1c1,0.2,2,0.4,3.1,0.4c0.4,0,0.8,0,1.2-0.1c0-0.3-0.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (329)
                                                    Category:dropped
                                                    Size (bytes):27114
                                                    Entropy (8bit):5.378134511171573
                                                    Encrypted:false
                                                    SSDEEP:192:Al8+Ug4gw8ZORmmOZw0YZz4FP9bpEe/7ZHtleMPCYI31x1FV:Al8OZORmmOy0Yh4FtpfDAMhIFLn
                                                    MD5:F9E3CCC153DCC0DB93ABF2439AE8B9DC
                                                    SHA1:BC253EBF02667BED68E5F96B2E9D9D63805104C9
                                                    SHA-256:4615D6EF9E50A2CBB952690DDEC29DAC974AEA92520CD4E8FB2CE2AF75CFBFF1
                                                    SHA-512:E7F4C64C845A88566A560531041A4C686A68A16DB6C8D34D27D28078FB63059634544D8291697DBFC680E138B1B30953281BD120C9631797B402F326C48006DE
                                                    Malicious:false
                                                    Preview:document.writeln("<script src=\'/cms_files/filemanager/1182833234/script/202311/baf041e290d440e8a7356c161a714b5e.js\'></script>");.document.writeln(" <style>");.document.writeln("a:hover {color:#005bac;}");.document.writeln(".column_xxlb ul li a:hover {color:#005bac;}");.document.writeln("/* articel */ #h-ckplayer-contain0,#h-ckplayer-contain1,#h-ckplayer-contain2{width:100% !important;height:auto !important;}");.document.writeln("/* .... */.friendLink {height:67px;line-height:67px;background:#f6f6f8;overflow:hidden;}");.document.writeln(".friendLink .friendLeft {font-family:\'Microsoft YaHei Bold\';font-weight:700;font-size:18px;height:67px;line-height:67px;text-align:left;color:#333;/* margin-right:20px;*/}");.document.writeln("/* .... */.footer {background:#014fa4;overflow:hidden;width:100%;}");.document.writeln(".footer .footer_left {margin-top:17px;width:348px;border-right:1px solid #fff;border-color:rgba(255,255,255,0.3);float:left;overflow:hidden;margin-bottom:
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, from Unix, original size modulo 2^32 60967
                                                    Category:downloaded
                                                    Size (bytes):15817
                                                    Entropy (8bit):7.98583125819488
                                                    Encrypted:false
                                                    SSDEEP:384:HmibpLvGui9pB+17W9rmlEdpBY1WeHyKiKpdW:HfbBvri9pBG7W94mBzq7s
                                                    MD5:443F7FB3DCA0F932CB640612C0C65A19
                                                    SHA1:B88F50FA225DAA861A1A013A0DBF5F2462842FC8
                                                    SHA-256:EF24FFCBFDEBE9CEAABB71426C4E8E0F8C537FC3257C20AED03DB49580BFCBF4
                                                    SHA-512:0DB4EFAE61451ED80B0C4B367418CEBDD9DD47E1CDCBDD5C725E48411FB1F566237612BCC81B78099B4D12FA29D5552AEB6A7B3D2ADDFED3CB655FEF0F1FFD74
                                                    Malicious:false
                                                    URL:http://g.alicdn.com/msui/sm/0.6.2/js/sm-extend.min.js
                                                    Preview:...........}.w.8....W$zoS).....g....Lw.io.....#K...\[N.&....~K..t:..{g...I..A.........D_..X.../.^..|.....\.NN...&o.q1..v......i..o..f..y........u...._..Q.....7.. .UVnV.oZ../..g.TZ...*...i...v....P.7e......yVl..i..J....R.4+.../....K....h..z...O.....^......0U...?../.u9,.k.x"2|....~G..L5+..t.&..%..R&.b..#..de....a.H.I..o.i...=..eV... .R.8[....f@i.L..0.(^m..T=..A;....L.F...H....Y...e.wY..Ag..v.#hm.-&.4..}..Le-...-.u.]..j..1......e......f....f.4ZdW..o2R....g6.8...m..d4..</}O...2...c...O.........%.t.).u..,.l./.TSx.....N..f.4../.u.PT....../$e.z..qca.FV`$m...#.u{.YO..`..3...*..H.M.i...{@.8\_..l."s.f.g/...:......Mv.\....v2...W:.&.#..Haz.I..O...~.q.8#...8..^0.:C.u..X.Df.Np.. .7...Tos..Qb"K..[.5p......x.Q.{.q.c.^k..:..g..#r.`|...n.Xx..8.aB`..i...K..Y..."L...A......A...,..]D.4......\.Y......|Un..{.9.jJS.z.c..A.8. ......<.....GI...}..Z..U..JLi.....h ~Q...^A.@.&.!.x.Nf.z.S<...s...Q..(.....n.0$..(%..UVM.t.h".e.....A.........,E .."8X.........@..VW.\...*.z..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, from Unix, original size modulo 2^32 55962
                                                    Category:dropped
                                                    Size (bytes):15426
                                                    Entropy (8bit):7.98487162777022
                                                    Encrypted:false
                                                    SSDEEP:384:2Z10htj2t9DPv4VznB2jnNC5TslwHTvExM7dsT:2Z6htyttYknATKSIhT
                                                    MD5:07881F942B27CFE48B4320D5A22FA36C
                                                    SHA1:BD17DEB74ECB52E9978080EB7A8F2872121D0BF1
                                                    SHA-256:3E0B317DA46D1B32AF3DBE4E0393CBEEE1A5933DD46A012135F0E0B7783D36E7
                                                    SHA-512:5D4F70E638D805E17767DA60DC9BEF699BF2B3F3FB71BDBD8B41A78D97D492972CE704A6EE851E7440B49BD21861734347C2529A80D4E88D488C7B64B87DF9AD
                                                    Malicious:false
                                                    Preview:...........}kw.6..w..H...V.eyf.....N.{...{f.....fK...N.mI.u........$......x...BU.P.g~*.mm>......._.g.Z.../.^.MY...p\..f........./....NW.-.*...c0oUM.iY....P\.....gy.|W6....E{.x.......4.6|..!%.....2...te........(.I}1.)._....l.3.....$....@%.M..j~J.}2......^Um22.....i]...Eyvn.g0..s...|\.W.....X\._u=.O#.O...B..3...............=..bMY..7....B..~.w.(=.=|..v...l[....E../....p3_.....g.....<.|..\..>..b.~.q|.</..."_..,M..^..w......._.u.}=)....\}>o.3......g\&=z...q...P..i...g&o.ey.j...yk..z5......^S..c....@..YC-p.c_.h*........?...m....N.6...=..<k.UO..Sr,...9.....X.m...M.O....bY,.j....,.......c;..3$5K..1L@[<c.L..O2U.....K[x.D....X.(.......3d.ca.=.~.G.E>..0.....TK.........dTPV.dO..H..,fE[|........90...[.X.5,.1L.......=K.....W.....5.Iu.I>.hS.....g........._...G.`...q.\~.../.E0K..e.........u5.....r..0.....t.4&....p.7./gEuF3.?....n.+.9VuF-....3(..'.U.......LE.......g6.>.US...f...J...PqZ/..a6.......F....W..%=.I.....?....?K.nS.O...e..>..2.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):744
                                                    Entropy (8bit):5.01974530879063
                                                    Encrypted:false
                                                    SSDEEP:12:wQLFEjfBMmqOZPjGmaoMjGWao5jG05ao5jGSf/ao5jGfao5jGdBsmJdhy:Bg2OZPjhaoMj5ao5jZ5ao5jLnao5jiaG
                                                    MD5:3B9E4BCA8614A9818350345D488E44ED
                                                    SHA1:E136A113F24B042DD3259EEF244F03445B09E727
                                                    SHA-256:964642A8278901B61C9AB4F7F2F0621DCB2156AB4BAE7168B317BB8776454DD4
                                                    SHA-512:95B6D8F7466A8C6754B40F8EBFBE64A7529AF260864F0F25CB35EC5FC66E70B9DDD10C0D1F2F0C084702A3126FE660B583E74130AE0EAB1C7F392616C6309D3C
                                                    Malicious:false
                                                    Preview:$(function(){.var starttime= -1;.var endtime = -1;.var ontime = new Date();.var onTime = new Date(new Date(ontime).toLocaleDateString()).getTime();.if(onTime >= starttime && onTime < endtime){. $("html *:not(:has(#gh)):not(#gh)").css("filter","grayscale(1)");. $("html *:not(:has(#gh)):not(#gh)").css("-webkit-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-moz-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-ms-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-o-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("filter","progid:DXImageTransform.Microsoft.BasicImage(grayscale=1)");. $(".global-header-box-front").parents().css("filter", "");.}.}).
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):104
                                                    Entropy (8bit):4.533225571042071
                                                    Encrypted:false
                                                    SSDEEP:3:C37IKHADMCKOLS6U7XRMGOuAy6s/Fw/LAXNMv/YMyn:C37IKHA4zOiRMG9tFmAA/YMy
                                                    MD5:FD3C8C676BB6CBE8E3B40B73FC981208
                                                    SHA1:8D0876A2D4C07F0D9E626399F5938629B5E23A7C
                                                    SHA-256:FB621084C406675CFC91F1A8B9480EF8A9C2392336AF7DE23C34EF660367FFBB
                                                    SHA-512:DC64991857EC48188C75FCD63BFCF15DD5294AC5DBCDE53F42F314259D8928A1A5452BEFF2428D1EB554BB417879368FFD92CB51931A11493FDB8A366C35F73E
                                                    Malicious:false
                                                    Preview:if ($('.h-gallery-native').length) {. require(['articleSlider'], function (e) {. e.handler(). }) .}
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, from Unix, original size modulo 2^32 55962
                                                    Category:downloaded
                                                    Size (bytes):15426
                                                    Entropy (8bit):7.98487162777022
                                                    Encrypted:false
                                                    SSDEEP:384:2Z10htj2t9DPv4VznB2jnNC5TslwHTvExM7dsT:2Z6htyttYknATKSIhT
                                                    MD5:07881F942B27CFE48B4320D5A22FA36C
                                                    SHA1:BD17DEB74ECB52E9978080EB7A8F2872121D0BF1
                                                    SHA-256:3E0B317DA46D1B32AF3DBE4E0393CBEEE1A5933DD46A012135F0E0B7783D36E7
                                                    SHA-512:5D4F70E638D805E17767DA60DC9BEF699BF2B3F3FB71BDBD8B41A78D97D492972CE704A6EE851E7440B49BD21861734347C2529A80D4E88D488C7B64B87DF9AD
                                                    Malicious:false
                                                    URL:http://g.alicdn.com/sj/lib/zepto/zepto.js
                                                    Preview:...........}kw.6..w..H...V.eyf.....N.{...{f.....fK...N.mI.u........$......x...BU.P.g~*.mm>......._.g.Z.../.^.MY...p\..f........./....NW.-.*...c0oUM.iY....P\.....gy.|W6....E{.x.......4.6|..!%.....2...te........(.I}1.)._....l.3.....$....@%.M..j~J.}2......^Um22.....i]...Eyvn.g0..s...|\.W.....X\._u=.O#.O...B..3...............=..bMY..7....B..~.w.(=.=|..v...l[....E../....p3_.....g.....<.|..\..>..b.~.q|.</..."_..,M..^..w......._.u.}=)....\}>o.3......g\&=z...q...P..i...g&o.ey.j...yk..z5......^S..c....@..YC-p.c_.h*........?...m....N.6...=..<k.UO..Sr,...9.....X.m...M.O....bY,.j....,.......c;..3$5K..1L@[<c.L..O2U.....K[x.D....X.(.......3d.ca.=.~.G.E>..0.....TK.........dTPV.dO..H..,fE[|........90...[.X.5,.1L.......=K.....W.....5.Iu.I>.hS.....g........._...G.`...q.\~.../.E0K..e.........u5.....r..0.....t.4&....p.7./gEuF3.?....n.+.9VuF-....3(..'.U.......LE.......g6.>.US...f...J...PqZ/..a6.......F....W..%=.I.....?....?K.nS.O...e..>..2.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1287
                                                    Entropy (8bit):7.805631724858807
                                                    Encrypted:false
                                                    SSDEEP:24:285RTqy4FCO96UE3kDrXOMt+jOWx1UA0t/QM3PwKrrILOM+cpeUTuM5:28yCyjdDCi+Kq1UPt/Qg7rrkdpek5
                                                    MD5:588DFF761CDF4081CC87D4D91BBE828E
                                                    SHA1:F29BB477971834E6DDDCF5AD96E9DC9C5919517C
                                                    SHA-256:F87D4BFD0B5E414FCD7638A6E84637D590E65162701FDBAA993B926560E096BD
                                                    SHA-512:625EEFCC39F847FCE1356382552D5271C4DC671A58BF947AF385B2E55E3FA0B80C3625B0F2D128F86542D0072BB5E23EFD78919E3D01CBBCF97ADD7ABAAC7CF7
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/8af727b1ecf149c2985d3c371d6280b1.png
                                                    Preview:.PNG........IHDR..............w=.....sRGB.........IDATHK..{l.U...g..D.......@.......A.........5.#.?......DcL.H..Bv.ewv. UI.."/.b.....A[..%P....n.7.....;.|.w...`.z.O4s#....K..........L..X7.r.O...!`..G.s...uJ.x...\..........|.0..8|l.v..H2........~.i.........U...N.?.=.......}`@g.V0...`">U...jW.b%.b^K%........%..9..=..g@M..eQc9....X'Nn..3.Q\...........D,.].<~..... ..}.|.kO.z_......w.x..&.e.-u.).rP...4=r.h..I(...1p........%R..bP.&.,....?.Y.[..';.d;...A...m......|......7..Pkq.+{.JZ...#T"2.T.y...WUcQj.0..IR..=.. j..*..I..8B.~...P....,...J..u{.5H".k@.*.(n.g...w..m.Z.+.f.....a..._...i.y:.[..:zH...`.....8..r;.._3 I..J.....P..c=..2Yv..s0.-Bh...7.V.%TQX.|o.e...f...J..{..S0..}....#M..e....+p.uF.a..`.&...7....}.J....<.....G..R..^ru.} c(..l.....%..7R.'J[)....PC....)**...XGA........+...V.;..?...j.K....m.:..fX.T3.B....(...H.....ZH.P...?./.h.[...._.T....b[/...P&..[...\.YO.....OG.......D.GI..q.,J@......R\{.i....j.7.26..4....9...b1...AI\;..@...Y.k....#mgz..4.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, from Unix, original size modulo 2^32 60967
                                                    Category:dropped
                                                    Size (bytes):15817
                                                    Entropy (8bit):7.98583125819488
                                                    Encrypted:false
                                                    SSDEEP:384:HmibpLvGui9pB+17W9rmlEdpBY1WeHyKiKpdW:HfbBvri9pBG7W94mBzq7s
                                                    MD5:443F7FB3DCA0F932CB640612C0C65A19
                                                    SHA1:B88F50FA225DAA861A1A013A0DBF5F2462842FC8
                                                    SHA-256:EF24FFCBFDEBE9CEAABB71426C4E8E0F8C537FC3257C20AED03DB49580BFCBF4
                                                    SHA-512:0DB4EFAE61451ED80B0C4B367418CEBDD9DD47E1CDCBDD5C725E48411FB1F566237612BCC81B78099B4D12FA29D5552AEB6A7B3D2ADDFED3CB655FEF0F1FFD74
                                                    Malicious:false
                                                    Preview:...........}.w.8....W$zoS).....g....Lw.io.....#K...\[N.&....~K..t:..{g...I..A.........D_..X.../.^..|.....\.NN...&o.q1..v......i..o..f..y........u...._..Q.....7.. .UVnV.oZ../..g.TZ...*...i...v....P.7e......yVl..i..J....R.4+.../....K....h..z...O.....^......0U...?../.u9,.k.x"2|....~G..L5+..t.&..%..R&.b..#..de....a.H.I..o.i...=..eV... .R.8[....f@i.L..0.(^m..T=..A;....L.F...H....Y...e.wY..Ag..v.#hm.-&.4..}..Le-...-.u.]..j..1......e......f....f.4ZdW..o2R....g6.8...m..d4..</}O...2...c...O.........%.t.).u..,.l./.TSx.....N..f.4../.u.PT....../$e.z..qca.FV`$m...#.u{.YO..`..3...*..H.M.i...{@.8\_..l."s.f.g/...:......Mv.\....v2...W:.&.#..Haz.I..O...~.q.8#...8..^0.:C.u..X.Df.Np.. .7...Tos..Qb"K..[.5p......x.Q.{.q.c.^k..:..g..#r.`|...n.Xx..8.aB`..i...K..Y..."L...A......A...,..]D.4......\.Y......|Un..{.9.jJS.z.c..A.8. ......<.....GI...}..Z..U..JLi.....h ~Q...^A.@.&.!.x.Nf.z.S<...s...Q..(.....n.0$..(%..UVM.t.h".e.....A.........,E .."8X.........@..VW.\...*.z..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (7480)
                                                    Category:downloaded
                                                    Size (bytes):7481
                                                    Entropy (8bit):4.858677013028823
                                                    Encrypted:false
                                                    SSDEEP:96:JOyYW44i4ijYTq472w7hlVYQ4K/Lk5bYsBE2rBOB:JO92fy0qK2wFYD9brBE2rBA
                                                    MD5:6CDBED3163490138D746E86941FF30B5
                                                    SHA1:854D1B0A551506819B174376902EBEEDBDAB5AD7
                                                    SHA-256:31251378C683FA40579AE943F0E7E6FA12D9095F3E30304A5F83224B868B4294
                                                    SHA-512:01AF111F4405E5A34CA036DBEAA98991F3E391E6A66577D8ACD2E5E585BBDA28153EBB112556D937BFD35193EB0F3B46EFF675E23175E21D46BE49E054AA7844
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/default/script/layui/css/modules/laydate/default/laydate.css?v=5.0.9
                                                    Preview:. .laydate-set-ym,.layui-laydate,.layui-laydate *,.layui-laydate-list{box-sizing:border-box}html #layuicss-laydate{display:none;position:absolute;width:1989px}.layui-laydate *{margin:0;padding:0}.layui-laydate{position:absolute;z-index:66666666;margin:5px 0;border-radius:2px;font-size:14px;-webkit-animation-duration:.3s;animation-duration:.3s;-webkit-animation-fill-mode:both;animation-fill-mode:both;-webkit-animation-name:laydate-upbit;animation-name:laydate-upbit}.layui-laydate-main{width:272px}.layui-laydate-content td,.layui-laydate-header *,.layui-laydate-list li{transition-duration:.3s;-webkit-transition-duration:.3s}@-webkit-keyframes laydate-upbit{from{-webkit-transform:translate3d(0,20px,0);opacity:.3}to{-webkit-transform:translate3d(0,0,0);opacity:1}}@keyframes laydate-upbit{from{transform:translate3d(0,20px,0);opacity:.3}to{transform:translate3d(0,0,0);opacity:1}}.layui-laydate-static{position:relative;z-index:0;display:inline-block;margin:0;-webkit-animation:none;animation:n
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.574628868589496
                                                    Encrypted:false
                                                    SSDEEP:12288:j0vmDvrV6+ruQPt5MKdmETqbuMzKZmwXzX5nRW1n6G4y20m4D77xz5w2J25jSTv2:jgmDjvlF5Vmo0qrXzX5nRW1n6G4y23ea
                                                    MD5:F4F3B80AC0C88A3A49E3454E926AFC69
                                                    SHA1:BFAA6A2323F41CB1F166B0C04B4AC5AFB1CB41BB
                                                    SHA-256:9407E6DE032CB6D99877050ACD3DCA261DC1BE8430A2A69D4C006598BAB5A91A
                                                    SHA-512:2670C6D320A86DB0AC5ACFDF67E7D97417168EE8E4D9124AC0F5FF6A1801DFD0EF057B571D1799AFFBBDB57A7D8E53521F59C37FF043986E9F3B17FC0EA8728A
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 380x160, components 3
                                                    Category:downloaded
                                                    Size (bytes):47066
                                                    Entropy (8bit):7.976564512815287
                                                    Encrypted:false
                                                    SSDEEP:768:CeVTD2iPsoxMWle7KZB1rCVK8olpgzTUq1G0jaoiwee4hKjieVmlhdOz:CmZkqMfKz1Kjol4YOpjay/ko
                                                    MD5:87C6C006FECACE9ABC214473B1D65BCC
                                                    SHA1:FAD230CCAD87FE384356E51CCFBA4FDF948BDF23
                                                    SHA-256:00EF9AD922B5644038FA0570A4878E5EC9AA04B8FA3BD3CDDADA854AE23281F7
                                                    SHA-512:EBFC9BB45CD184D43FA1B2E71FABA2B59D5FBC62E4A8EEFA1A5F44651CF9CA441A44E112236AD90086EA39D5C0D043BC2601FA2D5C42348C83FCF3EC6E2A1A8B
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20241/12ef11c6b69a4c57bf922f9ecc2eb5a7.jpg
                                                    Preview:......JFIF.....d.d......Ducky.......d.....(http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC Windows" xmpMM:InstanceID="xmp.iid:7EF5BE88B0FA11EEBB5CCA2ECCDDFCAE" xmpMM:DocumentID="xmp.did:7EF5BE89B0FA11EEBB5CCA2ECCDDFCAE"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7EF5BE86B0FA11EEBB5CCA2ECCDDFCAE" stRef:documentID="xmp.did:7EF5BE87B0FA11EEBB5CCA2ECCDDFCAE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d............................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):246
                                                    Entropy (8bit):6.752080850050576
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO65Q0UHaS0c0hn6mjjEFNvGFRjr6Zo6JRy3EvtRSabhup:6v/7PrU62kbjj4Qv67RNvtRSabhc
                                                    MD5:C270B41D7A0FF9892BA9AC67D789A841
                                                    SHA1:B1EAE4614FB964B6D0483F114F3DD2B49EC1B64A
                                                    SHA-256:8722C44457C51F5090545306B32627B6907ACE334E615BB5EBA264E7AEBA1B18
                                                    SHA-512:C95C2D441112D6CE18C021962897F7ADA7E0CC66A3C536AB5D668DEB22BA643A607FFA6BFFB83BCC9614D80765D30A5DD519A340AD6DE8A14825311FA2311881
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDATx...1..@...i,,s..`a..-,-..x.[.[....FTP...!..$...$M...K\..f.?...?.Hl.[..E...R....%..J...........qM._...W../"...p1.._..g.}...t....-..R.h.9.Z1)....l.U....B...5+......T....?iIC...!........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):92883
                                                    Entropy (8bit):4.876560109537675
                                                    Encrypted:false
                                                    SSDEEP:1536:icOSjteW4IKBlWXrM3JFUbSiCYnVLkKXxtb6FIsmDW00e6YPsVnyVa:/45Bl6rM3JFUbSvAhhb6gWBe9shyVa
                                                    MD5:DF13736A4481251ED2D291FD1A35D404
                                                    SHA1:5F66CEB4D42D19D4DC9E01B05377353B7E47EA96
                                                    SHA-256:FF6A5EEABAAF59563BDD33EC486F25BE8F55301EA60A67A528B0E26EF8B78F4B
                                                    SHA-512:214631E00696A21A6CEC08FC0B62DA0421B5C6BD60516DFD961F17D405E18930EB39C0981FBFCBF648FE34C3B30CE3684F91A600F5C813216D799E9B99DAE2AF
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/default/script/layui/css/layui.css
                                                    Preview:.layui-inline,.img {. display: inline-block;. vertical-align: middle.}..h1,.h2,.h3,.h4,.h5,.h6 {. font-weight: 400.}...layui-edge,..layui-header,..layui-inline,..layui-main {. position: relative.}...layui-body,..layui-edge,..layui-elip {. overflow: hidden.}...layui-btn,..layui-edge,..layui-inline,.img {. vertical-align: middle.}...layui-btn,..layui-disabled,..layui-icon,..layui-unselect {. -moz-user-select: none;. -webkit-user-select: none;. -ms-user-select: none.}...layui-elip,..layui-form-checkbox span,..layui-form-pane .layui-form-label {. text-overflow: ellipsis;. white-space: nowrap.}...layui-breadcrumb,..layui-tree-btnGroup {. visibility: hidden.}..blockquote,.body,.button,.dd,.div,.dl,.dt,.form,.h1,.h2,.h3,.h4,.h5,.h6,.input,.li,.ol,.p,.pre,.td,.textarea,.th,.ul {. margin: 0;. padding: 0;. -webkit-tap-highlight-color: rgba(0, 0, 0, 0).}..a:active,.a:hover {. outline: 0.}..img {. border: none.}..li {. list-style: none.}..table
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 800x519, components 3
                                                    Category:downloaded
                                                    Size (bytes):102498
                                                    Entropy (8bit):7.9307302845176455
                                                    Encrypted:false
                                                    SSDEEP:3072:AJ9e5iXuU3i3Usurmv3y5LaxEtFoXRxWGvHqn5:V553U5rmvCBaxEnGbWGfs5
                                                    MD5:77A0BCF0ECEE73D7D88C768FA499CC8F
                                                    SHA1:FDE64445AF65769D94A8540E85BDACC478290F18
                                                    SHA-256:6790DA59C753DAD9F7B6A957117898728306AFB37ECA6189480001C49908876B
                                                    SHA-512:CDD91B7E5257395C37FB3AE8F5F07FD1A071DF3063E828F941A7ECECE005032F6C9D70DC9FF0AE803432DE33D56A64C43E90FAA8F046F28CB196277E554E27A0
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/e7ebbcfb02324b38a263f02a995ceaa9.jpg
                                                    Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........ .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...m-........b.F@..1..0....A:...V..1.._&.{....-......j..o...v>.......t.......z.ols.X..+j.....:M.........I..4.\F1........w.......ME....m..%..)..;1?.....(......r.6,...........9).?..u..i.OAq...........#...UCD.-......uV.1...*...Ar=&|.f......KLC.h...e..*MSI...........kn...G........=...].:D...)D..1mt........{{..K.P\.DF9.|...[)....5#.._L.7:.....#...ua...cM..:X1..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (5295), with CRLF, LF line terminators
                                                    Category:downloaded
                                                    Size (bytes):12175
                                                    Entropy (8bit):5.368569880866276
                                                    Encrypted:false
                                                    SSDEEP:192:7fN/F2ROGntLByqtrWXosTrLtqTM2xleuDFYFS9fvBF3+G9SROg:7f5F2oCLLtrWXosT/tqTPxl7YA9ffKog
                                                    MD5:F9986150E476B308CE2A9A6FC2B18B07
                                                    SHA1:72015F408C5B932B240BB76B2A1C4D13F176EEA2
                                                    SHA-256:0AE4DE71116F4A102E89338ED292D8387CF01DB6D2E5B325D39F28A0CC331EA3
                                                    SHA-512:1795DB8B456C3548BF7C7F8A1F7A8165EA6368B03FB3A02BD36CB812C78AAC0B941DF00B5EB8572FBDDD5CC077127DCF8856DC2F06E7355D8AABFEC514F099BE
                                                    Malicious:false
                                                    URL:https://www.ccic.com/api-gateway/jpaas-juba-front-server/sync/detailcollect.do?webid=M2WWuvCTV3aRDeIw4TUa2
                                                    Preview:var juba_domain={"domain":"www.ccic.com","webid":"M2WWuvCTV3aRDeIw4TUa2","subdomain":"null"};var sourceUrl='null';vcdomain = 'https://www.ccic.com/api-gateway/jpaas-juba-front-server/sync/detailInfo.do';..(function(){var source_url = sourceUrl;var vc_path=vcdomain;var D=top.document,L=D.location,R=D.referrer,W=window,E=encodeURIComponent;var iscookie=navigator.cookieEnabled?"1":"0";var timestamp=Date.parse(new Date());var l_time="0";var old_time="0";var lastdays="-1";var userAgent=navigator.userAgent;var VC={client:{},getUser:function(){var userdata=getCookie("_jubacdata");if(userdata!=null&&userdata!=""){this.client.userdata=userdata}},getMeta:function(){var artid="";var artid1=document.getElementById("artid");if(artid1!=null){artid=artid1.content}var colid="";var colid1=document.getElementsByTagName('meta')['ColId'];if(colid1!=null){colid=colid1.content}var itemid="";var themeid="";var themename="";var deptid="";var itemname="";var deptname="";var itemname1=document.getElementById("i
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (11013), with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):11422
                                                    Entropy (8bit):5.64307632029077
                                                    Encrypted:false
                                                    SSDEEP:192:j+K3b+EH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2k:jNytnqflKFgEWulE8REcS3j/CkR1Xh3
                                                    MD5:CD674D9E02F20426D9ACF1D11C85539B
                                                    SHA1:74AB51A432E33698A7A627F05BAF749472B72CC3
                                                    SHA-256:496BDF2635C9F9494F51D0BA63C8A43E5B6DFB7C88B4426E6A56F577D945E3E9
                                                    SHA-512:C43C020DFB8B13C2560FD741F0FB110921657E4981C98256D5816E30470F29AD7CC43D86BB3D382CF394D0E9C842448972B30C88CD6B70FD0E45C3C954DF1914
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/script/202311/baf041e290d440e8a7356c161a714b5e.js
                                                    Preview:/*!.. * SuperSlide v2.1.1 .. * ................. * .........http://www.SuperSlide2.com/.. *.. * Copyright 2011-2013, ...... *.. * .............. * ........................ * v2.1.1........SuperSlide....returnDefault:true ...defaultIndex........ */....!function(a){a.fn.slide=function(b){return a.fn.slide.defaults={type:"slide",effect:"fade",autoPlay:!1,delayTime:500,interTime:2500,triggerTime:150,defaultIndex:0,titCell:".hd li",mainCell:".bd",targetCell:null,trigger:"mouseover",scroll:1,vis:1,titOnClassName:"on",autoPage:!1,prevCell:".prev",nextCell:".next",pageStateCell:".pageState",opp:!1,pnLoop:!0,easing:"swing",startFun:null,endFun:null,switchLoad:null,playStateCell:".playState",mouseOverStop:!0,defaultPlay:!0,returnDefault:!1},this.each(function(){var c=a.extend({},a.fn.slide.defaults,b),d=a(this),e=c.effect,f=a(c.prevCell,d),
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):3.6009469680309523
                                                    Encrypted:false
                                                    SSDEEP:6144:SvGk1Ns+VOiiU18GOgSEbFXe0qNu1Jqmk6pcpMc9sWxC/UTCCO+EMCUNXCCVCbWW:ohNsIBCGOgSEdxqNwI2WV/Mz
                                                    MD5:EB8FF96E4A7508DD9E9542A12CCF7A55
                                                    SHA1:634946BFF455EFB9C030D58C1E464AE667126EE8
                                                    SHA-256:A26D361B2DC9A87FAE4E9E47D6EBA9F84436F164D3F7E9DF3322B44F40E31E77
                                                    SHA-512:0E3C820B5FBA1AEB7D81CBA6CA72A861F672A6174BAE2D5129DCF1D54012A84DF3D40BF723230BB9D3F3EB92324506107BD94253291FE5FA7A069206B6E3289A
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S5c1d9fc890e2461bbc1d46cc84e53d6a-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 121 x 117, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):19626
                                                    Entropy (8bit):7.975255873926623
                                                    Encrypted:false
                                                    SSDEEP:384:0oOlE57PnkPxYmiRRf+JqPz+PoVva7e0t0gIQHB1Ybpz:P7PnkPxVizF7+PevqE7pz
                                                    MD5:8F8146594F2AE43E73CF9AD38A3D783F
                                                    SHA1:779979DA3D044ACAE020070CB6F58D699A1A69A9
                                                    SHA-256:9E25A12A615EA8CB4AC2BDA294EB757B141C43B494BD7DB6AE00DCC172B6BBE5
                                                    SHA-512:9B628E7F478CA0D34BF46F3649CA77B3A4EB6A8EAF5CF3B501208CB0DC468EA89F8D20537D1A178FB0077A9C23D9268D5234DC04F836C45718BFFCAE5C3FCAA8
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/801dd05d836442dc84bd3108d01c9c2e.png
                                                    Preview:.PNG........IHDR...y...u.....j8N2....sRGB....... .IDATx^..w.eey6.....0.0..K...R..vM4&D..E.1..&vM.DM.hb..S.....Q, ..h.A.6..`....].5.s.....3......s.}.^.-O...y.w..j.........d...?...6.._....k....{....l..1:.....5888e...w.V;.v...O..s.t.........^.N.....t...z...]w....HoGSu.t.*o{..6...M..Xr.a...t...+..B..5..G.. cm.kS.^QX.O.pM...1.Ok.9.\.#l..y....L+o}G....5k.lU......RR.L(S.....Y............#3.v,..m...(D[......E.9/..z..U.T^.Xk(..c.3....3.=....w.=}%..L.=.....G............DL>P....7.V/.g.......xt..s.v..8z.....i+..A.z.....<9...Z..'.X....[....Sp.]+.V.i;.o!u*..N\..E.-.....&.3.F;...#t.0*.6L.ch......T.l.&h..cFJ.Cvb.S){:J...k...q'..VH..%...bo,l....z,.....*9^.o..e..\...B..8.S...+.....h{QuFJ...Ogp.9..o.....N...(<!$..... B<'^...."f..+....4...TN.w~o....)..W.^]w.u.6...ia.&....n...gP..~{.x..h..{.Y..-*...[.[.e.]j.}..bu...e....7o..K..e..H/.Z.vm.v.m....L.7...n,.}.=.tch!..0.c^.dI..B..u.v.Z.....!j..=...6.T....C..o.w..2PJ0.L...6..p.....^.y.c:.~.k_..v\.."P.'......
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):589
                                                    Entropy (8bit):7.503171556132041
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7ifcsvkJ19gLX0pOZwp+SmLvaDxRWyVybRopHE4c5h623hax3hze1hKYgt:PZ8r2LX9L4RWaM5s23have0t
                                                    MD5:D560AE07A884885A44CDFBE03718CD6A
                                                    SHA1:67F24EDB9F6105151495B3B58E2B436270D2B51C
                                                    SHA-256:7B7F23BF3E38F126EB8C9E16372A87AD44E6A204253E700E17026F2BD979D258
                                                    SHA-512:49316A03621C8F83DB1EDDAE8916F0B6739D16990011DF77C0A14B5378986DC76DB38F37B5806C67C1F5FF35D398A42726994EDDD62A317C3E983BB3F11A7BBA
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_16.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O....a....9..).b.D!.~..-#&L..#.r.2... )w.B.1.....6@.d..(..S.[.m.........Z.Y.:0..1...w.~{...-..~.1x^^v.p;l.c.Fb...+.$.3L..Ra.;}...p.........c.M.I..G1.w.....3......=...".f..c...F`^N.@.-.f^.Ie5.....v.!..e..!.).W...Z+`4.^Z...*."\B.s...amy).TO..2.T....C..N. ..0.j..l...$O.q...=.kp.0..V.x/1.&O..X*.}:...*L.h..[..8..1;.......W....3va+.a]o.1r.......&5............$..'.5.s...D.N.~X|....\..%.U..b..)t..=..;.i.FL|...v.-.#..D.;X.....Z..I.t.gq...$sp.3q.;.".....@.O~.([e8VcTY[..^.F..........B.V.1...XhY>..X...........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.208271873957265
                                                    Encrypted:false
                                                    SSDEEP:12288:8DxdTdWi2TaTxl1N7k49ODVxGwA7N9SJmh+F7O3:8Dxz3syTMDVoN8JUg7O3
                                                    MD5:EC791B184AB743F5AFFD5423841AF66F
                                                    SHA1:52E1B51161B20CFE1CB8214A1DE1B7C7203169CA
                                                    SHA-256:A84CB9D1F8829B5B8E8B1A8C19755842869DDA57EFCB3F7A031F30F550E2A2EC
                                                    SHA-512:1DDB29978BDDA425F337E526B3EF4749E9AC34C690AB413998026F68A879F150C3090B5AAF02B09C4CE99796D87EFF7D3835F7C05452C7ACFF83B438A402B69C
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.,La.3Rh.;Vh.1Md.0Gf.7Ia.,BX.,AW..BW.,?N.$3A..*9.$)9."+;..*;..*9.!)6.!*9.$-=.&.=.*0>.+1?.-1D.+3E.+6G.*8E.)8C.(6?.,89.+25.,.7.*/8.'07.)18.+/8.+/8.)08.)/7.+08.*.7.*.7.+/8.)/7.)/7.,.9.02:.129.217.427.529.74;.:7>.;8?.:8?.<;A.@?G.A?I.A?J.BCL.EFP.EHQ.EIT.IMY.MP].PSb.SXe.SXf.KPc.JNa.FK].EL\.EL\.CK\.@HY.?IU.?GX.AJZ.FJZ.SO].\Xb.ffg.iic.pmk.wvz.hhs.JLe.DFm.GQs.en~.w...t{..ho..Si~.L^t.^^m.]]m.^co.bkm.^df.VXa.YXd.XWc.PQ`.OL^.IId.LLh.UUn.YZs.WYt.QVq.NNs.KEq.C<i.:8U.<:R.<:N.>9J.@:H.D;I.A=I.C=I.EBM.FCN.G@J.G@G.<>@.36=.,2<.)2=.(2=.*3?.*4@.*3@.(2>.)2@.(1@.(1@.(1@.(1@.'3A.&4B.)3B.'3C.*6F.+5G.*7J..=O.:?N.gfg.\eg.@Ki.:Kq.?Vx.Jc{.`r..gr..at..Pr..De|.<]w.8Xr.3Pn..Il.+Gl.-In.1Im.0Lj.0Ni.6Nj.>Pl.QZn.w|..kn..bfw.fkr.bgl.Y\d.QQW.IKS.FHW.GIX.HJ`.ILa.KM`.KJ\.HK^.JMa.MPc.MQe.MPd.PQe.PRe.OSf.PSf.QTg.PSf.OTg.PUi.RUj.VTj.UVg.SUg.TSf.VTg.WTh.YWj.TVe.RSb.NP[.ONV.QNU.NTX.PTX.RRY.QPZ.PNY.OMX.LMW.GHQ.EBK.@@K.:<J.6:I.16G.HM`.NPe.@@W.BBV.>?U.<;V.9;R.<;W.??\.JOj.JTj.LSj.PQi.OTi
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.54477185636372
                                                    Encrypted:false
                                                    SSDEEP:12288:upROAq3gF8rwxtjVttSwjhPGddddgn/3xm/V/7hCHYQ/q9KvFv:upROAq3gysxtjVttZjJGddddgnfxm/Vi
                                                    MD5:79DE7310205BC8ABC0827132BD35D431
                                                    SHA1:CB222ABBF82F2F77E8357B48D15D92ED6E193376
                                                    SHA-256:21ECA1468F3C1A3EA525A275FFE293DA30222648DCA68480AF1F987E98363F00
                                                    SHA-512:53559AF3FAC51598233F4FDA7E5F6B8E66DD66D1E0D2E19952B9BB5A3533EFB90AB5A5D8BD6ED69ACF77970BA273ED8A5194173A7B83D41C6206FDF950733CAD
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................e..wJ..wD..xD..zG..{J..}L..~L..~L..~L...M...M...M...M...N...N...N...N...N...O...N...M...N...N...O...P...O...Q...S...S...S...S...S...R...P...Q...Q...Q...Q...Q...P...O...O...O...O...N...M...N...N...N...N...N...O...O..~M..wH..sC..n@..n@..lA..k@..j?.}i>.{g<.zg;.|e<.}f>.|g<.}f<.~g:..k=..qB..yI...R...W...Z...Y...W...U...W...Y...X...V...L...U...V...W...Z...Z...Z...W...Y...\...\...Y...T...L..wC.}b/.mR..x_&..z@...d
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x369, components 3
                                                    Category:dropped
                                                    Size (bytes):182502
                                                    Entropy (8bit):7.982879682415068
                                                    Encrypted:false
                                                    SSDEEP:3072:s2RzLAlF24lm7mYPW6Khw0qngN5pHfRIIjGFqJDohfhvy5cyV46Vu4QSS6:swaF2l5ODw0qcNSMMQnJQSS6
                                                    MD5:DD88EB52F743FC525A3BB876ABA223F4
                                                    SHA1:1A2D05A75092E9AD2BD9518E61C5D2D3E635038D
                                                    SHA-256:8E060026632CE8C29AE22E3E05F43186FE95C87F27E51CCF8568C24836AF32E1
                                                    SHA-512:AB6360EA6A6EC943A65F83641C116BE78122D76B807FB24C2F5133D22C2B94F6C9000AF6BF2ABCEE0D228057C156651731E7A56BFE5AD97D89B663818615E05B
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:E76C68A0FBB911EE80E2B560011BD531" xmpMM:DocumentID="xmp.did:E76C68A1FBB911EE80E2B560011BD531"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E76C689EFBB911EE80E2B560011BD531" stRef:documentID="xmp.did:E76C689FFBB911EE80E2B560011BD531"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:dropped
                                                    Size (bytes):226001
                                                    Entropy (8bit):7.977882003946192
                                                    Encrypted:false
                                                    SSDEEP:6144:u94LEpZ9mx5B+sVFNIt5O0ZL69XRPJCv5UDedZvDD:G88q+sVot9ZL6DPy+edh3
                                                    MD5:E14AF66DD7F4DB9A42336E61C6F98400
                                                    SHA1:DAF40C501BB15A0D1C748A69C3B1411320C25F4A
                                                    SHA-256:D757C19A8989B71797E8B07313BCE71D30C00149431CF77C237B14ACF35A9D84
                                                    SHA-512:CACA173AAE2609B24503C77C30C950BA418E74CB161BAF8BE62B4404E891E39E0319293954470AE945256AFF02FA53B8E58501EC33639FC940BD930D5ACD4CE8
                                                    Malicious:false
                                                    Preview:......JFIF.............C....................................................................C.......................................................................q...."...........................................b..........................!...1."AQ..a#2q..B...$3R.....45brst..%6C...7u.....DSv...&8c....Tw........................................T.......................!...1A.Q."a.2q..#......3BR.r.....$4bs.6C..%57Stuv.....8c...............?.1.8....../.|8....../.>........:............JH:Q..^....'..']...<b.....~=....Qp%D..% ........-D....k........lt.Ci:......>.+..........H.....W..2. .'....m.Dw.'.}~.7:U......_.?...P.u*{..o.q....p>D.UVm..d1T.....LOe...B"..\{H..6V...C.R.|8..q....)...l...!/<.;..Cae..i....4.V.%he.......Z%.:...P...........B......;xfk..<...OM...!saA.P'{.c.Z.......:f..iL..2T.0&.&H..oM.T..^..~+..<).ch+2.Z.!HP....7...U=.?.{lt.2.E..m8C!e....n.0..R}4..IH ...n...hl..x.=.%>ET.[...*J.V.Bb...A.Z.Jm....8P...)J) ..[.....zv.>_.\..<..C...t...F[....(..6Km!}L.Qm-..s_.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):719
                                                    Entropy (8bit):7.659296170807827
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i7pUL69QkN0PYxfJQ0bxzsIepGmwPHRJK6mXhHdbycaDl0On7gaJGUtIMz1U:iHkNAKS0b1mcHnK6mx9bycyCw7garZzi
                                                    MD5:9AF2FCD4846E680EE038C7C2C490DE83
                                                    SHA1:E43DF0A8537EAEFAC850851AF0983B254CDA9B99
                                                    SHA-256:89647F21BD0F75E8CF3A91E900F9FDF377A0736AF65880BF60C73D33FB2EE786
                                                    SHA-512:D0F9D40BB5A363EDBADD82689FC0D1FAF4E88275F7DB60F0649A42C939C6F20C6C0C033CF31CDE43E97473BA31C5035F5699C842F3DD8D9FEEE5030AB73EC2D6
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8Ou.[.U...21,..0.,DMBE.}.D.f..*..a.&...C....E`.J....Ae..R........3..(..%+..p<..s...f..5...7...~.....c..0^.............#..w.+......a......Y..=....:......o.q.G...0.w..v.Q..a..?..*..l...Sq....h.s.....m.[.S..*Fgp7....Q...*...$'J...^..7....e.7....j.?.'...x.Cq..&/.6.w.......Y....B.|..;.........S.|.7....{u.......(R.{..g.g;.n..z....`.......~.~U.....;l.......S.)`..!....B,...p."%.........[...X.]<..c..).M.........1.*.s.:n.2v..Ag.D....s.VE......,...l.")....`.\.{...r].Y.L:.-..m>....R.[..t.r.e....X...<.O..c..b.+.=..9m.?=....W..IS.J........d|..q.&.<a.&....{g.+.;....R-....o...T.'.ga7....B...&+{'.&....e...i...`..v7......k ..........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1296
                                                    Entropy (8bit):7.789956811401049
                                                    Encrypted:false
                                                    SSDEEP:24:gAGC/Fcj740Ne65ikvtZ51vLq/1/Ao79/QY1QnLxhDa7qF4M9r56WKeOZz1:gXCtcpNfvtZvWNAa1QnLxhUqXr0WE1
                                                    MD5:3E369E7E8D5207AA4A63842176B7B6F1
                                                    SHA1:884775225BC6817C078B9FCEB814507F4B7C1841
                                                    SHA-256:F9F41B369305F9D1CB3C746D1D66E5647919A9E86643C1B210B01119F883637E
                                                    SHA-512:32D55991E10F93463D065C37429AD4DFF098B42B8C0E835D1B686589DE4057D3B8349E264EA72CF9EBFDC4448269CA809ED9A66C8CC70D99210808B096FC6DF9
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............r......sRGB.........IDATHK..mlSe....uc.^D.eq. ..j..T.f..,......1!.. .B4!sQ>./..Y.Q4..{.Q.2.-.21l.1D......yio.......l-.>..9.....{.C.6...#.4.,..........p]./...24...G46.;IRZc]W.6..!.........3..k. ..`..3....Xb.q.v...T.).yk...@;.x.....!...^..."...]..<.a.$.*..L8.3.7.[._....drx.V..;.P$.G....Rad.e.........j.. ..Hky.....O.J.....R....]6..|.......a;.q..b..yj.g.8..6..I..h._..K.0..zV...|3.SV.v.^......=f~..\..W..8....B`..;..=...N.5o`...K.]Q...#.n.'.....5...6...I..m)...._........qeS .'...g._.;.....G.<.P_.l-9...!..::+#.@. :....3.-....P.....4op../...[..d#0m.7...f`.i..."z(.0]w.|...s...B..a?i..)....9_.&.D.M3.hh..o%..8K.7x.........<O.>.\#.D...../..u.w.i0..mA.3.).r.H.Y...x*.V.\L.Z.>=I.....z.)..)..?y.A..N.!j........R.t...>S..I+'...A.[..F.u..-....._.5.>........#.#....=N......P8 %.......z.f.......<!....z...<....A..>....{C~...%4Z..`..Sb.C..]....^..f.it....`F..w.'..cM.R0..n....i..G*`...6W...W.n...>+:.E...O......6....E..Z..."S...l..W....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):674
                                                    Entropy (8bit):7.575134527280418
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7io+vhdPjOfgu2JwqFv+9qUkLx6nEqpge:TnPFF25Ix8pz
                                                    MD5:4987661EA370115AC81F764BB52C1A5A
                                                    SHA1:CC740533A270FA8B77B10DDEF3C312A82F243EBA
                                                    SHA-256:3EEFDB8179014CA66586A23AD185220CB7164664AD33520DFBC7C6A4A7F58FCF
                                                    SHA-512:4D4B30073E0188122492842DFBF79139F29D1B81992DEF77A62A41282A13711C589D3F850D163729623F94BBBDFBCE2911E54BA7D940FCF281906B8D1701A1B3
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_18.png
                                                    Preview:.PNG........IHDR.....................sRGB........\IDAT8O..Y.[....gJ.pe..).d*Ct.r!. ..$%Q$.B.S.2.....w:..:..H.9...1dj}....'.v...~.....z..?.N........wh....i...~\...g1.}..GP.~..#`e7..b!.a.F......".W.!......3vc;z4...n..e.....\..R....2..bt....r.......U.........1..1....#.#.....E.h.....o0.<..[E....V3..?...^.|/v..^.?^`...@..fD...&9......8V..Wb6Z..5...~."..f.s)Nw...Fat...3.W.s..5.d.O.....S._~'f.q.........k."....Q5.].......)6.0.%.XR.9..Q......S.a:.5Q....8..W....8..sl.y..'.....X........Yy~....%E... A..=XP.......xV.....x.V.e.k.....".4.9..KTj..A2y.g..G.?..sq..o..G.9}r..C.x.I..CR.m9k...z..B..c$.[....)1.us...a.e.J../....J..,.$.o.}..F....\.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (913)
                                                    Category:dropped
                                                    Size (bytes):368854
                                                    Entropy (8bit):4.895144787798025
                                                    Encrypted:false
                                                    SSDEEP:6144:ixciJaF+XEwlGjWCiof3oMM2yNYXmJEP+kFlDlkkT6qr:ixcYaFGWf40mJEP+kbJ
                                                    MD5:E83EB3F34CB5ACBED981BFE0A06EA461
                                                    SHA1:4745B0ECAA26831F7B31092ED1AE66D42ADDE6D6
                                                    SHA-256:3563FD98A03997E92D16ADE27182962585FA0FF2379917BBAA37EEF3ACBFBEA4
                                                    SHA-512:6082085D2508076834A9E68275DEB9DCF996B604C8BEE51F8C88E2235A1BF4ED60F33269E52D65F458B40DEB2866E8F08FCC332DFFC7B846B3760E62A1C00136
                                                    Malicious:false
                                                    Preview:/**. * @licstart The following is the entire license notice for the. * Javascript code in this page. *. * Copyright 2020 Mozilla Foundation. *. * Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. *. * http://www.apache.org/licenses/LICENSE-2.0. *. * Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. *. * @licend The above is the entire license notice for the. * Javascript code in this page. */..(function webpackUniversalModuleDefinition(root, factory) {..if(typeof exports === 'object' && typeof module === 'object')...module.exports = factory();..else if(typeof define === 'function' && define.amd
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (17454)
                                                    Category:downloaded
                                                    Size (bytes):17648
                                                    Entropy (8bit):5.2183319518062605
                                                    Encrypted:false
                                                    SSDEEP:384:6Ezyz85k6MTQmeYl8oSdNdSoUYdHvEDezCnGgqo6N6TBIueHtf:I76MTQxYl8oSdNdS/QHvED9StETBKHtf
                                                    MD5:F59CEBC35A59C34B77A29D90CE2F453B
                                                    SHA1:0C5D5A72C6DA0FE17F4522F0D567B7E297A5A536
                                                    SHA-256:7128756CA0E757599A32FDC265602101C32C2DAC709B6812AC9A17721B8457D7
                                                    SHA-512:5A52B0367E7BA8897A8CD1EE6CB5F05C5D574D9E2C7F9578FBA944DDF7E16DD107D62AF52650472C54DCE4F12E1D04740BEEA07FE43C3B79C8880E6D57733DB7
                                                    Malicious:false
                                                    URL:https://www.ccic.com/plugins/libs/require.js
                                                    Preview:/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.. * Released under MIT license, github.com/requirejs/requirejs/blob/master/LICENSE. */.var requirejs,require,define;!function(global,setTimeout){var req,s,head,baseElement,dataMain,src,interactiveScript,currentlyAddingScript,mainScript,subPath,version="2.3.6",commentRegExp=/\/\*[\s\S]*?\*\/|([^:"'=]|^)\/\/.*$/gm,cjsRequireRegExp=/[^.]\s*require\s*\(\s*["']([^'"\s]+)["']\s*\)/g,jsSuffixRegExp=/\.js$/,currDirRegExp=/^\.\//,op=Object.prototype,ostring=op.toString,hasOwn=op.hasOwnProperty,isBrowser=!("undefined"==typeof window||"undefined"==typeof navigator||!window.document),isWebWorker=!isBrowser&&"undefined"!=typeof importScripts,readyRegExp=isBrowser&&"PLAYSTATION 3"===navigator.platform?/^complete$/:/^(complete|loaded)$/,defContextName="_",isOpera="undefined"!=typeof opera&&"[object Opera]"===opera.toString(),contexts={},cfg={},globalDefQueue=[],useInteractive=!1;function comment
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 18 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1330
                                                    Entropy (8bit):7.8332046057595575
                                                    Encrypted:false
                                                    SSDEEP:24:JnY8kpBY6I+Bnz0gj8mOz3b7LG/e47Fx7AL61UkI29EEvJ1:JnGB7I+BOZ3b3G/ecf7xN/
                                                    MD5:63263EE4EA2F43777A02ACBAC9D4F096
                                                    SHA1:6D0023130E40B25250496549B77E34CBA9CD9398
                                                    SHA-256:EAD8DA397CDE5EDA9785E59672586B836BF2292D7D4EA680307EE8BBC55C4A5D
                                                    SHA-512:0EAE53EBA68D3BCD6600C7B844B5AC9480770D569C181066BBD3266F0B0FA1A6CE0E170C4A0BA2A8D8407144199FBACD8D582C2569D571ECC5656942D630FA14
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............mJ....sRGB.........IDAT8Ou.}L.u...y^.}.......E.(.Z.$....X:.L.,..2_2.2ww..6u.-./S.(...Kg.f..*2....^ .p.?.s....:Y.:...|v.......{.SU.G....V...Q\...b........tE..[>.2..t..DFb.b....po..jO...PV&...s.).!v.....u........)E..|...&....e....`.....x..Fy.{."...../..&qE....p+.9....... 7...........n..[...<..4..+_u?.zGp..4k..f...>.|.QL..q..o...g.....{.,e5{oZ...U........1...b.3v^.oj_......?.JX..,...C2..&.g..........w.x.z...)i).n.I....>..ar...<..........D...`..I...K..f...fc... ........p.m../6....... ....8..#.\.C.H....In..c.2.._.{..c'u...bS9.Y...5.......Z.c^...q......Y..P.-:H..../Y._..........jjz..e...x.y...[1.Q..+.....p.h-......@k1..J`...',...l....s..D....2....v.x.~k~Znb.'.S5.l.%..CX...{cR.#F.....Z..g;..u...7..2p..........a.=...LY.2...=B....L.s...[!.....h..b.........).f..S2.!.=..}'...g".P.d.g..5.....P.r.O)0#......z.0 .@k.P.ZC...0..R PfU.....[,b.yJP:..|q|.......A...0u..b.!8r1.|^.#mz(/t....}......Ly.......<./u.."....K
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):717
                                                    Entropy (8bit):7.62724901467408
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iie3IDIDnzcrxzonzVB5TeFYgh96w5Ooc2Cfk0BXv+DcmTihfz:Se3IIYrRiVfTIz6wQor4kuv+Dhmz
                                                    MD5:E8DFE8DC6C7AB8F08D8C54610F6A8BD4
                                                    SHA1:9D986E44DB738480DBEA875312AF1AFD9C9EABFF
                                                    SHA-256:9E9D400042B19B7AA01E070BF9E0DA80D51E6347854E1BAF670CF88E3BD589C9
                                                    SHA-512:D522BB40670766A26B8AAB7998C335A6D135D9FE9B31C720DD7AFACFEB6252D73DB3D60823DA4F0974DA2065CBA6E1BBFF09053DB5A7CE8D866F8E5A9A194D88
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_21.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O..]..g....MhCI...Fyi...`..2.P.............l.Z#.6[.d...9..k[QV..Z...K.._...~...<.}..u.O..{.....a....X....O....x.+..^(.{......V.1.k.*...>.'..ZH.V..q.....x._.[\..?b...[..7V...sp....V..x..v.r6..0..p...........N.O...K....bW..}.ca.uv..ybH...l........H....f..8.c..sz.z..C......8....U..t.t..^.-I.._...P././8^..gk-!.o....U..`.:\.......r3@a.wh.....U.m.`.&.U8..~o.b.x ....-)Bh)v......U... `..8fD...._T..&.....D.p6..GU%.OG.....0.....r.F...K"..+.e...F|..%G....`"NU.bV..u...6z.....q.n...Zl.../..j....B.MW].0...a.....Y]..G....T.q...[.;.6.e.nW.2.$y.Xc.z...o.<.p...:...A...d...bX.!...L......jO.G...8BO..$.Y.R.j...f-.m.<....iKq.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 5376x2562, components 3
                                                    Category:downloaded
                                                    Size (bytes):7536797
                                                    Entropy (8bit):7.983587209147242
                                                    Encrypted:false
                                                    SSDEEP:196608:IpWLn1zCAxiSei/FtfgnDHOu90QyENke2s23IKxxeiu+:rnFAivonDr0Qlk10KxT
                                                    MD5:7E4C4524E650AF49482058D57C0D8610
                                                    SHA1:2F01DCA01DB8066F50E880B3E2C06AA78CECB214
                                                    SHA-256:FC75F5DA2BFCA1E4DBE14DEEA2F581A0005558B01920F6718A9601A222049B5E
                                                    SHA-512:869FB34AF182F99344C772F2B0A300F015CFD894DFA021B9483E771A3A53F8D91FCF4022BDBEF762C1873559F1252C9C90EE5C8B5EB1B13CA62C587082551506
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20244/5d80306eb892469f93c974b23ba01723.jpg
                                                    Preview:......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"...........................................m................'......!"....12.ABQRab..#qr..3.....C.....S.....$c....s....%4.....&D..'5T.6Et(Vd.7Feu.)G.......................................]................%...!..1..A."Qa..2q..B....#R.....b..3r..$..C..%4.Ss....&5DTc.7.....'6EUdF..............?.}RQ..(.9.m.j#....GN....K*\.R.v..SBn..i...d.H.`.....]6..q.z...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 121 x 117, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):19626
                                                    Entropy (8bit):7.975255873926623
                                                    Encrypted:false
                                                    SSDEEP:384:0oOlE57PnkPxYmiRRf+JqPz+PoVva7e0t0gIQHB1Ybpz:P7PnkPxVizF7+PevqE7pz
                                                    MD5:8F8146594F2AE43E73CF9AD38A3D783F
                                                    SHA1:779979DA3D044ACAE020070CB6F58D699A1A69A9
                                                    SHA-256:9E25A12A615EA8CB4AC2BDA294EB757B141C43B494BD7DB6AE00DCC172B6BBE5
                                                    SHA-512:9B628E7F478CA0D34BF46F3649CA77B3A4EB6A8EAF5CF3B501208CB0DC468EA89F8D20537D1A178FB0077A9C23D9268D5234DC04F836C45718BFFCAE5C3FCAA8
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...y...u.....j8N2....sRGB....... .IDATx^..w.eey6.....0.0..K...R..vM4&D..E.1..&vM.DM.hb..S.....Q, ..h.A.6..`....].5.s.....3......s.}.^.-O...y.w..j.........d...?...6.._....k....{....l..1:.....5888e...w.V;.v...O..s.t.........^.N.....t...z...]w....HoGSu.t.*o{..6...M..Xr.a...t...+..B..5..G.. cm.kS.^QX.O.pM...1.Ok.9.\.#l..y....L+o}G....5k.lU......RR.L(S.....Y............#3.v,..m...(D[......E.9/..z..U.T^.Xk(..c.3....3.=....w.=}%..L.=.....G............DL>P....7.V/.g.......xt..s.v..8z.....i+..A.z.....<9...Z..'.X....[....Sp.]+.V.i;.o!u*..N\..E.-.....&.3.F;...#t.0*.6L.ch......T.l.&h..cFJ.Cvb.S){:J...k...q'..VH..%...bo,l....z,.....*9^.o..e..\...B..8.S...+.....h{QuFJ...Ogp.9..o.....N...(<!$..... B<'^...."f..+....4...TN.w~o....)..W.^]w.u.6...ia.&....n...gP..~{.x..h..{.Y..-*...[.[.e.]j.}..bu...e....7o..K..e..H/.Z.vm.v.m....L.7...n,.}.=.tch!..0.c^.dI..B..u.v.Z.....!j..=...6.T....C..o.w..2PJ0.L...6..p.....^.y.c:.~.k_..v\.."P.'......
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):710
                                                    Entropy (8bit):7.6420074235896776
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i/fiuL9Jth8QDKgJJcVbcMuFq8y27geAYBRHUgXQLdKz:3iaJEwKhVGxgMtDQRKz
                                                    MD5:6128EDD2B6502712D472821B1FBA7CF2
                                                    SHA1:8086BDA12E424C091E5763403CED5776811867F3
                                                    SHA-256:EB8AF7C7D18B68C1819DC6A2D60EE05C189AFF7F8167B5C0E1388CC0CCD0C819
                                                    SHA-512:7F3AAA7124FC1E2184D58210B07B8907C79B08462B1DA62BEF48C81AFD34658D97044983146F0DF9A26C6E806BF667394C3F37703B66918A4EC87B4A5E4DB3E5
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8Om.M..e....U3?."....P.....K?.q!..F...".s..HiQ".X.Wn.T".K..1.A...+r!.....M....../...y.y.9sf.0..g...^|...[.....1..5.Q..L.C......u..\.".h.'A...........a6...;..J...E"X...8V...+......O.....$...Wr.9.G./...`>....._..q..>...........6.."..._$Y..U.8.]8....MHG..x.7q.2..yG..D...r....;s@........4L.2.bgI6.%.;A?bY....T..,.^.?.|b..}..g.Z..=..Z..x...g%}..%^...e..J...+.D.t8.......K...(.o...^\.H..(.....@...nJ><[...KX.......s.."E...Op>..0.L9k._cSe..|.1.......#....=../.}..Ur.....0..##.U..W..P..J.dJ"x<..3..ds-.g.k/...T..w._..m&$vH...IIwc.$..<-...m..5....7`..f...."Y..,..!.YaY......)..vL...Z[.w..1.:...I.A...2r...........w]).....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 800x512, components 3
                                                    Category:downloaded
                                                    Size (bytes):409913
                                                    Entropy (8bit):7.95219631986888
                                                    Encrypted:false
                                                    SSDEEP:6144:1Dr23GYmCyvs4vajj+WWQLAHw0Bq/eY/wgOZV5sdrR0Hex3iI+959GXPNYT0Pq3:u8yjPWQE3q/tMcrC+xX+9G/2T0S
                                                    MD5:EC7662C11A879D8DD231993B198BE6DA
                                                    SHA1:CAA34719A3C865F80F6C2C9937E703C3D88A983A
                                                    SHA-256:7BED9DC1A80B4FEA041B55342C10978FF776E6B2F71C09EA9FB7625F0BDD5C4C
                                                    SHA-512:8D4D9BBC0C6FAC1BA05454B8A37EEA1C403C4721BA3C8DF39757C946DB2537C2DD858559C8C64E525494F9991C2FD499DA7BF4C4FB5DE0A7A8D089670303A1DC
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20243/a2a8daff2a4b4506adb686e8e66385f3.jpg
                                                    Preview:......JFIF.....,.,.....,http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 4.4.0-Exiv2"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:Iptc4xmpCore="http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" Iptc4xmpCore:CountryCode="CHN" photoshop:CaptionWriter="..." photoshop:Category="18" photoshop:City=".." photoshop:Country="CHINA" photoshop:DateCreated="2024-03-10T10:00:50+08:00" photoshop:Headline=".................." photoshop:Source="..." photoshop:Urgency="5"> <dc:creator> <rdf:Seq> <rdf:li>...</rdf:li> </rdf:Seq> </dc:creator> <dc:description> <rdf:Alt> <rdf:li xml:lang="x-default">.........2024.3.10.&#xA; 3.10....................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.46085336827742
                                                    Encrypted:false
                                                    SSDEEP:12288:dPziwHW6gwH6L+WyVZlgCvfK/Bo62EU/gKH07ZRtbxL8hx6AB0l:liQWheWyzu+feBEE+gKU7ZR3whx6AB0l
                                                    MD5:0D313058241030D354794FB995B67332
                                                    SHA1:CCAF7E2B2ABDB6893581FE55A156C73A0170D7F8
                                                    SHA-256:EA568C590C39CD86E66431659876C208F84D8081BC3CB5E41D695B7AE1953A51
                                                    SHA-512:9B1A4CE089EF6010FAA959B80ACBA35DCD50C5E93DB95FED02760F43302F4F7939E47D49A3E22E28A0BE0FA3A1637974478A8270CF6A23AA1EB937585CF25F89
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.....................................................................................z...u...~...................................o...p.......................................|...x...{...}...........................................................................................................................................................................................................................................................................................................................................................]n..Vg..Sd..Sh..F]..:Sx.9Qw.:Px.:Nv.>Ot.`l.......................................................................................{.u.[.^.PxV.UwX.b.b.p.s.y.|.................r...Vdk.Yhl.fsy.\ly.Qct.Mct.Jat.F]o.=Sg.4K].6JZ.;NZ.BVY.DZW.F\X.Nf_.`wl.k.t.p.w.s.|.................Yuh.;ZO.:UN.I`Y.Ufd.Yjh.ixv.........................................................................opq.]bd.MRY.?DO.49G.*1B.&.@.&-B.&-B.+2F
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 399x170, components 3
                                                    Category:downloaded
                                                    Size (bytes):19742
                                                    Entropy (8bit):7.935993085793207
                                                    Encrypted:false
                                                    SSDEEP:384:0w8HbPfKgQLyTswW60LpYXZw0U3tjBW7OzVRSCxJkbpvA3Qkde5m8JX:x8DKgQC5W66qdU3tjaOzzxJkktAnt
                                                    MD5:6B8643EDDEAF9A61B6F7A6F1E999FEB6
                                                    SHA1:5B5AE1B336B103E6BF5411A606034D9B50728184
                                                    SHA-256:D2A3A9318C4A9D476315D16CEA64C8575DD4E7901BD506EBB48A358D1A84521B
                                                    SHA-512:4287A606E992E85A3C6F5CB7DDFB2E49E8ED961CC893ADD1DC3B3983A050C4018567271D82E557A94CFF89A20CF1A830C7EC82A58A5ABCA1C7BAF46B48ED5813
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202410/Sbbcc90dde4e048b3a996438d4a693ecb-400.jpg
                                                    Preview:......JFIF.....H.H......ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................".........................................I.........................!..1..AQa"2q....B.#RSb....3CT..$4Dcr....%6..................................6........................!1A.Q.."aq....2...R..#3Bb..C............?...t%G.I..>..G.u.F..u..U..k..d.l1&k..".....#2.9.8[AR.>9........W.0...I.CM../0....C.G....Iq..s.u..A..4+<.e.T\r..N.tG..M.gw....I[.+..,.a..%..qU.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1057
                                                    Entropy (8bit):7.615682278734755
                                                    Encrypted:false
                                                    SSDEEP:24:gfAaUKIKXBKfQdm8Z/Z7zl3ww7fKyMolxHl6oPBm6q5D9r8Vn:gf06RVZ/VzlAuSyFXBrqh9C
                                                    MD5:5A42E51D26C8E057EFAB7580EAA2F68C
                                                    SHA1:9AF13CBBA86717E047BF12D002088DFB95306981
                                                    SHA-256:5F83BB60517A644910D720213DDC203EAE751473EA9857329FE0E36CA139AE30
                                                    SHA-512:28ECB891CE00A281B11C4407D854D1F7C6CDD4D796DC2FA79BDF42F3D3E26D360F85D9855DE72E3BDDFAAFA3E6991A81AECAEB9BD23C4426CAB7BBDBD3431370
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_05.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O]U]h.U....v.&T.$/.E.!e......>.Z...o7...P..T.*..iZ.ZEPQA.....RE.)j.-...X..."R...`..{..3q....s.{.w..-.......h.j........k.......>..p...<[...F... .C.^..3.]......,.....I0.e"r#.+....Qk..,7....1.>.O.8&"O:..:X>FQt...h...d... ..6.d.E.D...v.c...T....inn.h..]M..y......{V....(.......Z.V.....H;M.U.. M........3..0.".8.j...{...9k.tM.G/.'.......Z.Sig.%..3.K...Zb...|BD..c....p...j... .V.8.`.Z...i..E...D....+......K(........O.s[..b.X...V.%.e.?.....E..*w.K.....".....n..`c.....'.......f.|.E.....("..97...3...9"...s....p..#.FEd.sn..R)...sQ.M.B.@".7...nc......p^D...p.{....D.1.....8.)"..x6.fkv.33...A.{...........#.w...T..Z-H..*J.5."k.......n.L....c.g.A....^..[?33.g^b.|2.*..GD.m.....|..v":...N.... "78.~M.t~*.HD.......*.J...d..3s.f.V..8.@..!...9Q.L....r[...JV...TK"......./-...E.)..99-oN.RY.Nw....ak...9.G....}}}.:..?D.O.D.......EI.!ku..L...c.M...U.baa..d}.6..7..Xk.]0.2......d.T.nM..?..!.+/--....?...I...&..{3.".....=.c+.,;
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1432 x 260, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):67657
                                                    Entropy (8bit):7.7954037633233755
                                                    Encrypted:false
                                                    SSDEEP:1536:45zIHwdwVTdlxDPZABtRAEInByqcQ7yncga:IIHwdwVjxlATysQ7ynW
                                                    MD5:E4518E9336245768E391FBD1211BB539
                                                    SHA1:CB095CAFEB7F4794812F8D0F8AEE24574941EFD3
                                                    SHA-256:7604147679C3FCD9C63F65F6DF9F6406F290337F7C237AB1FE00285967C2D4FB
                                                    SHA-512:F0ADE9B17E8F6E14547FDB4E51CC806B4827313C8AF31E99F9E6622FB620C037E1A638CB8D3CAB1CA13491C3B1C56E85D88FE7537160B9AA8693A65EDB22D142
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20243/25c1b37a92c24ad7865dfa8f8af9709d.png
                                                    Preview:.PNG........IHDR..............FQ.....tEXtSoftware.Adobe ImageReadyq.e<..ORiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/" xmlns:xmpTPg="http://ns.adobe.com/xap/1.0/t/pg/" xmlns:stDim="http://ns.adobe.com/xap/1.0/sType/Dimensions#" xmlns:xmpG="http://ns.adobe.com/xap/1.0/g/" xmlns:pdf="http://ns.adobe.com/pdf/1.3/" xmlns:pdfx="http://ns.adobe.com/pdfx/1.3/" dc:format="image/png" xmp:CreatorTool="A
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):95
                                                    Entropy (8bit):4.480992332034815
                                                    Encrypted:false
                                                    SSDEEP:3:qxAEBmHs0RkQRuCFVe49CJeTEZMiHo:qTks0RkQRuCetGEZMSo
                                                    MD5:57D6A4A452D23C56C76F94E5F2D528BA
                                                    SHA1:65C16978D4AEFC4333133F65C1CF0AF1246E5B02
                                                    SHA-256:16A0D8DD1A63F8B62B6956A67D0BDFFF15EA7267F45F7D38366684BAD6616D29
                                                    SHA-512:4DC72BBA488A06BC506D9C744F53E32801CCC421B7BD69C263997EDE8F67EE06C31E9C82AC626B7F2A43E3C0A866875386B324E8EE1A5DF6C012BB109B0EFDC1
                                                    Malicious:false
                                                    URL:https://www.ccic.com/script/webglobal.js
                                                    Preview:var isRead = 1;var beComment = 1;var cmsAutoPlay = 0;var beCommonCss = 1;var webLoginType = '';
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):684
                                                    Entropy (8bit):7.589795647084021
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i2yu8ih59cxtQa76fYlg0AucuKMGiuJbjbTVrGbaANJZeiY:pu8oMT6TJuKMGiuJbPBGdrjY
                                                    MD5:555682944AF2ACFD820654E5FB93035C
                                                    SHA1:BCF8DE7C12BC7F253FFA6CA256EEEB33BE4069D2
                                                    SHA-256:E5F26673A66C87FBBC7DF8E597D2CE67AA903F80CCA7146ABB00CAF819F0D813
                                                    SHA-512:8352E25D2F92083414DE5DEDF46A0D9933340EBF04DB4AB67ADEB69EEE51E0E0F93B7968CFC725F03916CE492D1457EBFFAE4E69C5FCB097013971C6250FA822
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........fIDAT8O}.M.i......FV>fh..4.....Y.....4.VY.....k1.P(,|d...|%.$.(a.....1..8...]x....s_.:............:..F...............=.#..[1..c.......^V...1..|.iX...}.]~R...t.^.4....'A...e|..p..p./:R.....~..7.71;.../6a__.C.$@y.i~o.*..{.u.|..8[Z. ..i...5.GI..?..&v....u..g..%....^.,,.z.S..b.+.Y.u.s..1....k....n...]..Q....T........+`w].Q...?^-.....0...a..Ge.4%.:.D&#S...Za.C%kS.j..<!:..)y=Nt.E.d.......5)2..4.at.Fjm......2_/.a.@.m.w.$...r...d...}XL.dO.....x.nc.N.-..\..g.MA.Z\wb...>.....6.f......}r.MM.i.S."L...i%7...T.......fy..T.p.i..l.L.y<..>..i.....l.^...l.0..j7...*++.g..fiT....A.o.o.2-..`...$I....{....a.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):723
                                                    Entropy (8bit):7.638356371195466
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i/I15/nXJKu/qUCJ7I3ACVDYnRKOEXmNWPYJMfgu06xlTSGEM:PI1pJzqUCO3VDYn2mNadf8Ul4M
                                                    MD5:538AB2B3935988D2BC2DB107906093E8
                                                    SHA1:B28990728B8835665E1A1DF397507A47C7F719CD
                                                    SHA-256:C303C2060524A92F80776C8305F5DFC42D078C4BC15A0D3B4666130CBEF2D4E4
                                                    SHA-512:7F02F12AE57730BB42C90C81A9FD9B669601D763FE5F515E36613758A0DBF4C09636B2D7CC6D8333C63E8E37514F97A3EDF8C40F16FF409ADEBDAA8AFB1970AB
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O}.K..U.....&8..m.h....(.d..(.#15....a...,.+_a.$..nZ....=&...a...T..."....d]._>....s..>..>.C.....k....X.....A'..................X.a0..\.ab.~.?.o.V7<..0.'.|r.....O....v.....?V......+.....`.0:E.....+q/.G..Vl..`.^.X........3../......XU.......{N.{..P....*g&.i..Pr.6.)<.c%.l<..I......(^........5..U..{.U9#.q4n>..........._.B...j.\x........r.........8...D.....3....xC.?.....Ft.#|.y.Z...$z...`[.........n..h..c.).(._..2gH..Ib.....|<Wn..H..*l.-L.~=.~eVt.E.q....`.."&aZI..R.b...{..`,R~.v.....+.9...H....z1)k..7ms...F..Hr..........M.....W.....W.L..2.z.3.2.RB.......RM.kf..%...k..1 ....j.a$.z.e.69O..<........Un3......f....5.:..U...}.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 400x136, components 3
                                                    Category:downloaded
                                                    Size (bytes):66578
                                                    Entropy (8bit):7.978897930626537
                                                    Encrypted:false
                                                    SSDEEP:1536:F7SeZWkc7TItjPApPSiy1dlwIw+tO6ydkO/1WjymodC3gmtA5:xc/IFiSddlXwMO6ydXJmyC3g1
                                                    MD5:F76C726E4E721368C84A67B85DD64A1A
                                                    SHA1:277DAB9FB877DB636591CC033675A1E4F3C86A23
                                                    SHA-256:0B45262ABAB5843D5160534B49B28F9FE0262033C386E62AF45BD0876C68A1CA
                                                    SHA-512:77E1730E8C81B4EF5826C9C61A62AFCF6309B57463826A0895A93918149EE1BB6E773631E5F7267746CC6A65E4431D912EC87E429C5361816800E61AD6243CE8
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20241/2fa75480f863404cb096471e97044212.jpg
                                                    Preview:......JFIF.....d.d......Ducky.......d.....(http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC Windows" xmpMM:InstanceID="xmp.iid:0CD3CC5DB10F11EE9ADDE3D7BE1A627D" xmpMM:DocumentID="xmp.did:0CD3CC5EB10F11EE9ADDE3D7BE1A627D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0CD3CC5BB10F11EE9ADDE3D7BE1A627D" stRef:documentID="xmp.did:0CD3CC5CB10F11EE9ADDE3D7BE1A627D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d............................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1540, components 3
                                                    Category:dropped
                                                    Size (bytes):262392
                                                    Entropy (8bit):7.945952908620789
                                                    Encrypted:false
                                                    SSDEEP:6144:ufzCtX3SYwuigfARIpzwitM5b7DokLIPylQaUA:uGtn/wuigi+7o7DokrQ1A
                                                    MD5:989C07DCA28C49D7F3A87CED6CB53C1D
                                                    SHA1:097EE55F396C1376DE8E30F868666D96FBDFF5EC
                                                    SHA-256:B346925F80089E9B8FD815DE340D0E5D425B102DF92AB62ED4F714F147EC627D
                                                    SHA-512:0EAE964524B4068DE763E71B1959DBAFD28C64F0C2F0D9D28A8202CD1B7FD0AAA50287E111BE6732CF39C486DAAC39F27D9F04774479710042DC553761C01BDA
                                                    Malicious:false
                                                    Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........8..".........................................e..........................!1.AQ.."aq...2.....#3BRTUt....6.$Sbr.....%&457CVs....DEFcu..d..'...8We...................................<.........................!14Qqr...23A..R"$a..B...Sb..#cC..............?../b...|.;.....+.(8vH....;$~.~..R..d..O.S.G..+%(8vH......d..O...f..d..O..vH......y.h1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%3A..G..).#.S.......#.S....)...L.c..)..vH....d..>......d..O.VJPc..)..vH....d..>......d..O.VJPc..)...8...R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text
                                                    Category:downloaded
                                                    Size (bytes):10916
                                                    Entropy (8bit):5.031274114704717
                                                    Encrypted:false
                                                    SSDEEP:192:kP7Hyt3vwdizh13zo2D21Slowp940tX7fx2jF0:kP2pvwdi/3k2+wowpa0l7fQjF0
                                                    MD5:91F2E97345938350ABEF4186F9F1DC44
                                                    SHA1:D70246F7127F8B9D93982CFDFC62216C8F3B33C1
                                                    SHA-256:77F4397DC9C1C6870F6B1CAE9EDDBC8B31A478CA93BFDBFEAE2CDD07316F2E1D
                                                    SHA-512:DCF95B62D3D8AA2F45A2498F0384D52FBDF23241355FCD64D1A60AEE45B233EF21CE17163C03BEF8FA6E3AA823D820904AA3BBC8CC6BCA85B95FB50FDD59101E
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/locale/en-US/viewer.properties
                                                    Preview:# Copyright 2012 Mozilla Foundation.#.# Licensed under the Apache License, Version 2.0 (the "License");.# you may not use this file except in compliance with the License..# You may obtain a copy of the License at.#.# http://www.apache.org/licenses/LICENSE-2.0.#.# Unless required by applicable law or agreed to in writing, software.# distributed under the License is distributed on an "AS IS" BASIS,.# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied..# See the License for the specific language governing permissions and.# limitations under the License...# Main toolbar buttons (tooltips and alt text for images).previous.title=Previous Page.previous_label=Previous.next.title=Next Page.next_label=Next..# LOCALIZATION NOTE (page.title): The tooltip for the pageNumber input..page.title=Page.# LOCALIZATION NOTE (of_pages): "{{pagesCount}}" will be replaced by a number.# representing the total number of pages in the document..of_pages=of {{pagesCount}}.# LOCALIZATION NO
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):2417
                                                    Entropy (8bit):7.850504166087918
                                                    Encrypted:false
                                                    SSDEEP:48:qLTTLq0R0S6wfOLB4MA3pYiA4ILrCjXk4KGXxFXJMK0ocflluJg0WmDq5AKGUec:qLnLCS6wfONRACzxLrsk8oKNaLWg0h+X
                                                    MD5:BE7CD9355FA2121FAB8E619ED546CED4
                                                    SHA1:230A3D5E2DFACFA7228F58A559DE5DF3734118F5
                                                    SHA-256:161FB247EDE7ECB867D864863B8E3DE3A93DAAE6286FCE1AB7C3700F55112C9E
                                                    SHA-512:EC893E352214AF962A16DBC8FA4E506187BE673F2AF780C7BA63B76D4710560DBBD26B02F2B6F321FE9109EB460BBE329FC2EBB798ADDDC58E13389157F3C33F
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...@...@.............PLTE...,,,...222......%%%...444???'''...000!!!...)))666###999...;;;...===AAAFFF...JJJHHH.........LLL...DDD...NNNWWWQQQ^^^...UUU\\\SSSYYY```bbbiiimmmdddqqqfffooovvvxxxkkk...tttzzz'......:tRNS..........................................................~^.....8IDATx......H..#...U.........G..'.B.....{i.>.@.7q~"..Nk.@.xK.RO5J.16tw..C-..7..j.+.x.u.....n.."W...M.C.E..t4..c6....d.p.j.0!H..y.l......]>...U..J.iX@.....Ns7.*6r..JIi.....<.....n..hdAz{r.x.C..T.u-.Do..b..../..9+...<.x[.K....T'...O.Q.zF.?........x....|....!..$@...N....c...'.|8.Y1..s...=....XSV...H.a.u+.[P....y.l...q..f....>.@...&}.I..[..C.$.\..rK.P[.4U...+V.S..>....tp...2-.....0_h]...~.U...$.A(.J.Q..t....a..........m...4..|..5..\.....+....J.m...1.@..*|.aVW.K....[G:A..dd.....KYV........r.\.....O.f..>.7.+*1[..{.....~..^b''.Vq.Q<..&+..x....m....bt("Mg/..&..u..N]..=G.......*kX[..u.y.3".)gUkF..z.p.."e.96...Lbm.X(.%...{k..e.o#V..z.&.".&...N=i..ECD...........).vp....gUt
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.4846613059975
                                                    Encrypted:false
                                                    SSDEEP:12288:gnDMHKjg5gNOpTyFMUCL0HJ1DPa8t2fwCNMApStFDyHj3WSCnsE1M:aDMqjMtHUCAp1+c2fwcMAGAesEm
                                                    MD5:955A93FD3BC39384CDA0F9487059DF0A
                                                    SHA1:0F248F38B2EB188BA557C816B4A2D874CDDF223C
                                                    SHA-256:8D458D2F422E53748DDD210B3DCD21A0879FFC060F892581945CF2C3B22F3300
                                                    SHA-512:7A30351A0416E760B8481BC8ACA3EAA95EC9AC0003F478C4EE99B7404017C35E3B73CEFA578796E9C5CE72D324E2524AF0B9BC10CAD58B30632DFC5CEDB9CF75
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.iaY.haY.g`X.g`X.h`V.haV.haV.g`V.haW.kdV.mfT.ngU.ngU.leS.lfS.lgT.lgT.kfS.kfS.mgU.neV.mdU.mdU.mdU.mdU.mdU.kbS.kbS.kbS.jbR.jcQ.jdQ.icP.hcO.jeQ.lgS.nhU.mhT.lgS.kfR.kdT.kcV.kcV.kcV.iaT.iaT.jbU.iaT.g_R.c[N.]XL.ZVJ.YUI.YUI.YUI.YUI.YUI.[WK.[WK.[WK.ZVJ.[WK.\XL.ZVJ.TPD.WSI.]YT.]XU.]XU.^YV.`[X.TOL.WRO.^YV.^YV.]YV.[YV.ZZV.ZZV.ZZV.ZZV.Z[V.[[W.[[V.YYT.WXS.WXS.XYT.ZZU.ZZU.YYU.[YT.^ZU.^[V.a]X.c_Z.f`\.g_].ib^._ZT.b_V.ji].jh\.hfY.fdW.ecV.a_R.][N.jh[.geX.geX.gcW.f_S.d\O.bZM.c[N.c[N.c[N.c[N.c[N.c[N.bZM.c[N.f^Q.h`S.h`S.h`S.jbU.ldW.nfY.nfY.qi\.rl\.rlZ.ojX.kfU.hcQ.f`O.g_S.iaT.meX.meX.g_T.b[R.ibZ.mf].mf^.ng\.phX.qjX.leR.ngR.vpY.vo[.wp].xq^.xq^.xq_.xqb.yqd.xpc.wob.wob.wob.wob.vna.um`.tl_.um`.vna.um`.um`.vna.vna.wob.wob.zre.{sf.xpc.tl_.ogZ.ph[.ph[.ph[.jbU.IA6.e]P.g`P.0)..4,..rj]..{n..wj.yqe.ib\.ofe.kbf.SIR.0&1.............'. ./%(.4*'.8/).@72.8/+.6-).8.+.;2/.9/+.8.,.7.+.:0..=31.=40.@63.I?=.VLG.`WN.cZQ.d[R.g^U.h_V.jaX.jaX.g^U.kbY.md[.ypg..~u.........e\R.F</.MD5.PG8
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):922
                                                    Entropy (8bit):7.603777251290975
                                                    Encrypted:false
                                                    SSDEEP:24:WlE9n+kdQXjEVXGOgRzyXOzSkXPQwj4jq8:WGejEaRzVSkXPjjI
                                                    MD5:17E31E08E2F448508927984555A60702
                                                    SHA1:0A72E386D44B8DC258D2CD6424CC1E06AF6665E6
                                                    SHA-256:498F3DD982175970A9A20E0444F8542ADA1AE8139E71A7C81CFE525F122372F6
                                                    SHA-512:D6A87A14E844762438CED505F97097A352C816CB7E310AC0A5E86920B0ECF972682A3D71996A46B92429C3A57F377BCC7FEFDC7219AA13ADF9C2E5289A7485E3
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_06.png
                                                    Preview:.PNG........IHDR.....................sRGB........TIDAT8O.TMh\U...7MlKbP...Xa.3.ro.Q..F..!.b]).R..Dt..t..7..........AM.Zt.y.22R..D...!b..{.\..q..ws.r.w..;.\.... ..D...y%M./...~T.&.<...........|P..j.q.n.7...p.N.!xnn.<...M.?.....f>V.._.Up).5....."rF.z..,.B..>.a......{.I....Y......1...Y..Y........h.ZYY.`.}..I":.$.Q..t:..j5-r....,....>.a..l.....acc..~.....|...\8.....y.?7..e.y...v.... .N..(.n.p.6!I..O*'H....x....!.{#3.S....8...s..d.x..Af...U.....@. ...3.R....v....EQ...VTP.y<M.7J...)..J....+.<...VE+..s.z....G.f....OV.m..V......f..[.,...../..\...(.|....^..0.F...0==}.....f..J.PE5....SD.L.$..`.}..v.} ..sD.q.$....s.s..........[..m.......vf.,.:..s"rw..K..:3k.t......M.......Z%.#._..Q..>.E..D.n.$.......1F..Yf~.bW.....sNM=....(.D...T.f.e}k......_Dn...8....{mmm.?..|srrRc.#k...^.&O].RE..c.....h...-0|....w.n...[k....J...""....455..........DdW.".?.)._.Nmm...w..V...^....c.C;}...7.....C......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 11 x 7, 8-bit colormap, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):977
                                                    Entropy (8bit):5.915203563698969
                                                    Encrypted:false
                                                    SSDEEP:24:Rq1hmYaWwjx82lY2T3XVQa7JyJ3V474Gvidee:yMYLNn2DSJ3J2De
                                                    MD5:BA1ACC0B11C2CD72C816A5AD527B4E28
                                                    SHA1:AD49A98BB763C15F303A447D49A639AFD0B2138A
                                                    SHA-256:BDBFA8FDAFAB623C63AA62B373DEFAB4E68AA544F637B6D87BA6184676826C62
                                                    SHA-512:F015728699649BAD2B7E6FFB823B7CD316E3F70B9155FB9558C896F9241DB0B25C7B7B7E7D79D850DC8CAF92686C3DD5A52670B3F0852BF0BA8294A33DBEA3A1
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20243/82283084bfe24b1e80588ace21b27a4a.png
                                                    Preview:.PNG........IHDR..............Go....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:2529081DE04A11EEBEDAE1FE2E42F09C" xmpMM:DocumentID="xmp.did:2529081EE04A11EEBEDAE1FE2E42F09C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2529081BE04A11EEBEDAE1FE2E42F09C" stRef:documentID="xmp.did:2529081CE04A11EEBEDAE1FE2E42F09C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.Hc.....PLTEz.......j....tRNS...0J...!IDATx.b`@..H,F......e...&..%.......#k;.7....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (16609), with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):16632
                                                    Entropy (8bit):4.9965505749699535
                                                    Encrypted:false
                                                    SSDEEP:384:TYb9W7fHi7n3/jgsaN2kLcZz9B3fT39cFJbz8Q8lHjB6u6Kw:TYpW7Pi7n3/jgsaNdLcZz9B3fT39cFJr
                                                    MD5:5C1AB0CBAD9D69A9D83839DECA839C93
                                                    SHA1:19536DE0FFDAB2D31B7783A1D3AB5A8FD473E97D
                                                    SHA-256:B255B9C9F64FC26172D1090F74EFDB994923A309C3777A07B2F5B2E23A4B596D
                                                    SHA-512:F3289FCC1DA389ACF6D15D1660DF9EA352424E42EF8F7FC20689326EE7A73A26C0849C5EACB1ACB938E43AC6E0B3E51E230A8FA6CC568B0B30FAEC9C5ADE688E
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/hanweb.min.css
                                                    Preview:..bt-weight{font-weight:bold;}.bt-left{float:left;}.bt-right{float:right;}.bt-clear{clear:both;}.bt-none{display:none;}.bt-block{display:block;}.bt-hidden{overflow:hidden;}.bt-margin-top-10{margin-top:10px;}.bt-margin-top-15{margin-top:15px;}.bt-margin-top-20{margin-top:20px;}.bt-margin-top-25{margin-top:25px;}.bt-margin-top-30{margin-top:30px;}.bt-margin-right-10{margin-right:10px;}.bt-margin-right-15{margin-right:15px;}.bt-margin-right-20{margin-right:20px;}.bt-margin-right-25{margin-right:25px;}.bt-margin-right-30{margin-right:30px;}.bt-margin-bottom-10{margin-bottom:10px;}.bt-margin-bottom-15{margin-bottom:15px;}.bt-margin-bottom-20{margin-bottom:20px;}.bt-margin-bottom-25{margin-bottom:25px;}.bt-margin-bottom-30{margin-bottom:30px;}.bt-margin-left-10{margin-left:10px;}.bt-margin-left-15{margin-left:15px;}.bt-margin-left-20{margin-left:20px;}.bt-margin-left-25{margin-left:25px;}.bt-margin-left-30{margin-left:30px;}.bt-margin-10{margin:10px;}.bt-margin-15{margin:15px;}.bt-margin-2
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):64
                                                    Entropy (8bit):4.620111486270711
                                                    Encrypted:false
                                                    SSDEEP:3:Inr0PFNyPpjAGhkQcdGw:xFUPpCQfw
                                                    MD5:9750AFCB54DD4A91425E55D31188D3A2
                                                    SHA1:C73B664A621B8061DA90F130116A47C668BB7D40
                                                    SHA-256:BC9CE4D736A96FCA65A3B2E1818069284016AA6610CC1CD973A5A0C1E311179D
                                                    SHA-512:95097587CEA34362B67344ACE2689092A01D223C83882D63E701B659E46CE5FC07F9A0ECF50EBCCBFADE17AF816C72C762D7EBA30D2792D53EC421EE021A8C4F
                                                    Malicious:false
                                                    URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISLAnV8lYwWvDuthIFDZj0ia4SBQ3gJIqZEgUN1eRXnBIFDZVrLGoSBQ3OQUx6?alt=proto
                                                    Preview:Ci0KBw2Y9ImuGgAKBw3gJIqZGgAKBw3V5FecGgAKBw2VayxqGgAKBw3OQUx6GgA=
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.606014465288503
                                                    Encrypted:false
                                                    SSDEEP:12288:wUmzrhlp2a8JRHCHPbI6gQwgxEd+7l9g46FfC0:wUgpr8JMvM6gbkEkj3Sq0
                                                    MD5:6726F9569707455825B84FBDEC3E38CF
                                                    SHA1:2BE5247DF18970C9C339075B1D40931C2195E02E
                                                    SHA-256:925462ED51D975A864C988EFF713B7E8CA0DB360DF245A3F004BB4C0E51F8B7E
                                                    SHA-512:3DCF4FDF991743AD6C58341C2D7CF841C26BC2817E0422A2CF667E9B679D46796B2F039ECA61FB1082E201644B95CDB2365F5650524D6B5FC9926446CA375250
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S21e8debfb884410795cad5065c60e67d-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.kyM.|._.juU.^fQ.bj[.gof.dmc.iqf.u~n.u.k.r.d.v.d.z.c.n|U.s.X.}.`.t.X.foN.KT<.LW>.alO.q}].x.f.s.^.{.d...v.~.m.s.f.bpY.UbN.^jU.v.g.qx_.KSB.]fX.fpe.]h^.S`V.\i].htf.IVD.^lU.n|a.y.k.RbH.EW?.ZjQ.n~b.n._.r.a.z.g.r.\.gwS.^oL.SbE.[iL.o}V...]...[...e...n...f.|.\.s.].r.].|.g...o.{._.r}S...h...u...p...i...m...r.r.X...m.........w.d.isZ.u~f.nva.T\L.RZN.V\V.CLG.BKF.RYT.kqj.bi^.cl_.lvf.oxg.clZ.y.s...}.^l[.[iX.\jZ.YfY.\i_.and.Yf[.myn.y.y.u.v.ane.DPI.GTM.KXR.amf.{...cof.UbZ.GUL.JXN.^ka.^ka.cpg.gtn.MXV.BML.DPP.S__.NZZ.COO.FRR.GSR.NYY.R]\.Yec.myw.fqo.R^\.NYX.Wca.dqp.r...q...iw|.apx.hv..gv..lz..l{..r...t...kzw.l{u.etm.\kd.bqk.m|u.l{t.o~w.p.x.Zic.Sb].crk.m{s.cpi.TaZ.TaZ.R_X.Q^W.dqj.q~w.q.x.n{t.lyq.u~x.jsn.lup.gni.jpl.dmh.gmi.u|x.pxt.nws.jtp.mxt.o}x.m|w.iwr.jyt.p.z.kzv.l{x.gvs.cro.jzw.s.~.o.z.r.|.x...r.z.[ke.l|v.x...q.|.w...........................w.|.s.y.................................~.......~...{...izr.v.......{...s...q.~.s...........~...x...q.~.jzw.x...w..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1920 x 602, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):261317
                                                    Entropy (8bit):7.972556552684337
                                                    Encrypted:false
                                                    SSDEEP:6144:KhykCMVw+TD8F/FKDzK69NM9OeBBXiRIf5WCkMrMu7GP6cmBbflifbq:KgkCMVw+TDGFUKiLASRArhyVELlV
                                                    MD5:FCB48F854617B5EA3830BD1475494955
                                                    SHA1:CF931BDE445C46E6DD2025A2AFE2A56142458FDB
                                                    SHA-256:5B153DF3E239010C25E7386717498D7EFEB3A8DBDF4118D3A35AD509E0ACF086
                                                    SHA-512:CFEB11323857E49C5A705220098C6A3103D41C55218E0C3C83363EB07D98991FFE896F7434F55EC1F8A2B6FD19DA9D4F6B2089F97A46C346EA30302665E92910
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20249/07DE2B9660AE08725262F5EF82285DDD.png
                                                    Preview:.PNG........IHDR.......Z......?Z(.. .IDATx^.]..#..u.......t....,.....N<.l.........~~..}~@._.we._R./..h..w.....R.d1.lH.g...&m......l....ky.2..r.k.......a.............l.s3.>sh.T........_.E...6..cj.M.....A..Zr....d~.x..*.....Y........z<.....y....?(...Y^M;........3.h..3.W.]E....A..i.i8.U.Oo...nl*.X.7.]U.'.T.p...H...;..|...2.3.W._.l.J...5e....'oC!..W.hZ.o..s9.a..._..yynzKf.........X.4L.m......X,-.m...H...%..&g.U[C.&.kr......e9...<F.{../NR..jW4q...y.f...u.T.X.5.?:x.*.8.!....u.sA....PI)....%b......c.k..a..tsm..m...>.??.4....|~=^.......v.m..=...&v..,).=..!.*1.L.....PSe.=1..M.=.:..3Lc....5...i...~.'..g.x.....\7.;.*....5.63zPL..3.zQV/.f....^..........7...J-@?.(?.=.>sh.T....u........l..2..m.f..5.o:..Lh...y>.....=6<.E..F.`;.^.0....4.t....i........C.lp.b-.x..Vw.i.;4...;>..bfl.........NK.X.0....l.6.p-..[B.....`.w..g......c.y<...u.G.).......y*........=.`.k..l..0.6.....x....&..p..........V...]..hM.....#.W.y.8...m'...w*,,.I..6..A.&9d.....b{.xC...-.xTs...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 380 x 159, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):81180
                                                    Entropy (8bit):7.993570242105472
                                                    Encrypted:true
                                                    SSDEEP:1536:9m0Gbs5LHlzduWs+F1rWRwZHobiwQGptehosGQfDzusjM:A0g+rlz4WsqWROHJKpt5Qf+j
                                                    MD5:109F58A23CD303540DD0929D2E0A2C3B
                                                    SHA1:4174800FE11A96D7F51AA9F1DB531537CD1850A5
                                                    SHA-256:992FCFA322D48A2D65ADFFC26BEADCD9F7195FA431B17B71CD9B4BBA90F00DA5
                                                    SHA-512:37327AEB11A563480128AE9DD98A6323221F74634EB8A2100200D83C5B4143A4C566F977D4E6C5CAC484C15996F6216CD092CEB8E5ABEA622D837D4CFE533C70
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...|..........@bR....sRGB....... .IDATx^.....YQ%z..2..f.f@.A..(....*.P. .....>........ADhZT.A.i...i'&.@........).2.*3.oE...;..g...ZP....;.......|k.x...6....kclm.M..5............[ckk....n.}.G.d..~;....=.O..V~..u...YV<3....}q!....C..r..q....f..N^>....7q]=+j.....g~W_o..M.3......^">.......-.Q\k...}Q.....(>.W.....{.2..)6.9...jl...!.........,ZRs$.(c.."....5...[.+..Q.....6...s........b=ho..V.>x....Q......g.;..5..z..Wa..........X..v.<.3.c..z..........b...m(..[...Z+.~..C......y.^....(.O.6..6.......u.zn..P8j.....6&..P.t"..7z...h6....N.zy..13.....(>V..u|^.[....6...n...n<.K.C.......K2....@h.D`.YYN..X......... .._..M7RF.R......R..u+@.t........ .....B\.O$.......?.. .....F.x..^.}.})h....@...U....m.p.[.oL."$.s'@..>py}..$......J...E..56.`'.BS;1$.....~^...VH..I.hH.'z.... n5....+.l...B....1.bN'..<.....1..........._..B.....].M..z&<.Z......,!..s{-.\.....l$...m...g.E....~.u..X..`.e...4Y....w.+...}AEY....h.g..?.I.k.,.M...S..f.E.X/.#..ut..m...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):911
                                                    Entropy (8bit):7.665028475955007
                                                    Encrypted:false
                                                    SSDEEP:24:cYa+FuH18oTD23WE7d5ZsNPK0lMh91dtOrG9:pBo23WQnsNPKgMhBtOrG9
                                                    MD5:829E4B2F96B26F9555203919F0F948B8
                                                    SHA1:5D04FACE2C596A914E93431FB01534E2F356B434
                                                    SHA-256:5BA453B272276785C5F2ED18205B8A51794289B24E5935803618F83505CFE0D3
                                                    SHA-512:F5BB7476B472CD350AFA1F9170C3149EB164CF9685C583E98B56C3D8ACD7EF4852ECFBC7D02C0EF179004F113EA2233AC9E36DE485168713E98E1A6413E30B7A
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............w=.....sRGB........IIDATHK..MlTe.....0*.@..Q.!.%]..].l.*..t... ...H.B.....Wv.i.a.m...SC..l..MH D...1U.N..r..C)..ln.w.{..~.}.#...<.x2...m.h.*..J........n.`.)~....CT.........~h ..TfA.#z...5V>.cyX...<...X.2....!.....5Na...w.H`.>..........|.ag.1...8Nz...8.E..>2.......@Qo;c.!.A%Y.QH.*./........'].a0.(v*C...";..%......`.z.go..1......&$....L....N.b...{n...M ....u...{.oc..'.2...~H.:I....W..S;...;...^3vz:Z.g.4..Z.3<.g<u.+......)r..Q.C......F....*.....t..~..ISU.J....5P.....`O......x^;..st.../.,.....r....:0....d.......5NVa`PV..G.x.L+...oA.".j.wr.Y.......@.....A.C........L...|...b[.....r....K..n......].m....k.B.9..0...f[...743.J.N..zI...@..QD...HL:..z.Y.;T..Y<+T.c. _.....{......+@S...8.>.^.Nz&.....)...."s(...DZ.#...y .1#!@....uN....H.O.j.?..*}A.E..Y..'KK..z.>......?.F.s..A.....E^.5_...kYU........'.._..*...3...........5.<.h...........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):4190
                                                    Entropy (8bit):4.547069568552328
                                                    Encrypted:false
                                                    SSDEEP:96:8SCXqE6KySyKE6OyS+ySKuMy46kQKk+uC6SSQEHqqOQSumayY2e7ulMSeATCeuaW:qGXZmYPY
                                                    MD5:E09CDC3B378BE2E091686C10363F0B15
                                                    SHA1:958BEA12909F30886FA0A3D822BC982916FBE860
                                                    SHA-256:A4B5FB6D7C28B03AED164C4039514CB1ABB5619AC64E6B4F1A91EB0610EDD759
                                                    SHA-512:A63A4D86C4B59DE2DF23C344ADC5AAF0AB96453B1695B75A62B7C7978DAEEEBF2F69F762675A2242F43D3BFA3F4D1BE7FA52A5C8FCFB88A5EB3F1F8AC503F4AE
                                                    Malicious:false
                                                    Preview:[ach].@import url(ach/viewer.properties)..[af].@import url(af/viewer.properties)..[an].@import url(an/viewer.properties)..[ar].@import url(ar/viewer.properties)..[ast].@import url(ast/viewer.properties)..[az].@import url(az/viewer.properties)..[be].@import url(be/viewer.properties)..[bg].@import url(bg/viewer.properties)..[bn].@import url(bn/viewer.properties)..[bo].@import url(bo/viewer.properties)..[br].@import url(br/viewer.properties)..[brx].@import url(brx/viewer.properties)..[bs].@import url(bs/viewer.properties)..[ca].@import url(ca/viewer.properties)..[cak].@import url(cak/viewer.properties)..[cs].@import url(cs/viewer.properties)..[cy].@import url(cy/viewer.properties)..[da].@import url(da/viewer.properties)..[de].@import url(de/viewer.properties)..[dsb].@import url(dsb/viewer.properties)..[el].@import url(el/viewer.properties)..[en-CA].@import url(en-CA/viewer.properties)..[en-GB].@import url(en-GB/viewer.properties)..[en-US].@import url(en-US/viewer.properties)..[eo].@import
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x369, components 3
                                                    Category:downloaded
                                                    Size (bytes):197988
                                                    Entropy (8bit):7.972332637837605
                                                    Encrypted:false
                                                    SSDEEP:3072:9sABB0zg9Q1HcvQr5aHxw7uVDF4BaS1w+ocDqHjCsJzD1dSWEVc:WAIz6IHTr5aMaOBlC+SusPEVc
                                                    MD5:2FEFF5E9E2B9C3322236FF03FADD3FEF
                                                    SHA1:307FB7E8C24B8BE47923C3A4A7B27CCF567F3209
                                                    SHA-256:96701A0FB3F15DECD5BECD6AD49D6F1E39F65906885DBF1425DFEDAAD4B3F502
                                                    SHA-512:3F127F8E7C0A63C99C5F7F7B05EDEEAFD13DEC7871FEE53422DCFC7673B2E123665E61D0EAA526C1B98FC74743078D3CF901CC9F19B05E3D3CFF87E11658EB6A
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20244/616735CD5C01C475A4878927615E3494.jpg
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:09023C23FAF611EEB804C9B713FC4A66" xmpMM:DocumentID="xmp.did:09023C24FAF611EEB804C9B713FC4A66"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:09023C21FAF611EEB804C9B713FC4A66" stRef:documentID="xmp.did:09023C22FAF611EEB804C9B713FC4A66"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x637, components 3
                                                    Category:downloaded
                                                    Size (bytes):378552
                                                    Entropy (8bit):7.980382594009579
                                                    Encrypted:false
                                                    SSDEEP:6144:pfDWnwMjpFb/JJszbEotIFHFIEHFMnblSyQCl7xlxbPRsj83A8N/:pfDUnfLotMHqEHFC7xLPRC83j/
                                                    MD5:EC5C2BC464FCA0AFB51C8BE4012ABF02
                                                    SHA1:598937C70943F0650428C37B882617121C240DFE
                                                    SHA-256:11CB22420988FF24FF9AD8AEDEA4F352D0856640778A26D2C69963C20AAD69B1
                                                    SHA-512:308E5EE262FCF3EA5FEF9E2E6EEA1493E51C4CBDD58121208D65B09B6EEEF9C3F7062F145A1DDD868F620B51FDE039952C7FE5821D8E9687286C5A7762E78104
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20244/8CA089114E2C05B668F35E167001E0E3.jpg
                                                    Preview:......Exif..II*.................Ducky.......Y.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:7C3A8A8CFBBA11EEB90988B32605F4E4" xmpMM:DocumentID="xmp.did:7C3A8A8DFBBA11EEB90988B32605F4E4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7C3A8A8AFBBA11EEB90988B32605F4E4" stRef:documentID="xmp.did:7C3A8A8BFBBA11EEB90988B32605F4E4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (1513)
                                                    Category:downloaded
                                                    Size (bytes):2292
                                                    Entropy (8bit):6.118812665674739
                                                    Encrypted:false
                                                    SSDEEP:48:+nLbQX0HWLWBGrmAAlvHlaMztlhqiMFe8BMcD:+nL856H99IMztl0iMFercD
                                                    MD5:B5CF8593A243C889630013F755369E89
                                                    SHA1:1AA9EF7E68486E85DDA3CA42BCBB34E20C1FAFF7
                                                    SHA-256:F2B54F014CBDC8613BF575D41A1DFBFF444D036A2B01B5BEB3969552B4C4B0DC
                                                    SHA-512:3BBA7D2D7A7C83B2FAD3A6D97B96F673A6DD47F6DE77E85B8FB4B948ADD302FB44E5E7C27C68EBA15DBAB384B7910869A0E1119AFDFF7702D46913496BDDBAFF
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/default/css/iconfont.css
                                                    Preview:@font-face {font-family: "iconfont";. src: url('iconfont.eot?t=1566991353912'); /* IE9 */. src: url('iconfont.eot?t=1566991353912#iefix') format('embedded-opentype'), /* IE6-IE8 */. url('data:application/x-font-woff2;charset=utf-8;base64,d09GMgABAAAAAAQ0AAsAAAAACHAAAAPnAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHEIGVgCDMgqEEINpATYCJAMUCwwABCAFhG0HRhtzB1GU7c0K2cdhHEMuQWnCZPLW/u8Iqr3te3b3XdgjZhWipLAhaRTZgkKBEiAMCmNwGI0w8H8W8n4+z3rJz8xm2jGy0gjoLFT8tI7XaBc3wSeyXflm/M/ltCk+v2W5rDnsrrSoF2A0gQIaewGFaYGUKDeMXV7kcgLVkgGI48r6dqAVertAPJiNWqATGqUCHTpCq2BogXiBRifNI68AePY+H78hNWiQNBn0rmf3FQYo/oI3a9HU/1Ph1sEAdzgT2CgytoFCPBZaHqAgsg2p8u8o+0DVkaQveBP2puXN2v//UQQbklXjD4+sSIJogY4cAPsoWvgCi07mK4xTJG2BKglK10LetSzVgIoeXvEfdMXykE+bJWnWJ5AK8g2jqKjQoUTT4+m8e7cD1K5tUeTSrSp/5/ZotGKHWh1AuN2aO3faMSx1RhOLtxPTdri2wdStWuRPWl0XT+2buvfkBeel0/unHThzOakWawDWMCG327QmwTN5XB0p66o4Ne41QckfzRXIhRM0ZzzdPe6c7VTOO/l37nWcutuhdnmKOnSqc+5Ct6fzjEetPntXx95JOrKVRc6jR522EFEmbMH2DTLCbjAGvfCSWwtZctz6dWNJg4mvQo5LtWpQL6S5axt6JPzKgCvhgXSje/eL3dC/yyx
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):9988
                                                    Entropy (8bit):4.389729577080175
                                                    Encrypted:false
                                                    SSDEEP:96:z1D7/GyW/gS+jeYkXG3G75GAv9ePWrIO0CzkL33u31kFBoKo5vIRGCmPzfE2ZjC:ZD7Gff+jUFePWrIdRTBwqQPzc2U
                                                    MD5:B108A04C5653893DC68181B5B6C4039F
                                                    SHA1:E3DF68CD2F8518F4E005FDBFF485334A1076FE82
                                                    SHA-256:AC48C154BB11EA9A54385784073113326B14F23F5E9437AB464229BEC90DB1AF
                                                    SHA-512:823BFD34BC9B670B73E3ED7F1A4FE19302C95BF923FF266D720CF0B4877D50F6952AB4CAEB1E6A04E565C9C8B701A4F6C79D09FFB15D920163EB1C7C19E47E1E
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/contUp.js
                                                    Preview:..(function(root, factory) {.. if (typeof define6 === 'function' && define6.amd) {.. define6(factory);.. } else if (typeof exports === 'object') {.. module.exports = factory(require, exports, module);.. } else {.. root.CountUp = factory();.. }.. }(this, function(require, exports, module) {.. .. /*.. .. countUp.js.. by @inorganik.. .. */.. .. // target = id of html element or var of previously selected html element where counting occurs.. // startVal = the value you want to begin at.. // endVal = the value you want to arrive at.. // decimals = number of decimal places, default 0.. // duration = duration of animation in seconds, default 2.. // options = optional object of options (see below).. .. var CountUp = function(target, startVal, endVal, decimals, duration, options) {.. .. var self = this;.. self.version = function () { return '1.9.3'; };.. .. // default options.. self.options = {.. useEasing: t
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 668x287, components 3
                                                    Category:downloaded
                                                    Size (bytes):104705
                                                    Entropy (8bit):7.977109621278782
                                                    Encrypted:false
                                                    SSDEEP:3072:gtIOuFfD2zT9Ktjw0DhkUDUadnon3/bl6DHoYMQ:gw2zRsZDPUDl60YMQ
                                                    MD5:2B4AADC9719E27F996B8FC4F3C452FD1
                                                    SHA1:9319B30B7C8A2138BE69D2391612E1D91B5B78FB
                                                    SHA-256:998522589138458AF6124383326E901B3F2CFA2D91986C39A9F7E575EEE6929E
                                                    SHA-512:A9D10219BE7F99E753115466E7697222BD7DEC3B6EB6241E207EA69CF50B2B8C84CFA1EFB187509FBE2C1FA13513288B282A3C285864839BE816E54040F44B1E
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20249/75F5CF591190DDBD1C64EE52D6B54D0F.jpg
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:2528F9856F5211EF84BFFFD755C32B67" xmpMM:DocumentID="xmp.did:2528F9866F5211EF84BFFFD755C32B67"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2528F9836F5211EF84BFFFD755C32B67" stRef:documentID="xmp.did:2528F9846F5211EF84BFFFD755C32B67"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, from Unix, original size modulo 2^32 1305637
                                                    Category:downloaded
                                                    Size (bytes):302257
                                                    Entropy (8bit):7.998698282242333
                                                    Encrypted:true
                                                    SSDEEP:6144:YTvakFyt8BU1RBNHCzMkGgbw60cbA8PPVMtePNnX27Whr:iR4th1Jg5pQcbFXPNnmS
                                                    MD5:4A6D93310D3D726728C02B1C64C36983
                                                    SHA1:CDEAC2F706AA25985A197339F57A280694AA5B72
                                                    SHA-256:C3EA8A64EC284CB7E0C663E3F363340B3666A8B57CB52DDEE3E32D20CA7D9F70
                                                    SHA-512:14CD3FC9D2DF8B6EE4AA68CC4C4A3A4C8D3FFFBF9D85B22614159D55DA0117052F352435BF09D2653AD4FE6D0528892D009AA46231ECE1043058E76FA96323AC
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/build/pdf.worker.js
                                                    Preview:...........}{...>.w.).]....'q......%.$.e.9.%>..P.....Y..s.3.`...d'..w._....`0......?...:..hx6.......s>..&......3GB3...M.....'s.B.)sY.o.W...tx9.M.Mg8F.*_._0.E6&.o.../.{k.:.&.=.......x..'c+....:Ho....e...,.N.f:C..Z.^...+..r.K6.vr..%..+.+...G....8......h........A.....cr:.x....v&.`.?7.;...|~....._...po2}q.h6......{.....J..f6.L....u.....%.:...Q.u...6.O....p.a..M...S..`8.O..Ws.K4..p.}.P.?..v..W:.........GO...u.]?8X.=..<...t6.v.l.m...k....}...O.t.P.c.....@sHj6.!.aC.Gr.>.........]....gt^L^5.1..^.g.......hx1..g...bC,D.m..a..)..V,{.....W.3..y.bD.~>...Y..l2..5O.....2.w....N..6.L...............*M..Y....qr.Ss6.c....c...+....~..X9..........1..giB3z...A.Ww.rp....r....hp.......t.N....vS....../..C.V7P..."K...o....[....P.1.r....j:.....w..G...P...0.....R..X.w.%o.(.q^..W}....s4j....../...l.GT]..q''.O..'V...p...g.AW..n.l.~.g.|1.)....%........|.w..%....IS.Q.]....1G;..u.......<.H.....do..$r.%-j'.Iw_.w.GVm{p'..=..b....0z.t}(I..7....`m........
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (431)
                                                    Category:dropped
                                                    Size (bytes):54714
                                                    Entropy (8bit):5.222710376887887
                                                    Encrypted:false
                                                    SSDEEP:192:bz8fW6D1ksUGND9o0mMJc0dfsCmR/Cp6TiLbMRe+Wp3vl+1basCdO1QaIx/YLq46:IW6D1bn5A0dfsL8Lo4ACdr/Y/+Bd
                                                    MD5:699CF22F1309FCF0AB8C76DAEF0EBBB8
                                                    SHA1:872ECD95386519EBD96A07B247D58E74FA5E97A5
                                                    SHA-256:6E7E1FF6449131B1FBF6486906DE2D13B0089B39706608AE2622A1AA9184FD27
                                                    SHA-512:18F290B63B3E9E4D69E7529E72F7222672D3E914DA827D0B9FA8F0DCA3248133D2D8143F63349746B425B53268FA196C5A0663F49FA848E20F4129D8D7FB9008
                                                    Malicious:false
                                                    Preview:document.writeln("<style>");.document.writeln(" /* ...... */html,body,h1,h2,h3,h4,h5,h6,input,ul,ol,li,input,p,dl,dd,dt,button {padding:0;margin:0;}");.document.writeln("button {outline:none;border:none;}");.document.writeln("body {font-size:16px;font-family:\'PingFang SC\';overflow-x:hidden;}");.document.writeln("ul,li {list-style:none;}");.document.writeln("a {text-decoration:none;color:#333333;}");.document.writeln(".top_wrap .nav ul li a:hover,.footer_bot_r p a:hover {color:#DE0617;}");.document.writeln("a:focus {outline:none;}");.document.writeln("img {vertical-align:middle;border:0;border-style:none;}");.document.writeln(".clearfix:after {content:\'\';height:0;width:0;clear:both;visibility:hidden;display:block;font-size:0;}");.document.writeln(".clearfix {zoom:1;}");.document.writeln(".fl {float:left;}");.document.writeln(".fr {float:right;}");.document.writeln(".core {width:1200px;margin:0 auto;}");.document.writeln("body {background:#FFFFFF;font-family:\'....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):911
                                                    Entropy (8bit):7.665028475955007
                                                    Encrypted:false
                                                    SSDEEP:24:cYa+FuH18oTD23WE7d5ZsNPK0lMh91dtOrG9:pBo23WQnsNPKgMhBtOrG9
                                                    MD5:829E4B2F96B26F9555203919F0F948B8
                                                    SHA1:5D04FACE2C596A914E93431FB01534E2F356B434
                                                    SHA-256:5BA453B272276785C5F2ED18205B8A51794289B24E5935803618F83505CFE0D3
                                                    SHA-512:F5BB7476B472CD350AFA1F9170C3149EB164CF9685C583E98B56C3D8ACD7EF4852ECFBC7D02C0EF179004F113EA2233AC9E36DE485168713E98E1A6413E30B7A
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/24dd44efad6a446485a42915b497fb31.png
                                                    Preview:.PNG........IHDR..............w=.....sRGB........IIDATHK..MlTe.....0*.@..Q.!.%]..].l.*..t... ...H.B.....Wv.i.a.m...SC..l..MH D...1U.N..r..C)..ln.w.{..~.}.#...<.x2...m.h.*..J........n.`.)~....CT.........~h ..TfA.#z...5V>.cyX...<...X.2....!.....5Na...w.H`.>..........|.ag.1...8Nz...8.E..>2.......@Qo;c.!.A%Y.QH.*./........'].a0.(v*C...";..%......`.z.go..1......&$....L....N.b...{n...M ....u...{.oc..'.2...~H.:I....W..S;...;...^3vz:Z.g.4..Z.3<.g<u.+......)r..Q.C......F....*.....t..~..ISU.J....5P.....`O......x^;..st.../.,.....r....:0....d.......5NVa`PV..G.x.L+...oA.".j.wr.Y.......@.....A.C........L...|...b[.....r....K..n......].m....k.B.9..0...f[...743.J.N..zI...@..QD...HL:..z.Y.;T..Y<+T.c. _.....{......+@S...8.>.^.Nz&.....)...."s(...DZ.#...y .1#!@....uN....H.O.j.?..*}A.E..Y..'KK..z.>......?.F.s..A.....E^.5_...kYU........'.._..*...3...........5.<.h...........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):238
                                                    Entropy (8bit):6.687374423372517
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6LPHA1YuN276Q8nKbz7l/DVyVD6NX0Mlkup:6v/7PLPwYuNcZjzB/DVyx8XP
                                                    MD5:D86ED7C2CA30E08F7F3B499DE2DCA107
                                                    SHA1:6E10286DA3A52E0BBA782D0FC4A7C33D10C8F4B9
                                                    SHA-256:3E1AA1DF58B9BA316C01F4E6CE1099E0FC56948836433B9FB34939DE5A5E0E98
                                                    SHA-512:EC30D35314201882898267E3EA8190AAA3C51AD8CB0FE8DA34C2434390A1C45381A8670DD8B3E67C330689FE6715E89949C1080B1D2536544D1523510E6AD5BF
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDATx...A..@....A'.E....:D..:P...D...H.".Z.E...8..}.....-....?... ..H0..$.Dm.O. y...H.......Xu..Yy,.U......-...........2.9Za..9.yN.b]..2.$...Y...h..7...x..iO.f.jW.........A.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x720, components 3
                                                    Category:dropped
                                                    Size (bytes):180870
                                                    Entropy (8bit):7.980586830032701
                                                    Encrypted:false
                                                    SSDEEP:3072:ubJNORVPZuZiupSwDTcsKK/4evHDSb6PNwQYIY1qDFOiO1/rQxSTOxr+R7jMNG:u9N2VxuZiJwDZK2WMNVQOpOBrQx3IGG
                                                    MD5:68D1277E0C596E52BC936C959A1E09DF
                                                    SHA1:79D831BA4F465D08A903FAF47FCC6143E0B065B8
                                                    SHA-256:982E289A1716B4AA06CE5BB7AA500F00BE8AAAD0DE9CC4D7807DEB5AB93995B3
                                                    SHA-512:46A43378057C4FA0431B3A87406FE4F9498A184A2B0890B59D9DE046151168F2264896C9151230E9F09F522E9FCDBE2D3B778E46721A249A37935C5C58E68EE1
                                                    Malicious:false
                                                    Preview:......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........8.."........................................K.........................!1A..Qa"q...2B..#R...br.3.....$CS..c..%4..&DT...................................3........................!1.A"Q..2aq#B....3.$...R.............?...@...=..}..W.|.Du......J.N.5.k..N.1.F^(......7.(...(4..F{S.m...D.....iUd.@).T.P...M8n......3.=.).....D....i.+.}i.7sRU.6...|TP)h....!..|R..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (2013), with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):5986
                                                    Entropy (8bit):5.749181877286296
                                                    Encrypted:false
                                                    SSDEEP:96:NJnHa14tL161sZ1XGz1t/mMSEI5wDvV9Zmk/fyEsod/5RrJoHj:zHaI6yZ1XGjm0DXwkn5s+rJoHj
                                                    MD5:EB4B3F27C34AAFF0B30EBFBA60788466
                                                    SHA1:0F3837A23CE84E20291AC95D3BF6335B7E3C3416
                                                    SHA-256:8943BD2BAC4554EB5B4E2479EB201D96A3BE8F278ACF111D87AD1294A7432D5A
                                                    SHA-512:965023D9534768C6F0E19C8F9EBE6822360637362C4A464AE09FA1F46490173578984CDC8F5E443C134670733EC12A631C48B40906FCD29A67FEABF5311FF90E
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/css/mb-comm.css
                                                    Preview:@font-face..{.. font-family: "local_arial_narrow";.. src: url('fonts/sfont.eot');/*IE 6,7 ,8*/.. src:url('fonts/sfont.woff') format('woff'), /* chrome...firefox */.. url('fonts/sfont.ttf') format('truetype'), /* chrome...firefox...opera...Safari, Android, iOS 4.2+*/.. url('fonts/sfont.svg#iconfont') format('svg'); /* iOS 4.1- */..}.....bar-nav..{.. /*.. background: -moz-linear-gradient(left top, rgb(255, 155, 90), #ff6600); /* Firefox .. background: -webkit-linear-gradient(left top, rgb(255, 155, 90), #ff6600); /* Safari Chrome.. background: -ms-linear-gradient(left top, rgb(255, 155, 90), #ff6600); /* IE .. background: -o-linear-gradient(left top, rgb(255, 155, 90), #ff6600); /* Opera.. filter: progid:DXImageTransform.Microsoft.gradient(GradientType=1,startColorStr=#FF9B5A,endColorStr=#ff6600);.. */.. background-color: #0266B3;..}.... .bar-nav .title, .bar .button-link.. {.. color: #FFFFFF;.. }.....qr-vip-ba
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):665
                                                    Entropy (8bit):7.6312651303376775
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i6rBARZGQKgK9+JFoD6Lozt57lwlJCOX6Yajgt5obF/Dqx:qrBArGQKgN3VLo5Rwl07YAf8x
                                                    MD5:1EE9BA5C72E0E63030CB7DA618D3F257
                                                    SHA1:BA4D608187C055A5D5BD7661EA04D20FCDE8B3E9
                                                    SHA-256:54351A0B01D8AE1D6E15277E69C890149413DF6A9CDF11B762306F11EA7C114C
                                                    SHA-512:FE3884402D7EC0D5467930A0F7B269F8607A801CEA8C698F53E0ED7AF0DD5417B067BEA00E055D43D573452689994D46F07471BA77997E577E4E6753B523ADF1
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........SIDAT8O..K.Ue...i....i.&IR..D...|dhZ..N|!b`H.|4H.6(m..b.....A.5........#..g.r....p...:k.............G...$......z....4.W1....;.gI.......b9...X=.".]...l....V..|.m8.wp....`.E..x...U.Q.l.n|.uh...{...i..l.^|X?I<?..X..+........X.CX...i6..qa.o+..a...5....q.o.7}..wX.}.e.l.....`I.(.C.........;.le..-....}N...._~...{..X+.m......G.Xd9..^-g:~...{H'.......x..F.\Y...W..v|..o..]..ak]..J{.G1..._bC.'.?...w...,..8..kJFW..j...-.......`..u8..6.V..4..3.s1....z^-.4.Z".;.....,...W..=c.L.qL.$\...8`.^...Q...,.bh1...0.d.[M.....&%../.;....=.<.........R..Z./.$.,.0..dm.e......7kN..,.LQ..y...n.y....,...$....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC (Windows), datetime=2024-03-12T10:20:03+08:00], baseline, precision 8, 1920x637, components 3
                                                    Category:dropped
                                                    Size (bytes):335414
                                                    Entropy (8bit):7.974615190743803
                                                    Encrypted:false
                                                    SSDEEP:6144:nH7e6UVJS1pce+/GlopzgFLffCqGduB5CxLw7NfdamC/dZqonl/Ls:nbe6kJTp/d5QfyuBIx8fdadXl/Ls
                                                    MD5:A55CBAA016021E27E064B99C841B980F
                                                    SHA1:D489E820EE8603B2F4C6574EA8AB4970BE8ACBD6
                                                    SHA-256:F8A8C97543D599ED2EDD22E92C4E455D6B6CC4619575DC10B44EF8ABDB6336BA
                                                    SHA-512:9CB2139F685D494F7DA83B767E3F4234CAA0A11A6BCCDB00B8A4624CED604696C3360D2CA9DF6E32BAFA33C9128C77D98A9EFB1CDECB25AD57B47096523960CB
                                                    Malicious:false
                                                    Preview:......Exif..II*.......1.......2...2.......P...i.......j.......Adobe Photoshop CC (Windows)..2024-03-12T10:20:03+08:00...........0220................................}.......}.........Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmp:CreateDate="2024-03-12T10:05:24+08:00" xmp:ModifyDate="2024-03-12T10:20:03+08:00" xmp:MetadataDate="2024-03-12T10:20:03+08:00" dc:format="image/jpeg" xmpMM:InstanceID="xmp.iid:08E533A9E01711EEB4EC99F66DDE239E" xmpMM:DocumentID="xmp.did:08E533AAE01711EEB4EC99F66DDE239
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 10 x 19, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):395
                                                    Entropy (8bit):7.279914715402023
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7utP+biMUNtwba1J6xR6C7rHrf+Z+LKt7:7N9twba1JihTiZQs
                                                    MD5:BDA8211B6F45EE455999BB4D8446AF0F
                                                    SHA1:8338A754A6DDDA600F6A48D4B92EE647A9DF365E
                                                    SHA-256:A3516492F544AF7786480153492BCDE72063BAA522DEFAEE86AC2153197A6177
                                                    SHA-512:8FA3210793B297BAC11F6B950E9379B5209B9EBE05C53A59D5B6008E5CDB16ED01E0BECA369CBA2B62065A1D7C65E1236AADD89AB1F0E45673A17CD827076645
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/4fffdd5d96a940eaba05714cac4ba711.png
                                                    Preview:.PNG........IHDR....................sRGB........EIDAT8Om..N.P.....^p.;..E4Dc0^ Dbt.....0...+.@.|%..U7$*.sN9PZ.l..f....=uMq&..%E..K.9..y.x..Qz.0....M|.c.........(..p.\g.|.x.......EJ.O..2...a9...]..6.L.....t.......e.C..(..j..IB.c~..A.......4[2..o4...l.y........AM..$b..,9Z..p.).Qi....9z(.3.h.....}..7..o..&C.'....].53L6....IM....!.]B......1.9M.;`.xKBw..^..?..s*..0....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 17, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):7402
                                                    Entropy (8bit):7.814101531066309
                                                    Encrypted:false
                                                    SSDEEP:192:/gMdViSpBlff9mawyoufnvZjF7REZhpp3MtQQ:/DViSpzfDVff+ZhHMuQ
                                                    MD5:9244A600A36F650764A9512791792EC8
                                                    SHA1:C1ABF9B89AF7392824F2228312785A899DF224A0
                                                    SHA-256:826D7D78FC6FB07D0546261D93F82E109225AB81BA612B7EEEFEC942DA66F7E9
                                                    SHA-512:E1679FF6081ACEB386D0D719F9FFA89251F2438882308DFFC646E6C531558057BCEDF9946CE85EEB2F2F0B069BA4C03669F861EEE503F72BDE3B88D204CFEE54
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/loading-small.png
                                                    Preview:.PNG........IHDR..............,.....acTL........L.-.....fcTL.....................d....3.G....,IDATx.RM..a......D.-I..:x.6..bKK.D...mK.....A..=...N.7..!..@0.....(......3A..w@..z^...K{..}.y...}.q0.[.G.....{.w....8..e..26.ag'6(..kH.j....S.u...Ok....L..s.....tt:...?..r..~.4.._Qq.P...s.,/>.tFEy0..f..A.m*.Z@x....].|~=...ej...Ml.L&2...1.....K|.".A.S.V..XU.@4.}@.<..r.|..v.B..0.^..J2.\s8.7...:......;.^.9m....*...;B..A.&6.....T*...~e.]0.j..t...>B..;9......>..Z....@......+^..#6zB...`..a#.RIN$....4.d........Zc$.y(..*..v..Z.6G.D........I.V....u.3..66..p......'.b.|.\..0.\.e.5.(.}.G.k...b~4..r.K....x..I.X.J{{.....&O....1+~.O...@.P....fcTL.....................d..........+fdAT....x.RAh.A.].EXP....%.A..VD....*.Hl.=X..f%xj.$..P.`..rH.RP...=..CA6.[.!d.b.6.nh.Iv..q..c..?...g...1.<............[ ..w>......8.V.o..z.&.k.m.a=......N....z...W..v{.Tj4......._.V.....h.3....(....3<.0....W...l......t:}..qB........T*..n.P.....L&.=..[...f....( .....7(.,%.H.Q...........
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.695080227437036
                                                    Encrypted:false
                                                    SSDEEP:6144:+dNiBGr6aHqgRJZbD5GKXwC3mwNtjyLBoNUZtWsxyke0kpTKiyRjjIMRFZ0pCoHo:hCrDGJQ6DTynKhRnIGf6Co042lo3e
                                                    MD5:44D32E8E7563DBDD23B84D9365402885
                                                    SHA1:BBABDFE6466F09800B81A9949F5FE170C7AAB064
                                                    SHA-256:FCFA9B72B4EB38AD457C9A4E0124528C6C9A4782B1A08E3F5A93F855BE23AA5C
                                                    SHA-512:7A9EBEED631DC9E893C96A370B67DB9AD9A0F3EC21E1B264D1B4CE0654651715E97095BFB33273D6EE258360D8883BAA0C43009EAFD9C14142E901AB977F5C5F
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/Sc6c58b9fbf0640cb916e465d5aa832dc-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.....................~...{...z...w...u...v...t...t...s...r...r...p...o...o...n...n...n...o...o...o...p...p...q...q...p...p...q...s...s...p...o...o...o...o...o...o...r...t...w...{...z...y...w...v...u...u...t...t...v...x...|...........................................................................................................~...{...{...y...w...u...v...w...y...z...y...x...x...x...x...z...{...........................................|...z...{...~...~...|...z...}...........................~...........................................................................................................z...w...v...v...u...w...x...z...}.......................................................................y...v...v...u...t...t...t...t...t...t...t...t...s...r...r...r...q...q...q...q...q...q...q...q...p...p...p...p...p...p...o...o...o...p...o...o...o...q...v...y...|...................|..................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 800x530, components 3
                                                    Category:dropped
                                                    Size (bytes):745645
                                                    Entropy (8bit):7.938635655036364
                                                    Encrypted:false
                                                    SSDEEP:12288:PbjnWqhIhGP2b1GMK/b9Lj3x6ttMALx9kD1nA/IdJxF3AiRx6veHgT16WxhQSa3k:PbS0Ibb1q5j3x6tPL4DRxhFlsWHgZ6Eh
                                                    MD5:789863D9A3A6D43A2A6CE3FD01CD0CE5
                                                    SHA1:431FCF1FFB263189E3B5F3E88ABBC15476D619CE
                                                    SHA-256:DFDD57A0EE53FD374BA9FADDCFA8B9D9396F68A0121DE3E25C16ED7860F76159
                                                    SHA-512:9A303C6506035B6E82582C6AA5FA6A6FB61E8B949C2F1A776C465F2A282E773E403E0BAE0300B997329C2A459D084F075F6ED7741000C48436C52F81476CC943
                                                    Malicious:false
                                                    Preview:......JFIF.....,.,......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 4.4.0-Exiv2"> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:Iptc4xmpCore="http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" Iptc4xmpCore:CountryCode="CHN" photoshop:CaptionWriter=".." photoshop:Category="18" photoshop:City=".." photoshop:Country="CHINA" photoshop:DateCreated="2024-03-05T09:00:38+08:00" photoshop:Headline="..................." photoshop:Source="..." photoshop:Urgency="5"> <dc:creator> <rdf:Seq> <rdf:li>...</rdf:li> </rdf:Seq> </dc:creator> <dc:description> <rdf:Alt> <rdf:li xml:lang="x-default">.........2024.3.5.&#xA; 3.5.....................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (329)
                                                    Category:downloaded
                                                    Size (bytes):27114
                                                    Entropy (8bit):5.378134511171573
                                                    Encrypted:false
                                                    SSDEEP:192:Al8+Ug4gw8ZORmmOZw0YZz4FP9bpEe/7ZHtleMPCYI31x1FV:Al8OZORmmOy0Yh4FtpfDAMhIFLn
                                                    MD5:F9E3CCC153DCC0DB93ABF2439AE8B9DC
                                                    SHA1:BC253EBF02667BED68E5F96B2E9D9D63805104C9
                                                    SHA-256:4615D6EF9E50A2CBB952690DDEC29DAC974AEA92520CD4E8FB2CE2AF75CFBFF1
                                                    SHA-512:E7F4C64C845A88566A560531041A4C686A68A16DB6C8D34D27D28078FB63059634544D8291697DBFC680E138B1B30953281BD120C9631797B402F326C48006DE
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/script/202311/142d65bfb7d7474ca4c980a8ec43010c.js
                                                    Preview:document.writeln("<script src=\'/cms_files/filemanager/1182833234/script/202311/baf041e290d440e8a7356c161a714b5e.js\'></script>");.document.writeln(" <style>");.document.writeln("a:hover {color:#005bac;}");.document.writeln(".column_xxlb ul li a:hover {color:#005bac;}");.document.writeln("/* articel */ #h-ckplayer-contain0,#h-ckplayer-contain1,#h-ckplayer-contain2{width:100% !important;height:auto !important;}");.document.writeln("/* .... */.friendLink {height:67px;line-height:67px;background:#f6f6f8;overflow:hidden;}");.document.writeln(".friendLink .friendLeft {font-family:\'Microsoft YaHei Bold\';font-weight:700;font-size:18px;height:67px;line-height:67px;text-align:left;color:#333;/* margin-right:20px;*/}");.document.writeln("/* .... */.footer {background:#014fa4;overflow:hidden;width:100%;}");.document.writeln(".footer .footer_left {margin-top:17px;width:348px;border-right:1px solid #fff;border-color:rgba(255,255,255,0.3);float:left;overflow:hidden;margin-bottom:
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):88
                                                    Entropy (8bit):5.1191096083864585
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPl9vtJK6Pt6shZFaRkpJsrN+3hlH1p:6v/lhPO6Phr3hlVp
                                                    MD5:E1256CCD98A1865848FB957009E6F7A9
                                                    SHA1:63A719D5E6A708A22014F20ABC0722CD54FFB0F6
                                                    SHA-256:BEA530F1AC565FE3B95BE3D4599508B9947FA6EF50114BC33216802342FF5187
                                                    SHA-512:76E02A0294473D7C62BF5E8D8373B40DBFDEC859BA1ADA0C36BEA2F7891C9866A61DB519D5E45D4736F95D2EB9885596CFC38AA62688660DB1069374C38763D8
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDATx.c.Q..;,....../aB....X.0..[.3.v.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, ASCII text, with very long lines (65536), with no line terminators
                                                    Category:dropped
                                                    Size (bytes):93578
                                                    Entropy (8bit):5.291896334227797
                                                    Encrypted:false
                                                    SSDEEP:1536:O6IzxET/avYSGaW4snuHEk/yosnSFngC/VEEG0vd0KO4emAp2LSEMBoviR+I1z5T:M+9Iklosn/BLXjxzMhsSQ
                                                    MD5:BCB3E127244F7839A12645B423179A1A
                                                    SHA1:43FCC8636660DC8FB9828F19505AF4F80553DD2B
                                                    SHA-256:6F0A83FD18DE44DD9A49C0344CA94C6EE7494F34DABFDC760534C2B089BB3185
                                                    SHA-512:62AA98E2FEDDF4D677A4F0E9C4CDA2A1EA592AE91FA3817F03DA34A2082158868B448A34EC45C79D9E2D8B1E8A224EDD2074CC5DBCA1B6512ACEEFC057282827
                                                    Malicious:false
                                                    Preview:(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t||0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t,r)}return v.grep(e,function(e,r){return v.inArray(e,t
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):646045
                                                    Entropy (8bit):6.597238707598844
                                                    Encrypted:false
                                                    SSDEEP:6144:EpDRWAJw1HYUUUUUUgUUUZcuO5JDvEPJjtiiiiiP6a44Xt:EpDRRLUUUUUUgUUUS5jz
                                                    MD5:44F382A441208B93FC2357C49F7A506B
                                                    SHA1:5B7E31D44E261F2F76B110B341EB88E447F9821B
                                                    SHA-256:0AE3241452261BD4893F1C0B5CD0A39E1C786D88C4966B16656A546BC62DFA65
                                                    SHA-512:5A7EBC4D3D10B25D32ABF9331456B90BAA75A1CCA2991BB083CD2AD3A390227BD53CA1A4F8CE4EF8F192D9CB20E7049F296625EA276ACA146078461EA06D6458
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S4caba52d6c9d453b8026dcd972441727-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..2r..1q..1q..1q..1q..1q..1q..1q..1q..1q..1q..1q..1q..1q..1p..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..0n..0n..0n..0n..0n..0n..0n..0n..0n..0n..0n..0n..0n../m../m../m..0n..0n..1o..1o..0n..0n..0n..0n..0n..0n..0n..0n..0n..0n..0n..0n..0n..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1o..1n..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..1m..2m..3m..3m..3m..3m..3m..3m..3m..3m..3m..3m..3m..3m..2n..2o..2o..2o..2o..2o..2o..3p..3p..3p..3p..3p..3p..3p..4p..4p..4p..4p..4p..4p..4p..4p..4p..4p..4p..3q..3r..3r..3r..3r..3r..3r
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.4086820731466325
                                                    Encrypted:false
                                                    SSDEEP:12288:bBcdYccTJ4yR3m3FyONcD97yuDDeZBSjpKEzFHjac:biuc6m3FFcDRAKpKUFHjn
                                                    MD5:7506F2C45F9C03C1F8F26E87D47E402C
                                                    SHA1:0ECF6FFB7F55180979C8856B826E2933970FC3E3
                                                    SHA-256:684EDC6942C86090950E1B5CA92D5601B7532958E835265325CE083747137330
                                                    SHA-512:606B42952BC199873A0CC058B25275C8F75C2308F5B8EBBDBE17DAFB1BBD35E6E34B1F17C837880D5E43ADA6CCF168DBF69B08937F82AE38E5B300C252A89C74
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/Sc8fafd2fece4400cadafee78445daa38-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|..W+..X,..X,..Y-..Y...Y...X,..Y...X/..U-..U+..T,..T+..U-..W0..X0..W/..Y0..Z1..[2..\3..[1..Y/..X2..X2..V1..X4..Y4..X2..X1..X2..X3..W3..T2..R0..R/..T1..S1..R0..R/..P/..Y7..uQ..yW..sT..nQ..eN.yMF.a>?.X;=.L23.eF@.X:8.E,..bA:..]K..`L..]J..bO..]K..\M..[M..^V..qq..vu..xv..xu..xt..ws..ws..xt..xu..xv..xv..xw..xv..xw..yx..xx..xy..ww..wv..wu..wt..wu..wt..xu..wt..wt..xu..yw..xv..yw..yw..yw..yx..zy..zz..{{..{{..{{..||..||..}}..}}..{|..{|..{|..|}..|~..{}..{~..|...|...}...|...|~..|...vv..dZ..aV..aV.._T..VL..^Q..dT..bV.mMN.H5>.`BE.uVQ.I=K.M=F.[>E.oMR.._Y..m\..mY..lY..oZ..jS..V9..R5..S6..V9..Y;..Z<..Y;..V:..T5..S5..V7..V8..T4..T7..X:..Y<..X:..V7..T6..W9..Z:..]<.._>..a@..b@..\:..^<..dB..gD..dA..c@..a?..a@..W;.o@1..T;..W=..Z@..\B.._C..aE..aD..]@..[?..[?..]A..\@..Y<..X;..Z=..[>..]?..`B..`B..^@.._A..bC..bC..aA..^?.._A..`@..]A..\A..`D..`C.._@..cC..eE..dD..c@..dB..hD..lH..\>..N4.._<..b?..dB..eC..eC..hF..gB..jD..jE..hD..fD..`?..^<..]9..`=..c>..f?..hA..iB..hA..hC
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):2037
                                                    Entropy (8bit):4.70035091408328
                                                    Encrypted:false
                                                    SSDEEP:48:cPDwo2gXwweZP1+u/Q4Vi49avdHcmBj/wNvsqUR:QwuBcN+u/NZwvjLwNEqUR
                                                    MD5:05D1463CA88C94EB73D7EA96A84E90D0
                                                    SHA1:D529398E71A40E04FD98DCBA156D4C569BDAAE4B
                                                    SHA-256:E97E4BFF9101BBBA4A49A10851BEC874C180A777125ACB7FB80953DBFBAA7429
                                                    SHA-512:11ED41C20BF78D46D523296EE284E3B660140ED2E744AE5BB29B3EB5F7CAD69479187670421C6BD1E06AAAAD88D183FFB41165B5AFF81002134B50E1657EA0C8
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="48px" height="48px" viewBox="0 0 48 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>about_sgs</title>. <g id="..-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="about_sgs" fill-rule="nonzero">. <path d="M24,0.5 C11,0.5 0.5,11 0.5,24 C0.5,37 11,47.5 24,47.5 C37,47.5 47.5,37 47.5,24 C47.5,11 37,0.5 24,0.5 Z M38.8,22.2 C38.6,22.5 38.3,22.7 38,22.7 C37.8,22.7 37.6,22.6 37.5,22.5 L35,20.9 L35,33.5 C35,34.9 33.9,36 32.5,36 L28,36 L20,36 L15.5,36 C14.1,36 13,34.9 13,33.5 L13,20.9 L10.6,22.5 C10.4,22.6 10.2,22.7 10.1,22.7 C9.8,22.7 9.4,22.5 9.3,22.2 C9,21.7 9.1,21.1 9.6,20.8 L23.3,12.2 C23.8,11.9 24.4,11.9 24.9,12.2 L38.6,20.8 C39,21.1 39.1,21.7 38.8,22.2 Z" id=".." fill="#0266B3"></path>. <path d="M23.2,14.4 L15,19.7 L15,33.5 C15,33.8 15.2,34 15.5,34 L20,34 L20,26.5 C20,25.1 21.1,24 22.5,24 L25.5,24 C26.9,24 28,25.1 2
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):1818
                                                    Entropy (8bit):5.029287530745692
                                                    Encrypted:false
                                                    SSDEEP:48:c4AlfEtwh+nKbtk+nWnhPD9NZJGGQyOq0e:slfYu+Kbtk3ndD9NZJzoe
                                                    MD5:1F69BA6D232A69AA989175D5680C7F0D
                                                    SHA1:7654036D71AE7576A101B403D3A7538F2026C14D
                                                    SHA-256:32998458DC12B6FF63D17DFD4B03E5E43E3CB5D64C2F53D72484C0AAB43A6EEB
                                                    SHA-512:58A7379A9BFBD2D46C85333B5DFC37EC4C41B8FA0B7D596F28348646213F20EE83C658286C65C3E0B42DE6C2A118C4A26D108AD83D80E8FBD92D905384D2EE66
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 21.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id=".._1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 48 48" style="enable-background:new 0 0 48 48;" xml:space="preserve">..<style type="text/css">....st0{fill:#FFBC47;}....st1{fill:#FFFFFF;}..</style>..<g>...<path class="st0" d="M24,12.4c-6.9,0-12.5,4.7-12.5,10.6c0,3.1,1.6,6.1,4.5,8.1l0.5,0.3l-0.3,3.8l3.5-2.3l0.4,0.1....c1.3,0.4,2.6,0.5,4,0.5c6.9,0,12.5-4.7,12.5-10.6S30.9,12.4,24,12.4z M17.4,24.6c-0.9,0-1.6-0.7-1.6-1.6c0-0.9,0.7-1.6,1.6-1.6....s1.6,0.7,1.6,1.6C19.1,23.9,18.3,24.6,17.4,24.6z M24,24.6c-0.9,0-1.6-0.7-1.6-1.6c0-0.9,0.7-1.6,1.6-1.6s1.6,0.7,1.6,1.6....C25.6,23.9,24.9,24.6,24,24.6z M30.6,24.6c-0.9,0-1.6-0.7-1.6-1.6c0-0.9,0.7-1.6,1.6-1.6s1.6,0.7,1.6,1.6....C32.2,23.9,31.5,24.6,30.6,24.6z"/>...<path class="st0" d="M24,0.5C11,0.5,0.5,11,0.5,24S11,47.5,24,4
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x642, components 3
                                                    Category:dropped
                                                    Size (bytes):109278
                                                    Entropy (8bit):7.98013670890316
                                                    Encrypted:false
                                                    SSDEEP:1536:QHlSEozBqq3Zq7XV+OrxNZ04xE6NNKE+rintCm5On3jSee6bCuLwa07XquDhKQfj:QpSWXVFVTt3kitNgjSelCXauDUFA
                                                    MD5:65C6C60B9A61F1D8EF686AC6A9AE676F
                                                    SHA1:CDF565E4B3B03493082718127491712057AE080A
                                                    SHA-256:DF5262E249EF058B9BB9D24C625C933771E09444D1F61B9FBC3ADD0CF2CEAFF0
                                                    SHA-512:67B75AF5986E70AADE7FC0FD69BD8EBAD237C5CCF0D6C3DE5D76E4E7CCC42BA73624E855153D15E8BA05251BBE5DC9409E183DFE01A2978315FD5DA26E3A716B
                                                    Malicious:false
                                                    Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........8.."........................................[..........................!1.AQaq.."#2345rs....$%6Bbt.....Rc..&CS....DETUd.......7.'F.u........................................................!1.AQ.."2.R.Ba#..3q.$............?...5..T.f.UUT.o..2...ek.#.\...zP.6.e....kk4...s.}.e._..#^5q)`9..r.R....N.........ww.zA...4.=.u...=.p.5.....j....&.`w..K..8..~.k..$..Q...r..a.6.....O.g.G.d.1Kct..CFN;..S...s....C.{..^.....#.....N...Z.y.V...].........9AO.D...D.l...$].e...1........?%.+.{..W.E+dv....w|x.\.TZ#q.0..?.....C..cz..R..k#...)...l".."}.=rcpbf.....Tv..3..PL...G.f...FS...]N?.o.K..-...y...hrK.F..v..?.D.2...3...... ...H~.\.id=.>...9.9;5S.)....f..dFp,.!..7......Y...29.5.~.L...2...tf..[..Jv.cN.Ju....<..U......:............g_.....J.h...d..V.&.@..7s.8.Sd..K....cp.....RU.D.......9.....:S..._T..7..uc.\....h
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):261
                                                    Entropy (8bit):4.331344834114585
                                                    Encrypted:false
                                                    SSDEEP:6:wLGY3cUX0y4NXhk4EaqURMGf4/tFmAA/BN0nQ3q5n:wXsUEBg9xGf4FFAZqZ
                                                    MD5:413C1C7E3E8F469FF738BF1DABB6B7F3
                                                    SHA1:F91897DEE4D781D7BDFB10A52C47FBBE5DBF7916
                                                    SHA-256:64E3C83129048B6136A6A2EA342AC081690B01362D0D2E44BD7E4C7D82DC8DA3
                                                    SHA-512:33B984129F1008ED9C483365405E1EA9E707E662E40E879E6D6C5659A2318A00388B7D3810976B61F0E2C4AB399FC07BFB36D5803F26486E09EE59A42E0C7513
                                                    Malicious:false
                                                    URL:https://www.ccic.com/plugins/libs/articlePagination/articlePaginationLoad.js
                                                    Preview:$(function () {. try {. if ($('.article-pagenation')) {. if($('.article-pagenation').html().indexOf('_page_break_tag_')) {. require(['articlePagenation'], function (e) {. e.handler(). }). }. }. } catch (error) {.. }.}).
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, ASCII text, with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):544
                                                    Entropy (8bit):5.189991607093636
                                                    Encrypted:false
                                                    SSDEEP:12:hPJXrYIHTooo6uYLACUrY4MexGcW6PWjpLZ/LrLPJ5WuN0OMJMGv:hPJXsiModuYDUrY4VoDZrVkQ0OMuw
                                                    MD5:5CC6D4D82BCE7663D505A18D25890203
                                                    SHA1:198CD998861D70D1B6C117EB78CCB08F0041442B
                                                    SHA-256:9FD2B7A81DCF235F711E84E59C7C894EDDF3E191A29EFE145CDE33888B259B4C
                                                    SHA-512:020811634C1018BC26DC730F69694789D6E77679693DA5F5ABFD07159E2725DE7AA4D9FF9B740CF249DFB4A3C90FF3E458F0F816155FAECE0FEB6D0A48858ECC
                                                    Malicious:false
                                                    URL:https://weixin.qq.com/r/wz_MlHnERSQ6rT3392rR
                                                    Preview:<!DOCTYPE html>..<html>...<head>....<meta http-equiv="content-type" content="text/html;charset=gb2312"/>.......</head>...<body>........<script>................... if(navigator.language == "zh-CN" || navigator.userLanguage == "zh-CN"){.. window.location="http://weixin.qq.com/cgi-bin/readtemplate?check=false&t=weixin_getdownurl_sms&s=download&from=100&stype=10037102";.. }else{.. window.location = "http://wechat.com/cgi-bin/readtemplate?t=market_redirect";.. }.......</script>......</body>....</html>....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (65152)
                                                    Category:downloaded
                                                    Size (bytes):281689
                                                    Entropy (8bit):5.38067767072227
                                                    Encrypted:false
                                                    SSDEEP:6144:M+lP9ufSF0Mz036TfMf56QdQzsG7YLN3mkLuES:T8wMAQdQzsGvkL2
                                                    MD5:DBD110E4C35CC863BEC923F9975314EF
                                                    SHA1:2A4687ACF4A59CF44F0091493815F22257C00B54
                                                    SHA-256:B7D54C02E1404DC0F7352C1B9A6D63AD571D392B650E73D2E332F519958798DE
                                                    SHA-512:5A18CAB00670B77256EFFBC94B815DB1A63B9281782593BA09F1197B6E36D9C46B53C08511263E0A9C42BD66F8A7C2072743D2A557147F565E8A1237A3BEF25A
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/default/script/layui/layui.all.js
                                                    Preview:/** layui-v2.5.4 MIT License By */. ;!function(e){"use strict";var t=document,o={modules:{},status:{},timeout:10,event:{}},n=function(){this.v="2.5.4"},r=function(){var e=t.currentScript?t.currentScript.src:function(){for(var e,o=t.scripts,n=o.length-1,r=n;r>0;r--)if("interactive"===o[r].readyState){e=o[r].src;break}return e||o[n].src}();return e.substring(0,e.lastIndexOf("/")+1)}(),i=function(t){e.console&&console.error&&console.error("Layui hint: "+t)},a="undefined"!=typeof opera&&"[object Opera]"===opera.toString(),u={layer:"modules/layer",laydate:"modules/laydate",laypage:"modules/laypage",laytpl:"modules/laytpl",layim:"modules/layim",layedit:"modules/layedit",form:"modules/form",upload:"modules/upload",transfer:"modules/transfer",tree:"modules/tree",table:"modules/table",element:"modules/element",rate:"modules/rate",colorpicker:"modules/colorpicker",slider:"modules/slider",carousel:"modules/carousel",flow:"modules/flow",util:"modules/util",code:"modules/code",jquery:"modules/jque
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1200 x 182, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):308642
                                                    Entropy (8bit):7.988099450876988
                                                    Encrypted:false
                                                    SSDEEP:6144:SP+n348iPo0aGl+bbDox+9k7CSqkFrMJfpHrd1C3HjetBLWkNz:SP+3Rij/+joxvCSr2JfpHrd0oLfZ
                                                    MD5:6C877D961DFACB437A4FDA10C54730B7
                                                    SHA1:5E842D07FBBE99B7CF114C50FA2EDD468C4003F8
                                                    SHA-256:9A93ABF19CD51303CCDA553D616FF9614A3D2C2D44B3CE90981FC9792BAB791A
                                                    SHA-512:EF78A500AF51A6409A77E7675ED1C645404D7FE62BBF89B6DD2FD8BA372D59639CA8B93FF46DBD5BE8549217285895A6995A6B44FD4AF379A4E72999D0129C23
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............7t.....sBIT....|.d... .IDATx^..n.u...7.. ...Q.H.@.(Kt..#.\N..~._..G..8...Id..eIU.c.... )..I......1k.^=....I..8..o..V..W....[.'.6.X..........7pt......[..M`.c.no.f.......o....F...........}Fx...{....^.I.)....K.>.X...M......*..}JK.#}J...it}mp.....q.D.z.Kw...H..e.p..@...A...(?..-.e.:~W..'.Ce.-..U..6+..t&....R.P.W...L.....?.$-]~....._.M...U.v....J+..t.uD..p.....(..C........r..$|..6...{J3.s....!.Yl........i\Z_d.......V.2T?...i.Y..?....6..>Q.:.v....J..ez...~./..^y.B'..5~.;..II.......[/...m6.\.^.x,\^....~T..C..kcG...'.....E....xK.&F.'..c.zm..x...k.......O..P.Up;.=......b..[l...5..l.....k.<.V.y -].Ev........Z..;.cchuv...ee..Z..^Z=.i..NR .E..;.U...FU.t.U...*...s...z~0Q.5:.{6Z..'s...z.e.WW-..U....<...1K...=.\.~..^.M-.\i37.L.....#_&.#..r.T.[.m..4.Z..E..I..h.\Q.r......./r.e..p%.1.....ks~7...!.j......T.zB.Z...^.....|s]..2...U.k..B..cq...=}..h.K?.OE_..1\h.Vy.0._.n....a...s.....V.kIs...Z..0....V._....+j.w.;@\....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (11013), with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):11422
                                                    Entropy (8bit):5.64307632029077
                                                    Encrypted:false
                                                    SSDEEP:192:j+K3b+EH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2k:jNytnqflKFgEWulE8REcS3j/CkR1Xh3
                                                    MD5:CD674D9E02F20426D9ACF1D11C85539B
                                                    SHA1:74AB51A432E33698A7A627F05BAF749472B72CC3
                                                    SHA-256:496BDF2635C9F9494F51D0BA63C8A43E5B6DFB7C88B4426E6A56F577D945E3E9
                                                    SHA-512:C43C020DFB8B13C2560FD741F0FB110921657E4981C98256D5816E30470F29AD7CC43D86BB3D382CF394D0E9C842448972B30C88CD6B70FD0E45C3C954DF1914
                                                    Malicious:false
                                                    Preview:/*!.. * SuperSlide v2.1.1 .. * ................. * .........http://www.SuperSlide2.com/.. *.. * Copyright 2011-2013, ...... *.. * .............. * ........................ * v2.1.1........SuperSlide....returnDefault:true ...defaultIndex........ */....!function(a){a.fn.slide=function(b){return a.fn.slide.defaults={type:"slide",effect:"fade",autoPlay:!1,delayTime:500,interTime:2500,triggerTime:150,defaultIndex:0,titCell:".hd li",mainCell:".bd",targetCell:null,trigger:"mouseover",scroll:1,vis:1,titOnClassName:"on",autoPage:!1,prevCell:".prev",nextCell:".next",pageStateCell:".pageState",opp:!1,pnLoop:!0,easing:"swing",startFun:null,endFun:null,switchLoad:null,playStateCell:".playState",mouseOverStop:!0,defaultPlay:!0,returnDefault:!1},this.each(function(){var c=a.extend({},a.fn.slide.defaults,b),d=a(this),e=c.effect,f=a(c.prevCell,d),
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (13425)
                                                    Category:downloaded
                                                    Size (bytes):13677
                                                    Entropy (8bit):5.279145225606813
                                                    Encrypted:false
                                                    SSDEEP:384:tXUbeQS7Rgx9BU0m/XCcif65W/1mXA82FHpx:tEb67gbhm/XDif65W/1mXA82Fn
                                                    MD5:24F21657C5465ED6E144FB4401350E07
                                                    SHA1:1A7B8F26E33FEABC257ECC8E954CC3F0E1F7AC60
                                                    SHA-256:906BA97C9E3365BE3F9B418F3D56349E0EC5C128D99B5134C0C586D5A4586F09
                                                    SHA-512:B824260286B1E9A253C42D375651F4B8212D13488B8BCDD35B5421E957B3119E58D7BAD3AC813EF22AF3E07E1E84CEC56DF6E6F2B6F7D0E931564BB0857C6B46
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/swiper.min.css
                                                    Preview:/**. * Swiper 5.4.5. * Most modern mobile touch slider and framework with hardware accelerated transitions. * http://swiperjs.com. *. * Copyright 2014-2020 Vladimir Kharlampidi. *. * Released under the MIT License. *. * Released on: June 16, 2020. */..@font-face{font-family:swiper-icons;src:url("data:application/font-woff;charset=utf-8;base64, d09GRgABAAAAAAZgABAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAAGRAAAABoAAAAci6qHkUdERUYAAAWgAAAAIwAAACQAYABXR1BPUwAABhQAAAAuAAAANuAY7+xHU1VCAAAFxAAAAFAAAABm2fPczU9TLzIAAAHcAAAASgAAAGBP9V5RY21hcAAAAkQAAACIAAABYt6F0cBjdnQgAAACzAAAAAQAAAAEABEBRGdhc3AAAAWYAAAACAAAAAj//wADZ2x5ZgAAAywAAADMAAAD2MHtryVoZWFkAAABbAAAADAAAAA2E2+eoWhoZWEAAAGcAAAAHwAAACQC9gDzaG10eAAAAigAAAAZAAAArgJkABFsb2NhAAAC0AAAAFoAAABaFQAUGG1heHAAAAG8AAAAHwAAACAAcABAbmFtZQAAA/gAAAE5AAACXvFdBwlwb3N0AAAFNAAAAGIAAACE5s74hXjaY2BkYGAAYpf5Hu/j+W2+MnAzMYDAzaX6QjD6/4//Bxj5GA8AuRwMYGkAPywL13jaY2BkYGA88P8Agx4j+/8fQDYfA1AEBWgDAIB2BOoAeNpjYGRgYNBh4GdgYgABEMnIABJzYNADCQAACWgAsQB42mNgYfzCOIGBlYGB0Y
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.657446940944062
                                                    Encrypted:false
                                                    SSDEEP:12288:nkZ82a3ONZlZFs9j7dZ1siZDpGDAvoUVQD7tszy/fWShstHY:kZ82a34lXwRZRDpGMLWDay/flhstHY
                                                    MD5:025AE0C9967E66C3673DB4A135DCBB44
                                                    SHA1:3A840817D964B88B9BAFF08DD35FCC34E4BABB15
                                                    SHA-256:F7BC715D856D6F72DEDE05A5E06C2EAD83D5C180F4A78CA575037D1F22C6FB1B
                                                    SHA-512:3B300B6721AD0B3A267FF6461BE9051072E46249247A69F08FD9AE4704413C310A0CD771B5210ABAFB9A9BE5894D188BE80E848BABDAE320459B4581527BBE0C
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/Sfbab3755081c4e409743ae0f5e650d4d-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.FSX.ESY.DTX.CUW.CVX.FSY.DRV.DQT.BNP.>KM.<HH.7CD.3>>..99.)43.$.-. ''..!"....... ..."............... .. ".(().122.344.223.,-..../.668.9<<.9<;.79;.89;.99:.899.888.8:9.89:.9:;.9;;.8<=.;<>.;;=.:<;.:;;.9<:.9;;.:;<.89:.9::.99:.:::.9:9.598.698.8:8.9;9.9::.9:<.9:;.:;;.:;<.<;=.<;<.<<<.<<<.<<<.<==.=>>.==>.>>@.??@.@@@.@A@.?@B.?A@.?@?.>>@.>??.>>>.>?>.=>>.@AA.ACC.BCE.CDE.DFE.DEG.DDE.EFF.DEE.DDF.EGG.FFH.HFJ.GGI.GHI.HHJ.HHJ.HHJ.HHI.IIJ.IIJ.IIK.HIJ.HIK.IJJ.HJK.JJL.JJL.IJL.JKK.ILL.ILM.JKM.KLN.LMO.KLN.LMO.NMP.LMO.MNP.MNP.KLN.IIK.DEG.???.777.322./--.*(%.#$... ....... ...!..!! . ... ... ..!!..""!.##".$$".##..""..#$..%&".'(&.))'.)*&.,,%../*.23..875.888.988.772.44/.34/.442.644.876.997.::8.==:.AA?.IGH.HJJ.IJI.JLK.ILK.LMN.NPR.QRS.QRS.PST.QRT.PQS.RRT.SSU.STV.TUW.STV.SVX.TUW.TVX.TUW.TVX.UVX.VVX.VVX.VWY.VWY.WVZ.XW[.VW[.WW\.WX[.WX[.WXZ.WXZ.YY].YX^.XY].WZ].YZ\.YY\.YZ].ZZ].YZ].WZ\.VW[.UTX.QRV.PSU.RWY.X[^.Y\^.Y]^.Y]].Y\^.[\^.Y[].X\].Z[^.\[`.\\_.[]^.Z]^.\]_.[\_.Z^a.[^a
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 864 x 566, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):512297
                                                    Entropy (8bit):7.992815958945406
                                                    Encrypted:true
                                                    SSDEEP:12288:869fhJMaS8IWh+zP2d6dreV9KqlK5Nvk0/WghEpW7:8S/MalB+T2dUre/KiYNpegypW7
                                                    MD5:D560D07C037AEB6BEC60DC07C0230551
                                                    SHA1:76DCB2CD54F80DBB5547442F5654AA3C2C521A7F
                                                    SHA-256:08D343815F262EBB07BE0220051DB93EF79E50EB247C8AA6C65F516EC3E10912
                                                    SHA-512:794E7EE2B6210E6AE3D4C57052C02E38BCA96B139C815D765F30978708A8FDA2D506E8DC7527607E4CA3274797FB51572D0940A81F96A45FD3379EBA0362C079
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...`...6.....62......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx......&.~WD...-.0"...$3.\.Y.e...9...k...y.9..b.c.TWOWuV1.L...<"<<"<"|w.t."r..,.@........^?.PU....,w.......'..`@.@, .@.K.`f.L....P....+......7.........,!..... ` ..........u.Y../....Y..d.....`h..1.d..`.6`hW......w.vG.cU.....W..w.7N.o.......g.6&<k..6u...+.o..U.@9....O[.-...s...=JV..._b.b..g...h.}Cd..........?T>....."".1.i.".sH)......n..)..}...cK...nz.B....jK.MC.x..-..I.t..j...=....].......G4.....].....@..r[..?..Y..._'I.(...p.g..5d..C(..xED....o.._...h...].N...W...D..2....S...?...?.....g#Hb.2`]B..4M..1/r..0.&..g..Y:7.F.....\E...........F....D.X.r.p..........(.s.....j..`.]....Nr0*6.4...`.N.7....q/....'[".."R..4.....0....'..lC.V.7b..$V. ..h...y.g..C..........v.}.M.M.}.Ll.~/....t......e.......Z..Z...".P..*...mi......*......O.u..l...P.}....b...%.u..?t..I./@.y-.......s.u.!.*.}..7..7{...dV...Fk;..U.C).H....%...}....g<..kTy..h.2.8.T*.b@...@).J..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):129
                                                    Entropy (8bit):4.4409356272066605
                                                    Encrypted:false
                                                    SSDEEP:3:wLGXatBekQKJKoucMmFFoUsZwEkkpWzAXNMv/F3Qp:wLGkcZ57mF6VZFAAA/Rg
                                                    MD5:116037773031FE0EAF2A70D836C8FE7F
                                                    SHA1:1B95F580E192529A22C8E83123AB11C07921C305
                                                    SHA-256:264FD3849E351FADBD060418AB6F84E0900DAFBC338B53C1C23424DA746F4689
                                                    SHA-512:132C01404882795C25505A4E5AE9309C0ABCF24D41F08C9C05F25A9B5850F3A5E5B2486CE33CC09E67B0B33C555D711D259380176413039C962CA864C0D2F649
                                                    Malicious:false
                                                    Preview:$(function () {. if ($('.edui-upload-video')) {. require(['video', 'ckplayer'], function(e) {. e.handler(). }). }.})
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):612
                                                    Entropy (8bit):7.514807303691837
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i6JzIvnkotN1c5rW5HgU2whGIQCITTZCG0w:bv/CKZoImQW
                                                    MD5:98FF5F2C896904C67C20A4F67B356AAF
                                                    SHA1:DEA1E1FB4FEBD0B4F1220CD425F0F7441A0D204B
                                                    SHA-256:D20061E2534BE1DD8E0C228EB57F858A7EDCC5CC90A84B9E1E738E645A9F2998
                                                    SHA-512:469CDC63DD33088F0F471DD984375223EC2F8182F851137FD5329833945DA54A1A81587F4F9B1F98503E79857592138215AAA5D926572561BB52AE28D498965E
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_17.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O..I.q....g..y............. ....%..1-Dv......E...I..d."d..>..ox.....s...sn......Z.....K..4.{..w./`..C...y8...R$~.0..1.....,.....-....5....=.X<k1....m.........u...|Q.O......'l..........|.4.c...v.......HL.....U.6.5...h<.....]"..AL.W..Wq.....8..`..;...`.56h.jT.Yj..m....d....A..K.IIl.....@dv...I...p...P...se.4...a.oVb0...b.~...;..\..xY`.....M.r.W.....gS.....$....d....."{jf.p....b,..F....n`z.1].V..b.......ea...0.v..\.R.(.Qry.+q...^.....,3.....l....#...E..,..n.N.v...+.R.X...p......iVeS..$)Y..T?../n...a.....3.A.......\......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (11013), with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):11422
                                                    Entropy (8bit):5.64307632029077
                                                    Encrypted:false
                                                    SSDEEP:192:j+K3b+EH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2k:jNytnqflKFgEWulE8REcS3j/CkR1Xh3
                                                    MD5:CD674D9E02F20426D9ACF1D11C85539B
                                                    SHA1:74AB51A432E33698A7A627F05BAF749472B72CC3
                                                    SHA-256:496BDF2635C9F9494F51D0BA63C8A43E5B6DFB7C88B4426E6A56F577D945E3E9
                                                    SHA-512:C43C020DFB8B13C2560FD741F0FB110921657E4981C98256D5816E30470F29AD7CC43D86BB3D382CF394D0E9C842448972B30C88CD6B70FD0E45C3C954DF1914
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/jquery.SuperSlide.2.1.1.js
                                                    Preview:/*!.. * SuperSlide v2.1.1 .. * ................. * .........http://www.SuperSlide2.com/.. *.. * Copyright 2011-2013, ...... *.. * .............. * ........................ * v2.1.1........SuperSlide....returnDefault:true ...defaultIndex........ */....!function(a){a.fn.slide=function(b){return a.fn.slide.defaults={type:"slide",effect:"fade",autoPlay:!1,delayTime:500,interTime:2500,triggerTime:150,defaultIndex:0,titCell:".hd li",mainCell:".bd",targetCell:null,trigger:"mouseover",scroll:1,vis:1,titOnClassName:"on",autoPage:!1,prevCell:".prev",nextCell:".next",pageStateCell:".pageState",opp:!1,pnLoop:!0,easing:"swing",startFun:null,endFun:null,switchLoad:null,playStateCell:".playState",mouseOverStop:!0,defaultPlay:!0,returnDefault:!1},this.each(function(){var c=a.extend({},a.fn.slide.defaults,b),d=a(this),e=c.effect,f=a(c.prevCell,d),
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                    Category:downloaded
                                                    Size (bytes):4286
                                                    Entropy (8bit):2.9685570244818322
                                                    Encrypted:false
                                                    SSDEEP:24:sumsdyt7O7ZP1OMcNafEn/c2BBsbEDy4EwxsyMp0ZAwXmAcGtX6bT5Ebpt2Nl:Jdh9HNEn/c2B5D1ZMp0ZAWpl6XaP2Nl
                                                    MD5:6C3C4E29A98A8233DC78C27390276D97
                                                    SHA1:C8767D8C1D3CA36500CB4418AECC5507704E7D37
                                                    SHA-256:B5E98601599254D37183F44AFD726A9E9BF7A4B0C89E17E4B9948CB3F4012937
                                                    SHA-512:6321808D1A1B9E952D14E5216B4272692115E08EFE5DD9744FDB6677552DCA555DB5F530FE6FC7B07F8E38B8CE3BAB14AD3CBE0EFB5B260AA56F7E40AA1033AD
                                                    Malicious:false
                                                    URL:https://www.ccic.com/favicon.ico
                                                    Preview:...... .... .........(... ...@..... .........#...#............................f...f...f...f...f...f...f.".f.b.f...f..f..f..f..f..f..f...f.g.f.&.f...f...f...f...f...f...............................f...f...f...f...f...f.-.f...f..f..f...f.j.f.K.f.=.f.=.f.I.f.f.f...f...f..f...f.2.f...f...f...f...f.......................f...f...f...f...f...f.z.f..f...f.R.f...f...f...f...f...f...f...f...f...f...f.J.f...f..f...f...f...f...f...f...............f...f...f...f...f.).f...f..f.V.f...f...f...f...f...f...f...f...f...f...f...f...f...f...f.I.f...f...f.1.f...f...f...f.......f...f...f...f...f.3.f..f...f.#.f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f..f.=.f...f...f...f...f...f...f...f.(.f..f...f...f...f...f...f...f...f...f...f...f...f. .f...f...f...f...f...f...f...f...f...f...f..f.0.f...f...f...f...f...f...f...f...f...f...f...f...f...f...f.'.f.f.f...f..f..f..f..f..f...f._.f. .f...f...f...f...f...f...f...f...f...f...f...f...f.s.f..f.%.f...f...f...f...f.+.f
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):710
                                                    Entropy (8bit):7.6420074235896776
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i/fiuL9Jth8QDKgJJcVbcMuFq8y27geAYBRHUgXQLdKz:3iaJEwKhVGxgMtDQRKz
                                                    MD5:6128EDD2B6502712D472821B1FBA7CF2
                                                    SHA1:8086BDA12E424C091E5763403CED5776811867F3
                                                    SHA-256:EB8AF7C7D18B68C1819DC6A2D60EE05C189AFF7F8167B5C0E1388CC0CCD0C819
                                                    SHA-512:7F3AAA7124FC1E2184D58210B07B8907C79B08462B1DA62BEF48C81AFD34658D97044983146F0DF9A26C6E806BF667394C3F37703B66918A4EC87B4A5E4DB3E5
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_23.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8Om.M..e....U3?."....P.....K?.q!..F...".s..HiQ".X.Wn.T".K..1.A...+r!.....M....../...y.y.9sf.0..g...^|...[.....1..5.Q..L.C......u..\.".h.'A...........a6...;..J...E"X...8V...+......O.....$...Wr.9.G./...`>....._..q..>...........6.."..._$Y..U.8.]8....MHG..x.7q.2..yG..D...r....;s@........4L.2.bgI6.%.;A?bY....T..,.^.?.|b..}..g.Z..=..Z..x...g%}..%^...e..J...+.D.t8.......K...(.o...^\.H..(.....@...nJ><[...KX.......s.."E...Op>..0.L9k._cSe..|.1.......#....=../.}..Ur.....0..##.U..W..P..J.dJ"x<..3..ds-.g.k/...T..w._..m&$vH...IIwc.$..<-...m..5....7`..f...."Y..,..!.YaY......)..vL...Z[.w..1.:...I.A...2r...........w]).....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):612
                                                    Entropy (8bit):7.514807303691837
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i6JzIvnkotN1c5rW5HgU2whGIQCITTZCG0w:bv/CKZoImQW
                                                    MD5:98FF5F2C896904C67C20A4F67B356AAF
                                                    SHA1:DEA1E1FB4FEBD0B4F1220CD425F0F7441A0D204B
                                                    SHA-256:D20061E2534BE1DD8E0C228EB57F858A7EDCC5CC90A84B9E1E738E645A9F2998
                                                    SHA-512:469CDC63DD33088F0F471DD984375223EC2F8182F851137FD5329833945DA54A1A81587F4F9B1F98503E79857592138215AAA5D926572561BB52AE28D498965E
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O..I.q....g..y............. ....%..1-Dv......E...I..d."d..>..ox.....s...sn......Z.....K..4.{..w./`..C...y8...R$~.0..1.....,.....-....5....=.X<k1....m.........u...|Q.O......'l..........|.4.c...v.......HL.....U.6.5...h<.....]"..AL.W..Wq.....8..`..;...`.56h.jT.Yj..m....d....A..K.IIl.....@dv...I...p...P...se.4...a.oVb0...b.~...;..\..xY`.....M.r.W.....gS.....$....d....."{jf.p....b,..F....n`z.1].V..b.......ea...0.v..\.R.(.Qry.+q...^.....,3.....l....#...E..,..n.N.v...+.R.X...p......iVeS..$)Y..T?../n...a.....3.A.......\......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.574628868589496
                                                    Encrypted:false
                                                    SSDEEP:12288:j0vmDvrV6+ruQPt5MKdmETqbuMzKZmwXzX5nRW1n6G4y20m4D77xz5w2J25jSTv2:jgmDjvlF5Vmo0qrXzX5nRW1n6G4y23ea
                                                    MD5:F4F3B80AC0C88A3A49E3454E926AFC69
                                                    SHA1:BFAA6A2323F41CB1F166B0C04B4AC5AFB1CB41BB
                                                    SHA-256:9407E6DE032CB6D99877050ACD3DCA261DC1BE8430A2A69D4C006598BAB5A91A
                                                    SHA-512:2670C6D320A86DB0AC5ACFDF67E7D97417168EE8E4D9124AC0F5FF6A1801DFD0EF057B571D1799AFFBBDB57A7D8E53521F59C37FF043986E9F3B17FC0EA8728A
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/Se8d5fefa8de34c5fbd2df6644d86e796-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):257
                                                    Entropy (8bit):6.840754841393751
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO63ZrnaDSVCAZhb1YCvLmS3BHE+iSxidViirN/T6TDx2up:6v/7P0DSvjb1YCjx3Bk+PxidrN/mx7
                                                    MD5:923CFB0F2A944B5A49F99A6901770F71
                                                    SHA1:77463C425966B8A298A2D87863533E68092676BC
                                                    SHA-256:F09068D019819FCA961F6F1FBE02A267A83186E8A503857291B75C9360C63433
                                                    SHA-512:3E42DACDFFE29F8C065C8C1C8E09D864BA31766495A47BA4F4FFDF586D79656B91423E1445BF617E6CE9DF9287B0F868E13E32533F8C51CE1C490513947AD1E1
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-print.png
                                                    Preview:.PNG........IHDR...............7.....IDATx...=J.@...9..*..lg...R.=.x.T......6E....A.D..."..V.?Oa....+...?.g~/..3..../i..#.v.sD.'.0......>.B~..9..gD....|.....M`.[;.e._...@-z..o...m.nY..e.Cy}n.y..c.4a.E....4.....5....+.....P+......3~cYE.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (31999)
                                                    Category:dropped
                                                    Size (bytes):96422
                                                    Entropy (8bit):5.239795670807498
                                                    Encrypted:false
                                                    SSDEEP:1536:eyOkN3TklR3ZIFDJ+Y7n2L5ydUTq0tSQfCBTs:LTX73uTqm
                                                    MD5:C7543F91EA6430AC559AB7FAE0726891
                                                    SHA1:F0C0FA8786C2F5F08CAFCC5937E5BEA586F9DEBC
                                                    SHA-256:DA482DF4A70E8B9DCA09B224AEEFEF14A400FBA52137461881DAF9988D1C683C
                                                    SHA-512:50A280F2854B614F223DF62F255EE4640849AC6DA0424B3DECB9DAD3AFAC575BC7A9B4976E50F63D1A5FCC82D1D22163FD4A547AE5DEA0F7DF57683A9D160F61
                                                    Malicious:false
                                                    Preview:/**. * Swiper 3.4.2. * Most modern mobile touch slider and framework with hardware accelerated transitions. * . * http://www.idangero.us/swiper/. * . * Copyright 2017, Vladimir Kharlampidi. * The iDangero.us. * http://www.idangero.us/. * . * Licensed under MIT. * . * Released on: March 10, 2017. */.!function(){"use strict";var e,a=function(s,i){function r(e){return Math.floor(e)}function n(){var e=T.params.autoplay,a=T.slides.eq(T.activeIndex);a.attr("data-swiper-autoplay")&&(e=a.attr("data-swiper-autoplay")||T.params.autoplay),T.autoplayTimeoutId=setTimeout(function(){T.params.loop?(T.fixLoop(),T._slideNext(),T.emit("onAutoplay",T)):T.isEnd?i.autoplayStopOnLast?T.stopAutoplay():(T._slideTo(0),T.emit("onAutoplay",T)):(T._slideNext(),T.emit("onAutoplay",T))},e)}function o(a,t){var s=e(a.target);if(!s.is(t))if("string"==typeof t)s=s.parents(t);else if(t.nodeType){var i;return s.parents().each(function(e,a){a===t&&(i=t)}),i?t:void 0}if(0!==s.length)return s[0]}function l(e,a){a=a||{};var
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1002
                                                    Entropy (8bit):7.656311306764841
                                                    Encrypted:false
                                                    SSDEEP:24:f67+KzlGG+NFvsVz8wKctNN15KhFL26RK:8kvsVzocXN14TLw
                                                    MD5:20701EEB80C79C240A2FA824D1EE5EE9
                                                    SHA1:FE46C6DBF551A0BB33A1F38B7F8871EF88E9BBD0
                                                    SHA-256:C0730ADB7F118188CAA3B19496A2662106B29025BC6349A7486B0365DFF8DB5F
                                                    SHA-512:8CA8D998D01D38DA16318DF642AB0BADF7824D1A02415F9E63DC60471DFB97574226D1FD30392063BB4968625EF9D04FE44FBBDB1A990EE425E8FE93F4308B66
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8Om.].Ue...w.9..j.. ..(.....3c*N.E7..#.CJaA".#QCt%..E .QY.%..t!..CP....8..QD.8....^...........[...J.<..$}.,......[........f....bY.^.4.......j.ZkB.Wt........5;;........4M..............!M.q3{..K.@Rbf.3.8.I..T3....$m..........B.U.e`...3......p\...._.[......,[.....Bx.XV,....z......W.a@..3{....L.F......W.}.X.....9.B.......1.........fv.0Z0......-jX.;.L.....Y........23[..+.[..%.z}..ht.,{A.C.............f..g.NT*.K...g..x...5..m.z..h4..pq.!...G..$I....8....n.4.j....!.{.w..}Ik.....i.......VJ.#iy......,.)i........n.._.$.....$}.w?.D&....'$.l.Z..,[&.h...k.Z...(..N...3....8.........@G...`f..}....j....=...D6...O!..q(.n.j._..mttt.......I..K.....n.-Z.`...3{..l.../.My...$..Z.v..J..eYvH....nw.Uz.<.o4....p...!ES...B.D?.i....4.$....MJ.P..[.....I.l.......>...^&..v..%.Y.......V.1q...|....{..p(..!l.,..%E.......y..]..r...%..b@..Y.....t.pyQ...13..l6.=......cccI..X.-5==.$I.|jj.......)....Y.......IEND.B
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 45 x 46, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):2205
                                                    Entropy (8bit):7.873781366142087
                                                    Encrypted:false
                                                    SSDEEP:48:aUfPYORCe8ue9SH1G2mmL6Mr20Mqbl2a/ED1XQEyZyghbTxjGI5dl:aUfPYOb8AHmmLXr2Bqx2a/ED1XQHvx1h
                                                    MD5:D8A2CD7F1BBD4ECF7087CE2522ED4A7D
                                                    SHA1:AC1C18293B6803867939B9FE9839D2E14EC0036B
                                                    SHA-256:E4A1D5BA290280365BB51B8E79E057CB4B0126F6524F5AE42946F1A6F013BB4D
                                                    SHA-512:10FC02702BC649EB93CAAA846A9ABF4307031F7F8E5713314D8EC3B07D277F499A74DD2606A00A61226A99762A79327DA30F9B4FF85B7B7C81A61B4BF4864D06
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/2585112888454c37ab982c04b34345f8.png
                                                    Preview:.PNG........IHDR...-............4....sRGB........WIDAThC.Ykl.W....Vk.E.....jRJ.z...5....<.........@.V.....xIP......$.B#!@...Y.I.F..&..A...rb..s.....3.....O.3s.w.{.w.=..........6u..Y;88...].2.>..W.c.ccc>..w.ig.Z.S.r........@..r.l..F.Q0...5...P........?.1.Z........pp..|......_.i.wXko......"9.]...>b..E....v~tt.[k..-.p..8q.%........k.p.....t...sy...c......wj.............. 86.ON.8.s.v..'....s....._..In..\.*.{499y.Z...$3.@W.E..r..u....C.b.......9.*...B.....h.u.d......J.....u.x.Z.....N....0.z.~.....d..L.....,..e.]D.f...T*.<.S.....z..Mk.r.3...Y|...DT..h...(....".)Q..%^Ih.....L....X,.Gv:..e..p.....d.....g.|...J..y..:uj....-....p#.V..TJ...%.h..xU.E...N..M.....wQ.}.T*.].f...-...w....J.....s.Z{Wb7.8.m".-..c..{...T..ND..`Y.........h2..:fm.8..X..0.(..e.....M.9sf;...{1hyX....>...t.`......[.n...m5..kLMMu....a.~..W.Pq.S.....H..1hf......I...}J..y....b.JS..T..5.w..K..J)uk^l/c:....xk.P.....`...f..i\.sq.Z....IG....t..s}.3+$...N@c._....X.<k.y.$.z.cG..N..0.J..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 10 x 19, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):395
                                                    Entropy (8bit):7.279914715402023
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7utP+biMUNtwba1J6xR6C7rHrf+Z+LKt7:7N9twba1JihTiZQs
                                                    MD5:BDA8211B6F45EE455999BB4D8446AF0F
                                                    SHA1:8338A754A6DDDA600F6A48D4B92EE647A9DF365E
                                                    SHA-256:A3516492F544AF7786480153492BCDE72063BAA522DEFAEE86AC2153197A6177
                                                    SHA-512:8FA3210793B297BAC11F6B950E9379B5209B9EBE05C53A59D5B6008E5CDB16ED01E0BECA369CBA2B62065A1D7C65E1236AADD89AB1F0E45673A17CD827076645
                                                    Malicious:false
                                                    Preview:.PNG........IHDR....................sRGB........EIDAT8Om..N.P.....^p.;..E4Dc0^ Dbt.....0...+.@.|%..U7$*.sN9PZ.l..f....=uMq&..%E..K.9..y.x..Qz.0....M|.c.........(..p.\g.|.x.......EJ.O..2...a9...]..6.L.....t.......e.C..(..j..IB.c~..A.......4[2..o4...l.y........AM..$b..,9Z..p.).Qi....9z(.3.h.....}..7..o..&C.'....].53L6....IM....!.]B......1.9M.;`.xKBw..^..?..s*..0....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (14368)
                                                    Category:downloaded
                                                    Size (bytes):14369
                                                    Entropy (8bit):5.052728531496616
                                                    Encrypted:false
                                                    SSDEEP:96:Ip+Ntha8qNEp+wRY1vUPXiK6nMLPD2OtLzXyPHL/LztJDzyv2OQ7KGx1jyd2/SWz:bWmLr2OtSrzzt42OQ7KGx1jCWR2b+RcU
                                                    MD5:9E9C3C4DF019E4C46524EC2B5C7B3EA0
                                                    SHA1:22D065C85DEEC807B01EA860D2101D5629474574
                                                    SHA-256:AB570417B079DE20B9056D489D0FFCD9C5A95BE1D9D667DF2DDC8FB5F770A5F7
                                                    SHA-512:CFAA6BD47A69D4EB525116A7D6BFC955235AF3C37676F3BC49F235EF21745E95FB763109BCE97E3E901EAD58C68B47F1F33C13D8AB477DEAF3BA9FC6C32E7F55
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/default/script/layui/css/modules/layer/default/layer.css?v=3.1.1
                                                    Preview:. .layui-layer-imgbar,.layui-layer-imgtit a,.layui-layer-tab .layui-layer-title span,.layui-layer-title{text-overflow:ellipsis;white-space:nowrap}html #layuicss-layer{display:none;position:absolute;width:1989px}.layui-layer,.layui-layer-shade{position:fixed;_position:absolute;pointer-events:auto}.layui-layer-shade{top:0;left:0;width:100%;height:100%;_height:expression(document.body.offsetHeight+"px")}.layui-layer{-webkit-overflow-scrolling:touch;top:150px;left:0;margin:0;padding:0;background-color:#fff;-webkit-background-clip:content;border-radius:2px;box-shadow:1px 1px 50px rgba(0,0,0,.3)}.layui-layer-close{position:absolute}.layui-layer-content{position:relative}.layui-layer-border{border:1px solid #B2B2B2;border:1px solid rgba(0,0,0,.1);box-shadow:1px 1px 5px rgba(0,0,0,.2)}.layui-layer-load{background:url(loading-1.gif) center center no-repeat #eee}.layui-layer-ico{background:url(icon.png) no-repeat}.layui-layer-btn a,.layui-layer-dialog .layui-layer-ico,.layui-layer-setwin a{displ
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 28 x 62, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1416
                                                    Entropy (8bit):7.765385327947409
                                                    Encrypted:false
                                                    SSDEEP:24:B0xphOg9evPFh9/8o0qIYD59lhZ5DOht41vH+DF4xpXqKPiU23Xr3egw:B0/Ub9Xm4vDOhwvex4OhUGXr1w
                                                    MD5:3AC8AB2A95426F916AC9254601B30CAE
                                                    SHA1:C73CA55C599AD17E79A4B95B5705126ABB736EFA
                                                    SHA-256:802FD499FB5AA520393D0F20013F0FCA69C9F2CFBE37DA629C0201A30769203B
                                                    SHA-512:3051D23694B50B328922724409F4BDB9EB5B3FA1BF14B80ECA2B8B8DE020AA0624FE8EBBF193014B4BE7823FAD22725ED025F6FE1CEDD0AE5307B64BDA978446
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/ztzl_right.png
                                                    Preview:.PNG........IHDR.......>.....8i{.....sRGB........BIDATXG._H,U..;......c..aiY.'.U.4.Tb...z..5...J.kv1S....../..^..."..........[.....'..f....J...23..9.?..;.76D.l..b.\..4.,.........d..1.<.........3.?=..O.4.< .f.2...$.....$G.lT..A.FZU.p.P.61....pX..Z.)..V}dd[........8.l.M&\C...`f..}F.........@ ......M....N..{.n......!e...Il.]J.GR..S.y.-.....x.-.+..93...Y&.......}..G.......@.ep,cH....u...(I.i...`SU....#.)....[I..5M..4".4.u.dzz.-.......tww.#EQ...@..s......J.....n...u=444.}[[..@#jH..4.x``.......f;.....?455.D.`0..5e...A.}}}....wDQ$.mjjj...~JQ..`0.].M'.....n..~..===.]]].%$$.^....UUU?.L.D.6.5..p....|....M.e..`yyy..r}'I.mO.M.....$\Q.1......|.....EQhW........ou]..A.....aP.CCC...pGJJ.m......v..><<$jB4.Z..A....O....OOO......7+++..^o0..2...,...........p8h....O^^...jL@J.....~.oqq...v.A.....sss{|>..K.....,..i+++.eee.$.......>....U..k.....`...A.WWW..............MLL.J...-...J.D.LKMM.............`.......(.....#]l&eAr.p8....>v:..$i.......omm.H...F...C.eY.UU....$...vdg
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:downloaded
                                                    Size (bytes):193584
                                                    Entropy (8bit):7.965177018666499
                                                    Encrypted:false
                                                    SSDEEP:3072:h2C7z1be+S/BsbXOfaXD2+jgAWAOw+AtvHWCqkqiTr187rV2w10bwU6ALODk3u3R:P/V4BDPNANtJjq4wjKLaDke3Q8IE
                                                    MD5:85DA59791EC54A4C86B28C0C5BA9411C
                                                    SHA1:F402B0108D924AF654DAFE59E53A44CA1392DDAD
                                                    SHA-256:CA6D141B6AE60A057DC219444AB0201BFDD98AB3F7F01B4FF90ADD005F84FC7E
                                                    SHA-512:9A749FB39483FEBDC58A5239750E1DBD783F1B9146F43F3DDABAC5E204F6A4DCE9C75789E43918A43F176A967A812BD299C72FE9EE6CAC06CE04142AE97331A6
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20242/4227b7c5c898468d9a3302c0963ac12f.jpg
                                                    Preview:......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................q...."...........................................a.........................!..1.A.."Q2aq..#...B...$3..Rr..%456bs..&78Ctuv.......9x....'Ew.FScy......................................M......................!...1.AQ.."aq.2........#3B...Rbr.$4..%5Csu..c.tv................?.......lg....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1432 x 260, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):67657
                                                    Entropy (8bit):7.7954037633233755
                                                    Encrypted:false
                                                    SSDEEP:1536:45zIHwdwVTdlxDPZABtRAEInByqcQ7yncga:IIHwdwVjxlATysQ7ynW
                                                    MD5:E4518E9336245768E391FBD1211BB539
                                                    SHA1:CB095CAFEB7F4794812F8D0F8AEE24574941EFD3
                                                    SHA-256:7604147679C3FCD9C63F65F6DF9F6406F290337F7C237AB1FE00285967C2D4FB
                                                    SHA-512:F0ADE9B17E8F6E14547FDB4E51CC806B4827313C8AF31E99F9E6622FB620C037E1A638CB8D3CAB1CA13491C3B1C56E85D88FE7537160B9AA8693A65EDB22D142
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............FQ.....tEXtSoftware.Adobe ImageReadyq.e<..ORiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/" xmlns:xmpTPg="http://ns.adobe.com/xap/1.0/t/pg/" xmlns:stDim="http://ns.adobe.com/xap/1.0/sType/Dimensions#" xmlns:xmpG="http://ns.adobe.com/xap/1.0/g/" xmlns:pdf="http://ns.adobe.com/pdf/1.3/" xmlns:pdfx="http://ns.adobe.com/pdfx/1.3/" dc:format="image/png" xmp:CreatorTool="A
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):651
                                                    Entropy (8bit):7.567754142182313
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iWGZlbXsQaJpbpX+de7jexY3YOyr5Z3zyXLVRz8kQ1F+Ard5FvZ59XiFRR8:xZljsQaJpb9ceeY3YO8Z3m7Lz8kQpd5H
                                                    MD5:1046ADDD9980BEF27E6D912257AC0281
                                                    SHA1:99CED995B7114281092A20872068BA5D5DDE8531
                                                    SHA-256:053009CC04EBEA055B83452B1D9A3D2554B6809C385AE726A6B33A456D6BE061
                                                    SHA-512:ECA58C41320A47C85A492F25C579C8A421F84A798706AC41B194F3AB88DF9765C186DD366B6B41276997D1F1ED459A308081EFCB33C385E9F37D3675016FB88A
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_04.png
                                                    Preview:.PNG........IHDR.....................sRGB........EIDAT8O..]..w.......B[..1)...h...(OW..(.B..V.0.q.b)Ci..RDH.S.....+\....y....g}.....|.....9..9...;}..o=..|...9va.oH.G.4..q..:...@...f.....yu..N.$......a..!....\.Al.g../...}A.b0.sX.......q........G.j..,.&.....?.06a(.c...\..d.J..`s...1....P...a<f..1..E...`W....M..PB..N.wJ...p..aq...2..{._.wa-..+..w\.(|......f..H........J..[~N...C....Yz0.s"Z.S.S./n......p.c.B.E..9m.R....|.@T>.w..7.. ./..l..nc...X.Z_....$.P.v..$\...J..."'....wDi..O....>L._....7.....EY&....Z'...V..........b+Nc.2.....MC.N...'.....LV.G.o.c.m3.kj./UY...R?...3nw.wc......m.u6t..W.#._.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):185
                                                    Entropy (8bit):6.38299318826716
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPl9vtJK6Ptl/12n0EcLmHhr9AJbWMuKvTjSvCF97xNpddJV01reg1p:6v/lhPO6/a0ZShr9AVWvKvTjrF91Npdu
                                                    MD5:5AB2C00425EAD7F7A0C219385D55BF03
                                                    SHA1:F62AAD7C7719300F1D8E922155F451661D41D42D
                                                    SHA-256:32170F852E6761CBBCFBB87175BFD6D84ED73823DEF767B1A7BDD058C6A3030A
                                                    SHA-512:3B531522315BC5F7EDC3CA870D2A91A89D4BAF34DFAB057AD58550FA35D68D8C40E905495050D687339C1150C8FB3B65ECEAADD19E40A5102253CE2DCF3F9D09
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-viewThumbnail.png
                                                    Preview:.PNG........IHDR...............7.....IDATx...1..Q......j..x."......,.W.%l..X.W....._v&.9...l.8.wI..$.a,.A|..K.....l.....#..D.s....@q...8.[I..$.a{^..`...?..9,..K.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 380 x 159, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):81180
                                                    Entropy (8bit):7.993570242105472
                                                    Encrypted:true
                                                    SSDEEP:1536:9m0Gbs5LHlzduWs+F1rWRwZHobiwQGptehosGQfDzusjM:A0g+rlz4WsqWROHJKpt5Qf+j
                                                    MD5:109F58A23CD303540DD0929D2E0A2C3B
                                                    SHA1:4174800FE11A96D7F51AA9F1DB531537CD1850A5
                                                    SHA-256:992FCFA322D48A2D65ADFFC26BEADCD9F7195FA431B17B71CD9B4BBA90F00DA5
                                                    SHA-512:37327AEB11A563480128AE9DD98A6323221F74634EB8A2100200D83C5B4143A4C566F977D4E6C5CAC484C15996F6216CD092CEB8E5ABEA622D837D4CFE533C70
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/eb8f48bc8df04df7a25f68b7603194a0.png
                                                    Preview:.PNG........IHDR...|..........@bR....sRGB....... .IDATx^.....YQ%z..2..f.f@.A..(....*.P. .....>........ADhZT.A.i...i'&.@........).2.*3.oE...;..g...ZP....;.......|k.x...6....kclm.M..5............[ckk....n.}.G.d..~;....=.O..V~..u...YV<3....}q!....C..r..q....f..N^>....7q]=+j.....g~W_o..M.3......^">.......-.Q\k...}Q.....(>.W.....{.2..)6.9...jl...!.........,ZRs$.(c.."....5...[.+..Q.....6...s........b=ho..V.>x....Q......g.;..5..z..Wa..........X..v.<.3.c..z..........b...m(..[...Z+.~..C......y.^....(.O.6..6.......u.zn..P8j.....6&..P.t"..7z...h6....N.zy..13.....(>V..u|^.[....6...n...n<.K.C.......K2....@h.D`.YYN..X......... .._..M7RF.R......R..u+@.t........ .....B\.O$.......?.. .....F.x..^.}.})h....@...U....m.p.[.oL."$.s'@..>py}..$......J...E..56.`'.BS;1$.....~^...VH..I.hH.'z.... n5....+.l...B....1.bN'..<.....1..........._..B.....].M..z&<.Z......,!..s{-.\.....l$...m...g.E....~.u..X..`.e...4Y....w.+...}AEY....h.g..?.I.k.,.M...S..f.E.X/.#..ut..m...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 380x160, components 3
                                                    Category:downloaded
                                                    Size (bytes):49497
                                                    Entropy (8bit):7.976831345996684
                                                    Encrypted:false
                                                    SSDEEP:1536:2h5ucs+/Fc5tcsdhFmfJ7po5KpRkWJclwpLID:UwE/m//ofo5KpmWsEMD
                                                    MD5:40F52EC8C8198C8C94C99A1AFAD7C2FD
                                                    SHA1:AE68817DF08FBEF44AA6771C8B882EEFB6834C30
                                                    SHA-256:1175E9DF746BEA8F8B516AC91D83DFF85C569346AF7F4994E2544DF4249273E3
                                                    SHA-512:54FB06009AC57193DAB5CEFA332527C70227817CCA87F54CCD62E87546D670F7A84E00C28DB6539A9898046D40D40BC71C62BEF70EF4209E9275111543736705
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20241/9550790e3e104faeaa68441d7f04b52e.jpg
                                                    Preview:......JFIF.....d.d......Ducky.......d.....(http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC Windows" xmpMM:InstanceID="xmp.iid:93D3FF25B0FA11EE9A21FD2CE2A0D897" xmpMM:DocumentID="xmp.did:93D3FF26B0FA11EE9A21FD2CE2A0D897"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:93D3FF23B0FA11EE9A21FD2CE2A0D897" stRef:documentID="xmp.did:93D3FF24B0FA11EE9A21FD2CE2A0D897"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d............................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):744
                                                    Entropy (8bit):5.01974530879063
                                                    Encrypted:false
                                                    SSDEEP:12:wQLFEjfBMmqOZPjGmaoMjGWao5jG05ao5jGSf/ao5jGfao5jGdBsmJdhy:Bg2OZPjhaoMj5ao5jZ5ao5jLnao5jiaG
                                                    MD5:3B9E4BCA8614A9818350345D488E44ED
                                                    SHA1:E136A113F24B042DD3259EEF244F03445B09E727
                                                    SHA-256:964642A8278901B61C9AB4F7F2F0621DCB2156AB4BAE7168B317BB8776454DD4
                                                    SHA-512:95B6D8F7466A8C6754B40F8EBFBE64A7529AF260864F0F25CB35EC5FC66E70B9DDD10C0D1F2F0C084702A3126FE660B583E74130AE0EAB1C7F392616C6309D3C
                                                    Malicious:false
                                                    Preview:$(function(){.var starttime= -1;.var endtime = -1;.var ontime = new Date();.var onTime = new Date(new Date(ontime).toLocaleDateString()).getTime();.if(onTime >= starttime && onTime < endtime){. $("html *:not(:has(#gh)):not(#gh)").css("filter","grayscale(1)");. $("html *:not(:has(#gh)):not(#gh)").css("-webkit-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-moz-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-ms-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-o-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("filter","progid:DXImageTransform.Microsoft.BasicImage(grayscale=1)");. $(".global-header-box-front").parents().css("filter", "");.}.}).
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):662
                                                    Entropy (8bit):7.585060484420764
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7yJB4mmvt70U4h29MI7+o5igBfeQ3rD1UTW/m3M2ZbrOX1iPYURiOs6c:nJB4mmvtAPQ3KaBfX33+T4m8S3OX1zw4
                                                    MD5:8082D23DF9256217C05AF69284FE8EBB
                                                    SHA1:C05F6A2C068B73F41EF1577796FCA92B8A360CFA
                                                    SHA-256:4E7599136FDDA0FEC8BF3C073F0A02253C0EB17176725137278FDDD9E7A7AFEC
                                                    SHA-512:AD5211DD08971E94484E4739843556BB23A645B1E50C578D2CAC5ECCD58B888D5ECDEEA69DEFC98053F3E03B941E273C24F6A7CE14A20F914207E4E4C654A212
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/64d03438a76e4bbe874b2e8275afa664.png
                                                    Preview:.PNG........IHDR................U....sBIT....|.d....MIDATHK.V.q.@...g..H.$..T.g...h...L.....3..Ebl* .@T.P...[vOV"K....E..n.....Cp..........a..{.....?.".5Ds....L.... ."=C....p....7..1.W.`....yt!...T\#....B.^.[..x....R^.C........r.".l......LR..}m.Qy..:...%....!.7....e.../..`.N_.~...s..T...<l..24.w.jU....w.OX.>..|.....U.1S..:...k.,.cIzYgH<..............]..,......b.`*.y..i..\.."cuG.X.{?.U.}#.p.~..h..Gu.\.]..?,......].At.....J$...%..q...".=...,[M.aY.]iA.u.5..l. .).Y;..w.Ffr.`..T..a,..w.......5Z...<..".m:o.:.l......y>S....XV.!Gw.i..}.O...$...A..X.ZMc.-V..P....FikD.gU.4..i:d....un..2.y.>.J.q..1....%...`b..,/5M......0X..V....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):20
                                                    Entropy (8bit):3.6086949695628414
                                                    Encrypted:false
                                                    SSDEEP:3:qPH:qPH
                                                    MD5:8DDC9154914B42D4A78E2FCFDD3A42C3
                                                    SHA1:2D966540FE6F49DC4B05F8CEEED012BB885493A0
                                                    SHA-256:DCB678394908A7D49DE7ED14177014B5E28E6EABE825798E2E439D876FFE3646
                                                    SHA-512:20940489CDFB1B6DE8262F52E0CFA1A3634B7F7BEBEC11E5FD45DB173B82573CA0D9BD628F6849A165C6D1BBCA4A3273EBD1F361A543C6BE2F6CD1336CD066B9
                                                    Malicious:false
                                                    Preview:var jsonArrData = []
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x720, components 3
                                                    Category:downloaded
                                                    Size (bytes):116683
                                                    Entropy (8bit):7.979129833121965
                                                    Encrypted:false
                                                    SSDEEP:3072:8539yEhsRv77BmOZfOOsFcuW0i62MFsXO83W4s:8F98UOZGkxJe83js
                                                    MD5:9588E190161C2E7D1C14B3AABC7AA122
                                                    SHA1:C6DA402B5533D9F2F3F018EB0233DF6285F269A4
                                                    SHA-256:5CD474B7EDD5FC8EB457F2B20BB2ECE7F276D3441EE86C149AC4103526C1C579
                                                    SHA-512:93D781390BF7C0D822354D91626C092DE1EB0D19D8309E16C56DD6A79BC6AB31FC41FA3792230A8707FDE6FE43905D9A896F0230EC9D501C3EF6A5A8B1A8D63C
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202410/47e490893c3c43e6b1b815e80d9fd862.jpg
                                                    Preview:......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........8..".........................................^...........................!1A"2Qaq..3..#B...Rr....$4Sb...CTs.......%&5DUt...'6Ecd..FV.7....................................>.......................!..1A."Q.2aq..#3BR......4....$C5DSbr.............?...i.#.S....0..gt....Y..p|2.Ip$g>.......e..g.i...j.,8.....V.O,.j..YS..<.~.%n..Jz)..M....7+h..z.6.....X...w..~..<N
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 400x136, components 3
                                                    Category:dropped
                                                    Size (bytes):66578
                                                    Entropy (8bit):7.978897930626537
                                                    Encrypted:false
                                                    SSDEEP:1536:F7SeZWkc7TItjPApPSiy1dlwIw+tO6ydkO/1WjymodC3gmtA5:xc/IFiSddlXwMO6ydXJmyC3g1
                                                    MD5:F76C726E4E721368C84A67B85DD64A1A
                                                    SHA1:277DAB9FB877DB636591CC033675A1E4F3C86A23
                                                    SHA-256:0B45262ABAB5843D5160534B49B28F9FE0262033C386E62AF45BD0876C68A1CA
                                                    SHA-512:77E1730E8C81B4EF5826C9C61A62AFCF6309B57463826A0895A93918149EE1BB6E773631E5F7267746CC6A65E4431D912EC87E429C5361816800E61AD6243CE8
                                                    Malicious:false
                                                    Preview:......JFIF.....d.d......Ducky.......d.....(http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC Windows" xmpMM:InstanceID="xmp.iid:0CD3CC5DB10F11EE9ADDE3D7BE1A627D" xmpMM:DocumentID="xmp.did:0CD3CC5EB10F11EE9ADDE3D7BE1A627D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0CD3CC5BB10F11EE9ADDE3D7BE1A627D" stRef:documentID="xmp.did:0CD3CC5CB10F11EE9ADDE3D7BE1A627D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d............................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 864 x 566, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):512297
                                                    Entropy (8bit):7.992815958945406
                                                    Encrypted:true
                                                    SSDEEP:12288:869fhJMaS8IWh+zP2d6dreV9KqlK5Nvk0/WghEpW7:8S/MalB+T2dUre/KiYNpegypW7
                                                    MD5:D560D07C037AEB6BEC60DC07C0230551
                                                    SHA1:76DCB2CD54F80DBB5547442F5654AA3C2C521A7F
                                                    SHA-256:08D343815F262EBB07BE0220051DB93EF79E50EB247C8AA6C65F516EC3E10912
                                                    SHA-512:794E7EE2B6210E6AE3D4C57052C02E38BCA96B139C815D765F30978708A8FDA2D506E8DC7527607E4CA3274797FB51572D0940A81F96A45FD3379EBA0362C079
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202410/856219d2df5d4158be1ca981f19090c2.png
                                                    Preview:.PNG........IHDR...`...6.....62......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx......&.~WD...-.0"...$3.\.Y.e...9...k...y.9..b.c.TWOWuV1.L...<"<<"<"|w.t."r..,.@........^?.PU....,w.......'..`@.@, .@.K.`f.L....P....+......7.........,!..... ` ..........u.Y../....Y..d.....`h..1.d..`.6`hW......w.vG.cU.....W..w.7N.o.......g.6&<k..6u...+.o..U.@9....O[.-...s...=JV..._b.b..g...h.}Cd..........?T>....."".1.i.".sH)......n..)..}...cK...nz.B....jK.MC.x..-..I.t..j...=....].......G4.....].....@..r[..?..Y..._'I.(...p.g..5d..C(..xED....o.._...h...].N...W...D..2....S...?...?.....g#Hb.2`]B..4M..1/r..0.&..g..Y:7.F.....\E...........F....D.X.r.p..........(.s.....j..`.]....Nr0*6.4...`.N.7....q/....'[".."R..4.....0....'..lC.V.7b..$V. ..h...y.g..C..........v.}.M.M.}.Ll.~/....t......e.......Z..Z...".P..*...mi......*......O.u..l...P.}....b...%.u..?t..I./@.y-.......s.u.!.*.}..7..7{...dV...Fk;..U.C).H....%...}....g<..kTy..h.2.8.T*.b@...@).J..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):674
                                                    Entropy (8bit):7.575134527280418
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7io+vhdPjOfgu2JwqFv+9qUkLx6nEqpge:TnPFF25Ix8pz
                                                    MD5:4987661EA370115AC81F764BB52C1A5A
                                                    SHA1:CC740533A270FA8B77B10DDEF3C312A82F243EBA
                                                    SHA-256:3EEFDB8179014CA66586A23AD185220CB7164664AD33520DFBC7C6A4A7F58FCF
                                                    SHA-512:4D4B30073E0188122492842DFBF79139F29D1B81992DEF77A62A41282A13711C589D3F850D163729623F94BBBDFBCE2911E54BA7D940FCF281906B8D1701A1B3
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........\IDAT8O..Y.[....gJ.pe..).d*Ct.r!. ..$%Q$.B.S.2.....w:..:..H.9...1dj}....'.v...~.....z..?.N........wh....i...~\...g1.}..GP.~..#`e7..b!.a.F......".W.!......3vc;z4...n..e.....\..R....2..bt....r.......U.........1..1....#.#.....E.h.....o0.<..[E....V3..?...^.|/v..^.?^`...@..fD...&9......8V..Wb6Z..5...~."..f.s)Nw...Fat...3.W.s..5.d.O.....S._~'f.q.........k."....Q5.].......)6.0.%.XR.9..Q......S.a:.5Q....8..W....8..sl.y..'.....X........Yy~....%E... A..=XP.......xV.....x.V.e.k.....".4.9..KTj..A2y.g..G.?..sq..o..G.9}r..C.x.I..CR.m9k...z..B..c$.[....)1.us...a.e.J../....J..,.$.o.}..F....\.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 668 x 287, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):193679
                                                    Entropy (8bit):7.996439067344639
                                                    Encrypted:true
                                                    SSDEEP:3072:rhytE1hnPzijQNdVM53UCJqmhoounNGClBRMDt9oAXl7nXhbVbWicFAsnGYECT:rvPACk3PJ9UgClBR0tzl7htEAsGYECT
                                                    MD5:A0AB7B72BA583BB119400C6C01E1CA30
                                                    SHA1:536C43ED6188D386D8AA294046D913155F9A9CC8
                                                    SHA-256:AD84D46019CE7C9F2F67575A740853266E3D1B3D2B9B45316EA8F173140DFAF4
                                                    SHA-512:2136965C563A635CC9AFC0109D3C7BBAEB9CA0A132A7F2C08EBA74DC4036003058491418911C565A0CA2A5D562E6BC8CB35F429874D25E45DF4E911636DB8B19
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............N.. .IDATx^.k.eYr.v3...gh..mA. ..E......qC. .@.............2...^..du.t...r.2o.{..#V.x.}...........W.y}<...._........t.N...[.>.p.k.......q.s.../.?.f .O......?{&..GS....<=...[)...........V.".h...^k.O..#.......K.q^}.=.:..#.*.U..r...x4g.......kR[a.4..w.w..{.9R.......g.Z..d.H/Zg=.yX&.c^.7.~.p.\.iDwF5.uk2u+.......Z....v...s...>.._.f...q..........$.=.x..@...h......@..&1...8.;n<)..1.&.... ..n..I../j....B.y]=.n........(.#.....B?...Zo(=V.2.....4..J..X...@.['....D....ZO...W...%.....Z...et.hK"5=?M.F..O1p>....xc.~).U.+U..@l...]...e.^t.o.7P..(.....pl.u?..PvMLH....]+.5.pm<"~...~P.IN...].O...f....Y.|W..../ "p.^g..-J..........$poz..ds.....3../....i..a[....~..3...L.1.7|.=<..p.=.v.NB..p".QH..=.M....N0./..WL8..Af...t.....369'.!5.B8.r.N..........B..S........].52.....gQ5.. .2....".'K...N.........m...s.;6...U`g:<J..V...4.q.c....A, eC.......v-[D/...3H.d.......T.m.P..C.|:..,Yf.9........xv...*..Of6<.....T;.m.C...O9vF.4.FdS...fl..{]
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 399x170, components 3
                                                    Category:downloaded
                                                    Size (bytes):18315
                                                    Entropy (8bit):7.926823763752089
                                                    Encrypted:false
                                                    SSDEEP:384:0wBk9ASNGDIXoLVc2nsw8yaWgJoFQ0+WzTJQ/ytgVBLBns6O:xBk9AumIYJsw8yaWK0+a+/y+zBs6O
                                                    MD5:3AC18860B9441802C181034D1B276791
                                                    SHA1:64E076FBE04F9C5621953AAB4B8F052A5DF0F297
                                                    SHA-256:375973FD45A53148B351904EB9842974B7FFB686451E0377890A0DD3B56A0ED1
                                                    SHA-512:C8FC18DB4AAD59435A50A479AA9BA1E2EBAB1DA69F10136932E6EFBE61FDAC0128E31FB630465FA63369E530A5D4D2AEF658B7FEF3FFAEB5D44DB285E907D74F
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202410/Sf40bfe33b57a44a6a85b7ddf481bd5cc-400.jpg
                                                    Preview:......JFIF.....H.H......ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................".........................................D..........................!.1."AQ..aq2B...#...R3Sbr....$Cc...4d....................................>.........................!1A.Qa."q...2....#B...$br..%3CR................?...\R..J.p.....T....:..T.......}8.G9.{N.g.#.`..?.}..k.3.".CB._.V..ri....;.s|.Z...d[d;b.6c....06......9..}q.dH...u..z+.....<<].....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 668x287, components 3
                                                    Category:downloaded
                                                    Size (bytes):92840
                                                    Entropy (8bit):7.977509185863719
                                                    Encrypted:false
                                                    SSDEEP:1536:6MlM2tmSKPbl9ytzEgpH1STi03SPHPTP9hoT3cJlbAsbUlWBlAtja5yufUX/:6MlvKPqtRHYuBPHPr9hoTsJhhZSJusX/
                                                    MD5:6784645725F20F1C786DF6F1FDFEF474
                                                    SHA1:B7A485A526BEE2568B79E7E817EEE0F942C0C6FE
                                                    SHA-256:7D29C61614BF03CA1222A62A7C77588BC0BC0E677C54B50BD3EBF96963645BD6
                                                    SHA-512:AB10C8B866507564B7B654F09E2E92061DDD7C425EDD3B39D816273C9E211FFACA55686A4242C8DE6DBF5EE75667B8CC50A77715C9BD9ED9179BFC121A4DFC9D
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20247/C598DCB40BF1A3A3B9C562BCED2031C9.jpg
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:B48B10094F1811EFB669CA2E316F6E24" xmpMM:DocumentID="xmp.did:B48B100A4F1811EFB669CA2E316F6E24"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B48B10074F1811EFB669CA2E316F6E24" stRef:documentID="xmp.did:B48B10084F1811EFB669CA2E316F6E24"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x182, components 3
                                                    Category:downloaded
                                                    Size (bytes):110152
                                                    Entropy (8bit):7.975075256251562
                                                    Encrypted:false
                                                    SSDEEP:3072:wowgY8Kr7Bfmw4l5Iw0cGK0uvXQAtySlos4bru:wUYGwqIJtK1vrDd4e
                                                    MD5:C8B45900A1587FD678AFC51653685F17
                                                    SHA1:84BB8FB0C64146F59C20F96060AADBCC5FD3DBBC
                                                    SHA-256:027BAFDDFFA561600DF61C9BC06AAC729F933F0BB66F70E7821E483444FFA986
                                                    SHA-512:56D0627B50152DF6A4DD48D65F16FFECC8E3EF1DD8571F3086F1A037ECFFB3CC4B42C6AF3DE0478E8105DE769B6A022B2BEF3C391B5551DFE22DF10BF5D5F9F9
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20249/F6600AEB2FBD247491AEDE954DA0C515.jpg
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:308709D76F5211EFBF32A64EEEDB5ADD" xmpMM:DocumentID="xmp.did:308709D86F5211EFBF32A64EEEDB5ADD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:308709D56F5211EFBF32A64EEEDB5ADD" stRef:documentID="xmp.did:308709D66F5211EFBF32A64EEEDB5ADD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 87 x 87, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):11583
                                                    Entropy (8bit):7.971472047466238
                                                    Encrypted:false
                                                    SSDEEP:192:Cl7c7aIAtapldd6S6hpb27K+vojzaQ8inlHbe1Qjy9xjTIF5GMZEtEh4FlyPN4Cq:Cl7+aIPpldF6hAuQoH18OhrjGRqYIuIM
                                                    MD5:3AB315A038E564907751DAA6F2884839
                                                    SHA1:151793565D8D75076F6D6B87367FD7CFC07C14E6
                                                    SHA-256:32A72011B430961381EAFE4E25284702CB9B63987BE3A40544A13367C1FF8347
                                                    SHA-512:E6B868F61703832AB0DE1F6E93EE9101702753A5D18AD611D11DD517B769EA8ABEFEC1320B4061CA128A2769C8FABCEA3D3F8EB1D84545E7B500331B22B8A565
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202311/2e13151cd79a4930a1870025d20acfc6.png
                                                    Preview:.PNG........IHDR...W...W.....q..l....sRGB....... .IDATx^....eU....4..&.s.Q.$ (.b@A..P..1..D.....(bVTD....H...0.03=...]..4.3...zu.{7.S.k.:...............'..o..z..g9v.[....:....y?...~o.1....~..r...?..~{.>.o...o...:.2........k..,.H...'0.......z...Y..yo.=3>.c.S\...{dN..8.l.kI.m;/c4.6....e..:.kOrL.>......1....&.:&....\&F./*r..s~...>..3.j........5....3'.r..........vx,.T2.6..........z.:...sL...8#F.2.P.hG...Dh!c.{.....PBn<Qo...F.X^...X$<......".....s...6.O.4.1.h.Z\..U....g..;......z..........G../.|-.......O<1B....g.2.,Ss....~.VXa.Zn..F8>.t..?.\.5..........5m.Zv.e.q.@.D.`..f,...1}.......z......F.cP...G.f....................~....!....>..z..^V_.......sM.:u.[!...}...<.....}.{k..._$yq./~.:.j.w..~...q.q.....~.._..nX....k...zB...K...~.....>8.h.l..V.y..u.u..g>.?.~-..R#.a.P...t.A....=..c[.,..d..n..>........m>[R.|...w...^{.o....f..'.xb3...:.N=..:.....n.....N:..l..._..W..s.Fv.g?...n..qB...5.......|.#u.]w-2....Eu.9..../.......Y.2.....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1336
                                                    Entropy (8bit):7.776590258483341
                                                    Encrypted:false
                                                    SSDEEP:24:mfEfOsx9CKh3Z09W+8xuI+7xF99+vCIw0P4lb9X4vV+2RpaOaV0Q5PsiNUa:mfEmoC34wv93OPdXRAOa0ksmH
                                                    MD5:A7C379E8BD0146CB7CEBBBBA64EB67CF
                                                    SHA1:CE22A676898A4AAA8EA64C394A2F2D31A0DB4CD7
                                                    SHA-256:41C18B3DA2952843C470B0EA63C78BB76D419050B419E67AB3C083183A664934
                                                    SHA-512:DE1C69458ED2B697433C3D7C2BEB70A5945FE6F101CEB7910ADC435A5F6CC428A65612B2DD052B464E59737B2D820A543432716E81C84D282DD73F7AA40E6C14
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............w=.....sRGB.........IDATHK..[LTg..g.9...*.......%.B....\/5`.P...P....b.. ...h...6>.&.....r].\.(6imX.TW.ZQ.n.=.ifY......7.o.3....h....[.sG.K......@V..i&)7).....".5...Tu....0n. ....r....4..Ou.m?...7g.....~.Q4h..V..,d$...r....5..jK.%.$a................z...?....5.^'.......). ,.(k..>....?.....Sg:..a.xTMk..A.....N...`.)j.A.....tn{z.".........,..mm.[SMP.:~..P.WQ..e....z.c{+..rZgN.)..X...+K...g..JD!....b.c..6K~.\.:..8T.8.u...........<%..uvg~d.D@......A.M...E...;...|...@X6*U...<....W..I..3.+.....G%.......V2.8 .= ...FD\.,.#K......R.....U...@G.J...)i...d../s.~.58R.{.D.M....J.-"...F.J.^..5.....Q...?Tx.K..~.."..M....{..R.)........wY..W....0.(N6.O%...#<.E...%.\C.v.........j.Y.-$.D......|...pa..w5....I.9...p&.I...n".b......f..GM...p...[.*+I.B.....o.^...].../.ppv....P^.7.of..A....e.H...,.w..............9w_........E.D.'.;.x2..../5..y."6..|.0....(.................G^.M7d..m9....n......1fV.vD.+.V=............v....).a7E..G..+..nAKIf
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 380x160, components 3
                                                    Category:dropped
                                                    Size (bytes):72598
                                                    Entropy (8bit):7.969601362802776
                                                    Encrypted:false
                                                    SSDEEP:1536:1lsG6vL/J34VQ/4UXpZzVR0B3bjsuiWgcEhK8qIeetqRAYJZmpq/Q:zEVMQAIpZzQt2c3Ve0ZS
                                                    MD5:8FA92DB60C8730B68855F5871FC0B7CD
                                                    SHA1:9F67155FDA265188614637BB2CB95977CA62F9D0
                                                    SHA-256:0BCA4E31DC80B54D89CACA83C77D480F360B4DE658D1E6ADE52EEE5790EE3075
                                                    SHA-512:73689674ED665F7C2B04157450C0F79ADB69D41DFCD995B989A2242DACBFBB0C11D2BC52EFA6A06E7C818F45DC31E1BEDCBC2DEC560BBFB33E76A278A1E2796E
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:9B91D1C7B05D11EEA730E5A195321C46" xmpMM:DocumentID="xmp.did:9B91D1C8B05D11EEA730E5A195321C46"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9B91D1C5B05D11EEA730E5A195321C46" stRef:documentID="xmp.did:9B91D1C6B05D11EEA730E5A195321C46"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:downloaded
                                                    Size (bytes):214740
                                                    Entropy (8bit):7.948761122595337
                                                    Encrypted:false
                                                    SSDEEP:3072:R/B7wKbd59VFp2RhDDaElLGxkfX2L1eBSKnMh4PITnrkznp6NsCHfrEiw+8IE03h:P7xb/PFpED0xkyOSO7yry6N7Hxka3h
                                                    MD5:8899A0C4D49593AC947438B5492FAE35
                                                    SHA1:6D01B7B93879886B1AD5D786307B1C53AD7F605E
                                                    SHA-256:254726489CEDF4D70DE144255C5898038FD542A9452AC97365FA6D29C706158D
                                                    SHA-512:DD81069134663766B9FF6FDDAACBBECFE448FF29D8BB188C08B6161F44A03E04E937F5F29C77827602E41B7E917E1E98DC5898266750E6CB5390E5CB8A19703B
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20242/3197f5c460b34440a94939423d161452.jpg
                                                    Preview:......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................q...."...........................................[..........................!..1.A.."Q2aq.#....3B...$...45Rrs...%bt..6u..78CTvw......&DS......................................L.......................!..1.A.."Q.aq.2.....#..3B.$Rr....4b..%5C...Ss...6..............?....z.4.v$.Y..Hw...-
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1002
                                                    Entropy (8bit):7.656311306764841
                                                    Encrypted:false
                                                    SSDEEP:24:f67+KzlGG+NFvsVz8wKctNN15KhFL26RK:8kvsVzocXN14TLw
                                                    MD5:20701EEB80C79C240A2FA824D1EE5EE9
                                                    SHA1:FE46C6DBF551A0BB33A1F38B7F8871EF88E9BBD0
                                                    SHA-256:C0730ADB7F118188CAA3B19496A2662106B29025BC6349A7486B0365DFF8DB5F
                                                    SHA-512:8CA8D998D01D38DA16318DF642AB0BADF7824D1A02415F9E63DC60471DFB97574226D1FD30392063BB4968625EF9D04FE44FBBDB1A990EE425E8FE93F4308B66
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_15.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8Om.].Ue...w.9..j.. ..(.....3c*N.E7..#.CJaA".#QCt%..E .QY.%..t!..CP....8..QD.8....^...........[...J.<..$}.,......[........f....bY.^.4.......j.ZkB.Wt........5;;........4M..............!M.q3{..K.@Rbf.3.8.I..T3....$m..........B.U.e`...3......p\...._.[......,[.....Bx.XV,....z......W.a@..3{....L.F......W.}.X.....9.B.......1.........fv.0Z0......-jX.;.L.....Y........23[..+.[..%.z}..ht.,{A.C.............f..g.NT*.K...g..x...5..m.z..h4..pq.!...G..$I....8....n.4.j....!.{.w..}Ik.....i.......VJ.#iy......,.)i........n.._.$.....$}.w?.D&....'$.l.Z..,[&.h...k.Z...(..N...3....8.........@G...`f..}....j....=...D6...O!..q(.n.j._..mttt.......I..K.....n.-Z.`...3{..l.../.My...$..Z.v..J..eYvH....nw.Uz.<.o4....p...!ES...B.D?.i....4.$....MJ.P..[.....I.l.......>...^&..v..%.Y.......V.1q...|....{..p(..!l.,..%E.......y..]..r...%..b@..Y.....t.pyQ...13..l6.=......cccI..X.-5==.$I.|jj.......)....Y.......IEND.B
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x637, components 3
                                                    Category:dropped
                                                    Size (bytes):389148
                                                    Entropy (8bit):7.98098067197944
                                                    Encrypted:false
                                                    SSDEEP:6144:dDaquPUFF9FifF4sEPGRftG+vtp22XjzeMLO5Xik6JTkJ5PDE8eWpObpijygxWqB:IvGFfYF4sxttG+vtA2PeMLOiVwVC1ixV
                                                    MD5:D379E6CB34D26A5C808DBC791DE9C621
                                                    SHA1:A7E2F59A7E97F71E1C3BEC84793151B2A045CD59
                                                    SHA-256:942D5D98B357EE24DFE13E19957BA60705D5FC4BC46B375BE19CDD53533F2857
                                                    SHA-512:C4235608D04AAE026C5DDDC2E63E63D4018939490EB26EC73F2A87FD97698E60798382C86EAB91D4DD918B3DE8952EABA431E6D902810EDA0AB45460770FFA63
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......W.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:FCECA5DCFAF511EE87E8D1AEF537C88A" xmpMM:DocumentID="xmp.did:FCECA5DDFAF511EE87E8D1AEF537C88A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FCECA5DAFAF511EE87E8D1AEF537C88A" stRef:documentID="xmp.did:FCECA5DBFAF511EE87E8D1AEF537C88A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, from Unix, original size modulo 2^32 1305637
                                                    Category:dropped
                                                    Size (bytes):302257
                                                    Entropy (8bit):7.998698282242333
                                                    Encrypted:true
                                                    SSDEEP:6144:YTvakFyt8BU1RBNHCzMkGgbw60cbA8PPVMtePNnX27Whr:iR4th1Jg5pQcbFXPNnmS
                                                    MD5:4A6D93310D3D726728C02B1C64C36983
                                                    SHA1:CDEAC2F706AA25985A197339F57A280694AA5B72
                                                    SHA-256:C3EA8A64EC284CB7E0C663E3F363340B3666A8B57CB52DDEE3E32D20CA7D9F70
                                                    SHA-512:14CD3FC9D2DF8B6EE4AA68CC4C4A3A4C8D3FFFBF9D85B22614159D55DA0117052F352435BF09D2653AD4FE6D0528892D009AA46231ECE1043058E76FA96323AC
                                                    Malicious:false
                                                    Preview:...........}{...>.w.).]....'q......%.$.e.9.%>..P.....Y..s.3.`...d'..w._....`0......?...:..hx6.......s>..&......3GB3...M.....'s.B.)sY.o.W...tx9.M.Mg8F.*_._0.E6&.o.../.{k.:.&.=.......x..'c+....:Ho....e...,.N.f:C..Z.^...+..r.K6.vr..%..+.+...G....8......h........A.....cr:.x....v&.`.?7.;...|~....._...po2}q.h6......{.....J..f6.L....u.....%.:...Q.u...6.O....p.a..M...S..`8.O..Ws.K4..p.}.P.?..v..W:.........GO...u.]?8X.=..<...t6.v.l.m...k....}...O.t.P.c.....@sHj6.!.aC.Gr.>.........]....gt^L^5.1..^.g.......hx1..g...bC,D.m..a..)..V,{.....W.3..y.bD.~>...Y..l2..5O.....2.w....N..6.L...............*M..Y....qr.Ss6.c....c...+....~..X9..........1..giB3z...A.Ww.rp....r....hp.......t.N....vS....../..C.V7P..."K...o....[....P.1.r....j:.....w..G...P...0.....R..X.w.%o.(.q^..W}....s4j....../...l.GT]..q''.O..'V...p...g.AW..n.l.~.g.|1.)....%........|.w..%....IS.Q.]....1G;..u.......<.H.....do..$r.%-j'.Iw_.w.GVm{p'..=..b....0z.t}(I..7....`m........
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):597
                                                    Entropy (8bit):7.528645322244031
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i1sPtV+O1x6jjurbG1yzWjaDUtxbLhIbjP8qxEQoiD8GNqWf1CBcWD:FsPXx6nz1yz67bqbjUsVqW0B5
                                                    MD5:C307364193798EE2491B3E3AF0654E53
                                                    SHA1:9D5F520A1C17F8B83684DEDFAE7B7062551AB1C5
                                                    SHA-256:59C97BBB472A40073E93A1FA606F130260299535A5CDE246635C33C546D9858D
                                                    SHA-512:4B3771DAF5A06627DA401F7AD6FAE536EA7608946E73D0B23B15F78C930E269202C8CE9D7F6BE9943698A1B518788B91D634BB92D35BAD37F84DCA7E86698667
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O..[..a...g.........(...&...)..~.Q.8^.+%%.$l7N.VRr>S.P".F..U.*.[....{.x..s..0..1..0.w..0v.h..^.J.l..A....h.N.i.3..8{..8.o...0>/.i.e=......m..M....?....Rl...<.w1....I}.9z.....g8^.S.._..&b9V.S....O....v..p?.Dk1VYD.w......]..a4...4...+.........L...q.w.,.0|.}...L.).4.a...J...m..L.`.[.J92...v...>.i..........^X..l...du..a.d.0....X..S..n..0E....h...~.$l..c.+uiR..=)..m......r.}..E.....z....lY&...6.[/.m.-...v..3......b.I%S.W7.y.C...?.!..Y.i.u.+...r......W...5...\]0.o.ft.]........x..c.v#,.......v...[..;.........8......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:GIF image data, version 89a, 24 x 24
                                                    Category:downloaded
                                                    Size (bytes):2545
                                                    Entropy (8bit):7.142191857408522
                                                    Encrypted:false
                                                    SSDEEP:48:H5vqZ5vmZv9Cd9c567nXCp1MWBXpSP+km6dAuzvdEKP:HxYJndGU7nyp1RXplkHdAiv6
                                                    MD5:FAA74E8C61FC64D5EDB11613C7EEAD2C
                                                    SHA1:E043879D3EE94A3EDF10260F21F44BFA4A6FC66E
                                                    SHA-256:483C4A0396691993A641EC409C44B8B7E1DAAB0AE7E2B2944C4BC59520BB7655
                                                    SHA-512:451DB4141333FE6561E6259352B6259F80A2B080380D48117B693CC1EA1D6F3CECB5F4A4493AF11C734989E4096B01BAD2B31E47D2E13718628AC254C4DEB70E
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/loading-icon.gif
                                                    Preview:GIF89a...........................................vvv......hhh..........................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,........... .$.AeZ...<...Q46.<...A.......H.a....:....ID0.F...a\xG.3...!...O:-....Rj...TJ..*........t...........~."...ds]......)t...-"...i;H>.n.Qg]_*......R.3.....GI?.....v$...j3!.!.......,........... .$.0eZ..y..0..q ..P..W...)";..qX.^..D50......<H3.!.....k-.n..a. .(.i...d.$P@y.w`.J..#.....?..y........o...g.....f....'8..{..'C.p`j.n."...2.{.`x...jy.4...C,.4..o#n.$.....!.!.......,........... .$. eZ...$.2.....q....E. ....p$H@D/.....G.D.j8v#..P((D..... ..N.(3..#.y....(@...gUx*.kK.).....?K...............$..."....*.......K.....W......x..?.G...#.W....n.h.K,.....+.....*!.!.......,........... .$ .eZ..Y.$1..Q(c......O'"............. 1....q.d"..A.....V.x8p..4988.MRC.@....e*.3@.iI.)..'.?I.........@.......,.....#.........5..,.....".E..z...?..@.E...@.....).....*!.!.......,........... .$.(e..$....C.E1..;...('2$..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (12653)
                                                    Category:downloaded
                                                    Size (bytes):12815
                                                    Entropy (8bit):5.029668990027626
                                                    Encrypted:false
                                                    SSDEEP:192:/eQIcN7iNqKiR/V/446Mw58wVsprWtAK7KF7Fg1Y06MbhVITrvq8IT9wrwv0263+:0qJ/V/8u81kT197noNVZV4O52BCv
                                                    MD5:1537689EAFEC06B9043FA38B0615B12E
                                                    SHA1:3A75587EE66E1DAD9734329915E6885167EB321A
                                                    SHA-256:846444F249FEF8D590D95C29509AADAABB9501D19CC91C0447C520E494355FEC
                                                    SHA-512:3E2FF90CE7BB50B1D6B69AF7B57D5C0448FACC883D740914027FBA892D8F79CB6862D5459E922A828A5F2EF6B582EC97BEA9AB3A8F13B2D1804402783C3AA6E5
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/css/sm-extend.min.css
                                                    Preview:/*!. * =====================================================. * SUI Mobile - http://m.sui.taobao.org/. *. * =====================================================. */.photo-browser{position:absolute;left:0;top:0;width:100%;height:100%;z-index:10500}.photo-browser .bar-tab .tab-item .icon{width:.7rem;height:.7rem;margin-top:-.25rem}.photo-browser .bar-tab~.photo-browser-captions{bottom:2.6rem;-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.photo-browser.photo-browser-in{display:block;-webkit-animation:photoBrowserIn .4s forwards;animation:photoBrowserIn .4s forwards}.photo-browser.photo-browser-out{display:block;-webkit-animation:photoBrowserOut .4s forwards;animation:photoBrowserOut .4s forwards}html.with-statusbar-overlay .photo-browser{height:-webkit-calc(100% - 1rem);height:calc(100% - 1rem);top:1rem}.popup>.photo-browser .navbar,.popup>.photo-browser .toolbar,body>.photo-browser .navbar,body>.photo-browser .toolbar{-webkit-transform:translate3d(0,0,0);transform:tr
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, baseline, precision 8, 1920x637, components 3
                                                    Category:dropped
                                                    Size (bytes):333706
                                                    Entropy (8bit):7.966680312301619
                                                    Encrypted:false
                                                    SSDEEP:6144:0Ah/a2l8CsbgFvM7mMJBbOsWalsFDlfwU/QMvNrJbHIpCD17jamuc85HLpef:0Ah/a68CAGsBrZlL+QKbopk72mqpef
                                                    MD5:CA446EFBD89FFF911588932B5644D6AD
                                                    SHA1:73F60D18E7AC646200A004D1344CDB1D7C3F7A1B
                                                    SHA-256:A45DBB1B58E5684612B62FA71655F684C2524591DA6F87F162A78E6599CA4724
                                                    SHA-512:9EEC0EFD3787B057B2342FA3F3F644ED2BABE7258EDE5680E9058C45D13B5A1B80E0E8097395C536B3CD622B46C18537D666CDC57D521622E8021F4642ABCC75
                                                    Malicious:false
                                                    Preview:..................................................................................................................................................Adobe.d...........}.............................................................................................!..1A.Qa.."q..2....B......#.R..$%3b&4Cr..56DSVe...EFTUcdstu........7fg.........'..8G.......................!1.A...Qaq"2...........#3BR..STr..4C$b.D...cs..............?..n..........<.......SQ:..s&-t.+R...I%.1.#.h|.M.z...\.........M._..G..<.G....!......?..R...\L..C<.C..._...Z....K...0...3..8.....N.....R....d.....)...c..I8.....V...'...E./..............]..8d......v..a.....?...~..H.!.^"....-....}...e-....2G..;....x....>....i?.p...3?........?....2...7......q.....#...?.Rj_..c.H.".~&......|.._.)..P.......O;?-....}.......T2G.......g.x|...........$|...C...?..E....2.......E..C..;?...>.7...?....#..g....v~....Q.......(d.....o.w.....p...>...>....o.w....>."...H.m.u.H.!...;:...p......t.7........a..g...'....]&...2G..3.....{..x|<.......>.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 38 x 33, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):352
                                                    Entropy (8bit):7.094605541717571
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPCYfRFHzd4UCtxdJzwMANzn11VEb6KumgkHZPUkV2LasRzTinSsup:6v/7KYp9FCJ9wr1ZK/gk5PPV0Hzunfc
                                                    MD5:EBCDAA13B86EDC7948EEB715B44CB736
                                                    SHA1:D9DE7CCFCC541C4207F976FD0F342D261B1E2E46
                                                    SHA-256:0E1F25C95EEC44A263F4C9E42B98C7EC83E74D457537FE6A3EB0BCB4A121CFF0
                                                    SHA-512:AAFFD5A1F39C9557A2938BA1D4AF616F59BD85CD0D7A294B5DABEEE2206D184717506AAA8B655F935AAA86EC850A829DE446E6B8FE329A0DD73C43E29A9B8D87
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...&...!......8......sRGB.........IDATXG.=N.1...M.DA.(B$z.~$.1(.C:{}..^.........m......x~<.!..x.0.Ti...=..{$9.jsb.5.{t]wO.MD.D.0U.Y(......9....`...\.1.#.N.;A'....I...?..._......>j8*.q.p>.c...*.Y...m%..n...c*=Q.NIN..+9,rc}.i....dah..+.|....\.y.L..RJ..8n.|{(....|..zy..6`.).u.....bC.ED....3....<...Cv..=..`..U.k.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 5375x2617, components 3
                                                    Category:dropped
                                                    Size (bytes):7731686
                                                    Entropy (8bit):7.983556952642901
                                                    Encrypted:false
                                                    SSDEEP:196608:GnuFhxYU7Q2lygWvyluyH+u60oiC3ovlF:ZjYWAB6luQ+uXc3odF
                                                    MD5:229A89CA202E393E386E10C8A3B6DC3C
                                                    SHA1:692889BA7F8A8A7C0D7DF3AAD9D6F5A898A21CE8
                                                    SHA-256:1BDA524EE705E56865245EDD1EB7E254C1E540A01F60AC7208D5313F5552FD89
                                                    SHA-512:EE4EFF47A2D7EE3A0167DC190A8AC10538CA84EDA1FF1BA1B3897C3A03A3F033892F9C555B1913B9C4C37F63D706AB0DDD23701CCFBFB49A809EF4EEC63D6D0A
                                                    Malicious:false
                                                    Preview:......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................9...."...........................................k................%......!"...12..ABQ.Rab.#qr...3......C...S.....$cs.......%4....5..&Dt.67Tu..'(.Edv8FU.e.....................................[................#....!...1"A..Qa.2q..B..#R......b..$3..r..C..%4S..&Dc..56.'Ts.EF..(7Get..............?......Q..+ta...x.%..,_v(gH....e7+I...w..h>.3.....E..a.&.yb...O..W..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x369, components 3
                                                    Category:downloaded
                                                    Size (bytes):182502
                                                    Entropy (8bit):7.982879682415068
                                                    Encrypted:false
                                                    SSDEEP:3072:s2RzLAlF24lm7mYPW6Khw0qngN5pHfRIIjGFqJDohfhvy5cyV46Vu4QSS6:swaF2l5ODw0qcNSMMQnJQSS6
                                                    MD5:DD88EB52F743FC525A3BB876ABA223F4
                                                    SHA1:1A2D05A75092E9AD2BD9518E61C5D2D3E635038D
                                                    SHA-256:8E060026632CE8C29AE22E3E05F43186FE95C87F27E51CCF8568C24836AF32E1
                                                    SHA-512:AB6360EA6A6EC943A65F83641C116BE78122D76B807FB24C2F5133D22C2B94F6C9000AF6BF2ABCEE0D228057C156651731E7A56BFE5AD97D89B663818615E05B
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20244/50B7704D8395F7BC47AFEBD5B975C67F.jpg
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:E76C68A0FBB911EE80E2B560011BD531" xmpMM:DocumentID="xmp.did:E76C68A1FBB911EE80E2B560011BD531"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E76C689EFBB911EE80E2B560011BD531" stRef:documentID="xmp.did:E76C689FFBB911EE80E2B560011BD531"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):5.867260873571151
                                                    Encrypted:false
                                                    SSDEEP:6144:Veh1zg9TJYtbqXZds1QelG+347Dv9AkZqGGxYqKIOVizEO7V:cha9T+4d22DvakJiKIOoR7V
                                                    MD5:63D5E1FFC295ED0A109E96BF79CBC7DA
                                                    SHA1:080900FB5710F45ECA094A38D77CA1584E775BD8
                                                    SHA-256:EFB11CB182E11A3CF539EA0348423BA3FB435A63AC407013D923751E009CB010
                                                    SHA-512:92EF1FA42C5CAA692079C340EB7CC12933FCA02F27B806AEF2A4CCBA2A3E9384C86EEE7DCF068CFDD96CB32C450F5664B800D282CB89415BA90CA672349D12BB
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S1d3be5ac560a4d1eaa117ccaba35144b-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):2776
                                                    Entropy (8bit):4.7877242254425445
                                                    Encrypted:false
                                                    SSDEEP:48:c4AlfEtrhdZZdG8P6ZgU2B2yTl9b6f8Q1D/mXyHZsqg3WZNy3ZNimNanUH/+dT+5:slfYFdfk8P5Tl9bg8Ql/wfWZNy3ZNimf
                                                    MD5:7EC750C754E782783199B33355DF2968
                                                    SHA1:E97FA577A639761BF3196015B5D128E2FA1AEE4F
                                                    SHA-256:AB4036B339ED8D8CD60BA53282E1A6FE2A7CB2C32D77061B7FB50DA64B94F149
                                                    SHA-512:77D62A0D8B66DA2E8F6BD19301E127D9A00B0C4CD02EC2ADB87B98ED85CDEF16CF3CDB8BBBF5A2911A821D69AE871F65EB3327B055A31FB1D379F5191D98CBE4
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 21.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id=".._1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 48 48" style="enable-background:new 0 0 48 48;" xml:space="preserve">..<style type="text/css">....st0{fill:#45B035;}....st1{fill:#FFFFFF;}..</style>..<g>...<path class="st0" d="M24,0.5C11,0.5,0.5,11,0.5,24S11,47.5,24,47.5S47.5,37,47.5,24S37,0.5,24,0.5z M36,34.8l0.6,2.3l-3.8-0.9....c-0.8,0.2-1.7,0.3-2.6,0.3c-4.6,0-8.4-2.9-8.9-6.6c-0.4,0-0.8,0.1-1.2,0.1C19,30,18,29.9,17,29.6l-4.7,1.1l0.7-2.9....c-2.4-1.7-3.8-4.1-3.8-6.9c0-5,4.9-9,10.9-9S31,16,31,21c0,0.3,0,0.5,0,0.8c4.6,0.3,8.2,3.5,8.2,7.4C39.2,31.4,37.9,33.4,36,34.8z"..../>...<path class="st1" d="M30.2,21.7c0.3,0,0.5,0,0.8,0c0-0.3,0-0.5,0-0.8c0-5-4.9-9-10.9-9S9.2,16,9.2,21c0,2.8,1.5,5.2,3.8,6.9....l-0.7,2.9l4.7-1.1c1,0.2,2,0.4,3.1,0.4c0.4,0,0.8,0,1.2-0.1c0-0.3-0.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1432 x 260, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):63028
                                                    Entropy (8bit):7.769644039646089
                                                    Encrypted:false
                                                    SSDEEP:1536:FRzIHwdwVtdGUYaqaovchr8n8GNeJA57QhCY:rIHwdwVhYN9vBnXox
                                                    MD5:5483ECEE9A1AFA60E09698E1B57A793D
                                                    SHA1:D4E8C09B900B4571DC28458F214712C71CC10C79
                                                    SHA-256:4A7F4536A18B7E488B71FDC0F0C77DD75CA435A1D7EBA8B785EFD245A3BB7FD3
                                                    SHA-512:88C78794A0B5DC127BEE792D4B837E4E9ADD2506E0552575EF57BA79B4F9BA43D8C6406227C474DF31E9B7D40DF5D072B7B07942BD5F5C7FB830021EC2427951
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20243/cc025123152b46b3af5427dc4af0f560.png
                                                    Preview:.PNG........IHDR..............FQ.....tEXtSoftware.Adobe ImageReadyq.e<..OMiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/" xmlns:xmpTPg="http://ns.adobe.com/xap/1.0/t/pg/" xmlns:stDim="http://ns.adobe.com/xap/1.0/sType/Dimensions#" xmlns:xmpG="http://ns.adobe.com/xap/1.0/g/" xmlns:pdf="http://ns.adobe.com/pdf/1.3/" xmlns:pdfx="http://ns.adobe.com/pdfx/1.3/" dc:format="image/png" xmp:CreatorTool="A
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 87 x 87, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):11403
                                                    Entropy (8bit):7.972104400841308
                                                    Encrypted:false
                                                    SSDEEP:192:dS0XGIVlKWoEguzMgTUY2Ro14EoWHVnmTVHz+Qq4Xuxjobu7A0gpbPDKlmvW2Eqb:ZDVlRIMa2Gz+smjoympal8G6
                                                    MD5:BD57659A1BF20BA94FDB554861F4CBAB
                                                    SHA1:D1E99839670C21784A65983B0561C960BA7C2C6F
                                                    SHA-256:BD465B47DF6F97296E29F6CF2FB96C0AA43CE02E1296461150E376E1A3DEE44B
                                                    SHA-512:134A56B306DFF8710ED9D22C24307E81ECF3CC8F896B2FC52AEF4006A3C63FC930D728A82CDED6064AC069F289F50064BA63C455DE75EAE456F2E67548D52318
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202311/1f50fac8564d4671a7a5eb70cfdc9051.png
                                                    Preview:.PNG........IHDR...W...W.....q..l....sRGB....... .IDATx^...T..g...U..I.*..TrNMT.D. ..&D..QD.DT2.d.(... Q...M...o7.n..n....7..`t.s.^{.................c...].A.1......W." ..k......w...z........s.[N..7..Q...'.A.o.<[.fdd(99.O....*88X....4...*((.}.s...|.....s.....(==.}/$$..w<........&))./;.3...p.[......y.X.}v..3.}..4k.L...s...9=...2c...~..n..._.~.<y.......M.>]...w..;g...o........=.`c..c.=..........5h. =...z...5e..=.....+.....b.^.X....;.-,.....\P...4u.T._.^.;vt...|m...+..+W......7!!A7.t...:.V27'..}...j..8Fdd.Z.n.y..i.i....i.....!....w.}W...t... ...^..C..3.8...........{.y.}....8.2.3g.S.N...a\...;..U..|.r5l....~%@.|...:...O....q...u.7:.b.r..I.....{.u..b...}........&.iS../..Ro....4i..Z.`Ag..>v.X.rP.q@..'5d....3....H...qG....O...*P....*..9.g.V......!.U.^=7./......[.L.|...F.... .yz.....t.._..7V."E.q9~... *T.......V.R..A..#; he.f\P..@m.-=.eRm.u.."1.q.......h.........../...^xA.=..{.A.|.I.q....P..0.FGG+>>.Q....t.Rg._..[Wk......f.l.].
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):674
                                                    Entropy (8bit):7.5971378965380545
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iTAuFwa2cYN7N9PjHjNvm7NkP+IgF7a31pB626YsxgtjA2H9fruM7:7FN2xzhFMNkPfgO1pBoxCRdrZ7
                                                    MD5:FE404F2CB26549D8DFF60B40DE75871E
                                                    SHA1:EBCA557295CF6A72C7A3311E48AB0E9364EFBF82
                                                    SHA-256:ECD6300591DB1445FF624D69F43A3579B603E8176147D55694D955E3C0629212
                                                    SHA-512:221DDD074B933D98EACC0052A34D8264101F5DE8499430E465516A8B9B8BEDB96CE9524E49D075CCD4355A80F2538DFDD428B0DCEBBDC798EC63EB1CD77D7DBE
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........\IDAT8O..M..U....5mPJ .6P...QAB..A.....?.;..V(.8q...%..S/..IQ$d.((BPD.hb..`..!J....sY..}9.........k...]...;..W..31..]./8.....0...H.nb/c'~.g......k.(..G..M0b....a...c7w2..8.#x....`BN..x........p..Wb7...L.I|...j.....d....XT)?_._`)~...aD...D...q...)...x.o.].Y./...c.&..^..<......)R<....\.:V..L.o...Z.'...c1f....!..&...6.........a.X...T)o*O...n.N,..U....y.,..k.....f.n|.....{.|;^......RA..fW.....v..8..+.s0iL.y.......X.,..C9.....l:..f...=....z.]lZ...mQgOpy.S...*..~`7X..bI.\.>.:Cdo.6.m.T...%..I.?.......TA._V"..7..1.._..?.cx.a.......L...G;.R.....V.s.8..o...O.}..^3..Vul..w.l^..+ X...F...6P.8.._....~......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):104
                                                    Entropy (8bit):4.533225571042071
                                                    Encrypted:false
                                                    SSDEEP:3:C37IKHADMCKOLS6U7XRMGOuAy6s/Fw/LAXNMv/YMyn:C37IKHA4zOiRMG9tFmAA/YMy
                                                    MD5:FD3C8C676BB6CBE8E3B40B73FC981208
                                                    SHA1:8D0876A2D4C07F0D9E626399F5938629B5E23A7C
                                                    SHA-256:FB621084C406675CFC91F1A8B9480EF8A9C2392336AF7DE23C34EF660367FFBB
                                                    SHA-512:DC64991857EC48188C75FCD63BFCF15DD5294AC5DBCDE53F42F314259D8928A1A5452BEFF2428D1EB554BB417879368FFD92CB51931A11493FDB8A366C35F73E
                                                    Malicious:false
                                                    URL:https://www.ccic.com/plugins/libs/articleSlider/articleSliderLoad.js
                                                    Preview:if ($('.h-gallery-native').length) {. require(['articleSlider'], function (e) {. e.handler(). }) .}
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):174
                                                    Entropy (8bit):6.328073168725834
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPl9vtJK6PtQAmlFDamqtQVZXhVZmUReBY6y5TqtoN1uQD4CKEloeQkw:6v/lhPO6RmlFGNObVZJRbBNqtoNVNQkw
                                                    MD5:97676EBB2225309AD15BA193F23F7FA8
                                                    SHA1:0193CEBC494FACB8BA8733A1A8F50457E7189F56
                                                    SHA-256:0A281D912535DFD0A663182D7E9DB5E6BCD9CA699AAEFB489CE0E313F990D666
                                                    SHA-512:537C09DC06FF1865D2002DFE8140553FEB97CC2C76A78BF89EADDFEAFFDED2BB8606D1B2E651F49D9B994607413C54305EC589AD72788808DED6C6D80C547DC1
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-bookmark.png
                                                    Preview:.PNG........IHDR...............7....uIDATx.cb .....C.....c0|C..&0.C.d(...1..A.t0.\+...t......L3.v.8v...?h1..&.M....b..c.........oY.9v....2.......M.g=.....y.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 60 x 77, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):981
                                                    Entropy (8bit):7.718026638879048
                                                    Encrypted:false
                                                    SSDEEP:24:0cmCp1T4BZ5EQ8Yx/S/OceDYn5L2fBMY1:0cmUGBZSLzeUnd2yK
                                                    MD5:4E7AAC541A0032FB4EA619FC5BD850A6
                                                    SHA1:832DA898AF3ED8DD878069AB1F4BED00B8C665BD
                                                    SHA-256:D167EFD043A0BA57F0C1DDE2E8932D8D84770AFC3E68C5DEE17AD7731B130D05
                                                    SHA-512:44408CC4AA393E0839A682F43C111696CCAB34E59607AE17BE227577B767F7C82DCE168121B4D022D8019A448ABDC7FF281EC246B6A1FF6B89290FB8E03EDF47
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...<...M.............sRGB.........IDATx^.n.A...1v.C.;Wx...... :...cw........H......@LBn..u.^.....@b...;.Y.5..iV..3g..w..\.!hz.5.;.....N...l....}..Jm...`...w...<c..o.=.Z..\.~......+..Q...2p.~...t`...u....O...wBm....O...........#...~R.E?. u.....N......f.@....]y7....?...C.%...+o....~R..0.D...2./.]..s?}...x.%..B....s..?..D]+.....n~D.j............o...T&}./....R{. ...f.....l.%.z:5...................?qM...d.u..G.p+..A......h...2.^.`g.....W...Y-..:t.......T..........q......0.J.8.v...;.Q.;+..&.E)...6N......Y.bzy.L]U7.N.........=.99...V;YtE.&.=...{.(-.e.P..`{..........L|..p..lQ2.."S_D.c.)...FkU.(.mTx./..U.lO...n{>..8..<....=.......<?.a..v.bmOD.......J..m...^...%.q'.......-s`{....:.m-...x..Sxt..\.R.,....Yg......E)...6f.*b>l.nj..z^.SW..Z..n;QZFc.W........8...:.?lM.<.....'J.,|t.i.kT..(.-J10u......<a..mQ.;..um...b)..&....*8!;.?.j.{.a..5$.....`.....8<..?..........G.P4.n..O...{..b.../....>n=.a......p.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 800x519, components 3
                                                    Category:dropped
                                                    Size (bytes):102498
                                                    Entropy (8bit):7.9307302845176455
                                                    Encrypted:false
                                                    SSDEEP:3072:AJ9e5iXuU3i3Usurmv3y5LaxEtFoXRxWGvHqn5:V553U5rmvCBaxEnGbWGfs5
                                                    MD5:77A0BCF0ECEE73D7D88C768FA499CC8F
                                                    SHA1:FDE64445AF65769D94A8540E85BDACC478290F18
                                                    SHA-256:6790DA59C753DAD9F7B6A957117898728306AFB37ECA6189480001C49908876B
                                                    SHA-512:CDD91B7E5257395C37FB3AE8F5F07FD1A071DF3063E828F941A7ECECE005032F6C9D70DC9FF0AE803432DE33D56A64C43E90FAA8F046F28CB196277E554E27A0
                                                    Malicious:false
                                                    Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........ .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...m-........b.F@..1..0....A:...V..1.._&.{....-......j..o...v>.......t.......z.ols.X..+j.....:M.........I..4.\F1........w.......ME....m..%..)..;1?.....(......r.6,...........9).?..u..i.OAq...........#...UCD.-......uV.1...*...Ar=&|.f......KLC.h...e..*MSI...........kn...G........=...].:D...)D..1mt........{{..K.P\.DF9.|...[)....5#.._L.7:.....#...ua...cM..:X1..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x408, components 3
                                                    Category:dropped
                                                    Size (bytes):131382
                                                    Entropy (8bit):7.963767014116794
                                                    Encrypted:false
                                                    SSDEEP:3072:pXJq+VnbHHk1QE+0LnQCJCbQkNTV1KcakYh2Fa:RJ7bHE1X+0sDbQkNRNa5h2E
                                                    MD5:B63638BD19301D670E908C0B86D5E681
                                                    SHA1:F036922B5C9CBBCB2E230DCCA490476446038CB0
                                                    SHA-256:E2636E3C071857868215F7EA7951D421C862955B3F752CA06881DB775F2C1600
                                                    SHA-512:635B5E0FD4C911D812BB13A2F3C03EAC4093AD6D5A99E7845A9DA53A6BC555B7E8A5331B9B8C556E974DFB4839C6B77B7AE1204680F4938A01E9D92A94940AAF
                                                    Malicious:false
                                                    Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..c5h'...J.....~]........v.D.I.m........}9..{t.,.....l.B....G=......vT.ay$..........S.6........7\..K......9d..'...:.j\.7+..mSz.W.Mw..|...s...ta...a.G.Q....,.N..._.../.|z.vW.C......w...>.$.#..:....4.....x...T..c.0x.........\..zZ]..%..j....+....C.Fx.8...*...kQ..\..I.w5g...i}7g...qK.F.\...F.....i.......}....$....O.y.l......O~s.....5.|k.....r.s..''v....z.2x..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (11013), with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):11422
                                                    Entropy (8bit):5.64307632029077
                                                    Encrypted:false
                                                    SSDEEP:192:j+K3b+EH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2k:jNytnqflKFgEWulE8REcS3j/CkR1Xh3
                                                    MD5:CD674D9E02F20426D9ACF1D11C85539B
                                                    SHA1:74AB51A432E33698A7A627F05BAF749472B72CC3
                                                    SHA-256:496BDF2635C9F9494F51D0BA63C8A43E5B6DFB7C88B4426E6A56F577D945E3E9
                                                    SHA-512:C43C020DFB8B13C2560FD741F0FB110921657E4981C98256D5816E30470F29AD7CC43D86BB3D382CF394D0E9C842448972B30C88CD6B70FD0E45C3C954DF1914
                                                    Malicious:false
                                                    Preview:/*!.. * SuperSlide v2.1.1 .. * ................. * .........http://www.SuperSlide2.com/.. *.. * Copyright 2011-2013, ...... *.. * .............. * ........................ * v2.1.1........SuperSlide....returnDefault:true ...defaultIndex........ */....!function(a){a.fn.slide=function(b){return a.fn.slide.defaults={type:"slide",effect:"fade",autoPlay:!1,delayTime:500,interTime:2500,triggerTime:150,defaultIndex:0,titCell:".hd li",mainCell:".bd",targetCell:null,trigger:"mouseover",scroll:1,vis:1,titOnClassName:"on",autoPage:!1,prevCell:".prev",nextCell:".next",pageStateCell:".pageState",opp:!1,pnLoop:!0,easing:"swing",startFun:null,endFun:null,switchLoad:null,playStateCell:".playState",mouseOverStop:!0,defaultPlay:!0,returnDefault:!1},this.each(function(){var c=a.extend({},a.fn.slide.defaults,b),d=a(this),e=c.effect,f=a(c.prevCell,d),
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.54477185636372
                                                    Encrypted:false
                                                    SSDEEP:12288:upROAq3gF8rwxtjVttSwjhPGddddgn/3xm/V/7hCHYQ/q9KvFv:upROAq3gysxtjVttZjJGddddgnfxm/Vi
                                                    MD5:79DE7310205BC8ABC0827132BD35D431
                                                    SHA1:CB222ABBF82F2F77E8357B48D15D92ED6E193376
                                                    SHA-256:21ECA1468F3C1A3EA525A275FFE293DA30222648DCA68480AF1F987E98363F00
                                                    SHA-512:53559AF3FAC51598233F4FDA7E5F6B8E66DD66D1E0D2E19952B9BB5A3533EFB90AB5A5D8BD6ED69ACF77970BA273ED8A5194173A7B83D41C6206FDF950733CAD
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S9132d27806bf4046b3fdc5d45fe79e7b-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................e..wJ..wD..xD..zG..{J..}L..~L..~L..~L...M...M...M...M...N...N...N...N...N...O...N...M...N...N...O...P...O...Q...S...S...S...S...S...R...P...Q...Q...Q...Q...Q...P...O...O...O...O...N...M...N...N...N...N...N...O...O..~M..wH..sC..n@..n@..lA..k@..j?.}i>.{g<.zg;.|e<.}f>.|g<.}f<.~g:..k=..qB..yI...R...W...Z...Y...W...U...W...Y...X...V...L...U...V...W...Z...Z...Z...W...Y...\...\...Y...T...L..wC.}b/.mR..x_&..z@...d
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 380x160, components 3
                                                    Category:downloaded
                                                    Size (bytes):72598
                                                    Entropy (8bit):7.969601362802776
                                                    Encrypted:false
                                                    SSDEEP:1536:1lsG6vL/J34VQ/4UXpZzVR0B3bjsuiWgcEhK8qIeetqRAYJZmpq/Q:zEVMQAIpZzQt2c3Ve0ZS
                                                    MD5:8FA92DB60C8730B68855F5871FC0B7CD
                                                    SHA1:9F67155FDA265188614637BB2CB95977CA62F9D0
                                                    SHA-256:0BCA4E31DC80B54D89CACA83C77D480F360B4DE658D1E6ADE52EEE5790EE3075
                                                    SHA-512:73689674ED665F7C2B04157450C0F79ADB69D41DFCD995B989A2242DACBFBB0C11D2BC52EFA6A06E7C818F45DC31E1BEDCBC2DEC560BBFB33E76A278A1E2796E
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20241/3ba15a2d889b48c080d67cca2713e96a.jpg
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:9B91D1C7B05D11EEA730E5A195321C46" xmpMM:DocumentID="xmp.did:9B91D1C8B05D11EEA730E5A195321C46"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9B91D1C5B05D11EEA730E5A195321C46" stRef:documentID="xmp.did:9B91D1C6B05D11EEA730E5A195321C46"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):88
                                                    Entropy (8bit):5.1191096083864585
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPl9vtJK6Pt6shZFaRkpJsrN+3hlH1p:6v/lhPO6Phr3hlVp
                                                    MD5:E1256CCD98A1865848FB957009E6F7A9
                                                    SHA1:63A719D5E6A708A22014F20ABC0722CD54FFB0F6
                                                    SHA-256:BEA530F1AC565FE3B95BE3D4599508B9947FA6EF50114BC33216802342FF5187
                                                    SHA-512:76E02A0294473D7C62BF5E8D8373B40DBFDEC859BA1ADA0C36BEA2F7891C9866A61DB519D5E45D4736F95D2EB9885596CFC38AA62688660DB1069374C38763D8
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-zoomOut.png
                                                    Preview:.PNG........IHDR...............7.....IDATx.c.Q..;,....../aB....X.0..[.3.v.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 10 x 19, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):393
                                                    Entropy (8bit):7.296770951568778
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7utP+b38KAj3Feb7W7lsVCdUvf7XvTAfIQNA/:7vjFebqCVg4jOI+K
                                                    MD5:253C7B15056DDFD7AAF52F40F08C8C33
                                                    SHA1:E05E37BF142955204E12C8B1BFBB501C3F681FA4
                                                    SHA-256:779D131D7BD335804E51B20FBF21476F81A97085791541B74777823AEA115E78
                                                    SHA-512:DD329A0DB9FF0144EEAF4DBE71A5E367953A48C7CB630050B9FA4A482E22559120109921A577C8E99F9454DC23F1BEC20EA3C3715E5D4C69B4AC2CE778A499F2
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/a74a487e7b484c6bac65f39dd3b93a6b.png
                                                    Preview:.PNG........IHDR....................sRGB........CIDAT8Ou.N.Q....,.H%..o$.Q..C..H.+0......DW.4j.9|.......A..;........?..O...<.S[...#c..i.......8..9C,.....=..R..)..BW...^..q.XJ^......E.r;9..m|.=.+|..R.p........%lp^.V.6....)..v.K.F..1v&a.iJ7..O...7'...^c}21.}...E.....L.of`......q~u..0+'=.>....z...=3V....o...7X...j.('5'.\OF.d.b...a..I..Cw.].j.O?....x.......L2.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x1392, components 3
                                                    Category:dropped
                                                    Size (bytes):195132
                                                    Entropy (8bit):7.978759071373553
                                                    Encrypted:false
                                                    SSDEEP:3072:jaErLI4JjiX5OQWpUtKOiR9DfAAwbY7jr6ouI/walROJ4jAOSbXYPGj8+ook1/+Z:uUIn5iYu73fRR040BrYPGj8+ooiPQvQg
                                                    MD5:57277D4546C3DEBDE3C17A403E0B3A45
                                                    SHA1:219458058A45FC3AC5EB8D8DAAC7FCDBEEE35835
                                                    SHA-256:94B4D26B43FCEA22B60A8D788F748794ABA3C5686D6F9330252F64E8F411CB98
                                                    SHA-512:9F9EA0D7D06D209D857DC4BC2A21A821A00D2B785C2A57DED194114F6ED51C6D379FF11097031C7FC7D157CFD1BBA9FBC89B01971F172D64C8D0E9E94E1E4A31
                                                    Malicious:false
                                                    Preview:......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......p....".........................................a..........................!1..AQaq."2....#3BRr......$CSTbs....%456Dct.....&U...Ed.7V....F.'....................................;........................!..1AQ."2q.4BRa#$...3.....S.5.Cb.............?..H..qO.!.\2........&...jD...\.+. b&.$...R'...'...DBT.. .....H......J...*P...#..nJ.....P.....J...S...#.v.].I.HM..a9
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):744
                                                    Entropy (8bit):5.01974530879063
                                                    Encrypted:false
                                                    SSDEEP:12:wQLFEjfBMmqOZPjGmaoMjGWao5jG05ao5jGSf/ao5jGfao5jGdBsmJdhy:Bg2OZPjhaoMj5ao5jZ5ao5jLnao5jiaG
                                                    MD5:3B9E4BCA8614A9818350345D488E44ED
                                                    SHA1:E136A113F24B042DD3259EEF244F03445B09E727
                                                    SHA-256:964642A8278901B61C9AB4F7F2F0621DCB2156AB4BAE7168B317BB8776454DD4
                                                    SHA-512:95B6D8F7466A8C6754B40F8EBFBE64A7529AF260864F0F25CB35EC5FC66E70B9DDD10C0D1F2F0C084702A3126FE660B583E74130AE0EAB1C7F392616C6309D3C
                                                    Malicious:false
                                                    URL:https://www.ccic.com/script/webgray.js
                                                    Preview:$(function(){.var starttime= -1;.var endtime = -1;.var ontime = new Date();.var onTime = new Date(new Date(ontime).toLocaleDateString()).getTime();.if(onTime >= starttime && onTime < endtime){. $("html *:not(:has(#gh)):not(#gh)").css("filter","grayscale(1)");. $("html *:not(:has(#gh)):not(#gh)").css("-webkit-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-moz-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-ms-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-o-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("filter","progid:DXImageTransform.Microsoft.BasicImage(grayscale=1)");. $(".global-header-box-front").parents().css("filter", "");.}.}).
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PDF document, version 1.5, 4 pages
                                                    Category:dropped
                                                    Size (bytes):1248174
                                                    Entropy (8bit):7.533742301531168
                                                    Encrypted:false
                                                    SSDEEP:24576:fefTlrD2s7HDtQNBSWcwDM9ypXzkLHkTO4yEH:fCTlWs7RQNkWlM9ypDqkTO0
                                                    MD5:E994456A2D34639CD0833A2B4A07692C
                                                    SHA1:CC67FD2B25D87A1BF02BD6F1B267E054D95A0CCB
                                                    SHA-256:115756D7CCC1B58588778119483DFD4A133DD1ADB6FCE82D3EFE49A25CE92B46
                                                    SHA-512:0F85B402386E4B1809971C031D51DFA453D653A26903207BC265A5F5665A7B0E4EA15FE9B84922B94A31383FF055E1FA25C3307B5ECCBA3B3F259BDC664E83BF
                                                    Malicious:false
                                                    Preview:%PDF-1.5.%.....1 0 obj.<</Type/XObject/Subtype/Image/Width 86/Height 346/Length 7178/ColorSpace/DeviceGray/BitsPerComponent 8/Filter/FlateDecode>>stream.x..]wT....I..^..V\@...]..b.UX......+V..XVw-k/X..UTTPA..A....H...&.L2!.&...s..p2.y.....w.....}.o..7..C...J.F<&..D=.......`P....`T..&..`T.."..`T...R)..f..")...R.QA.x..hT..uXL.C"@.O.1...mnm..I.`..8...a........f,h..S.@....VE..m.$.O.`..FQ.....$.a...L.*.....,.....S.K.P..(+.SL....!.K......(.....H..P.B..|....e.......l..^.%....f.......`R.............B......@...PpK.....h.!....a...`"&>L..b.(..L0 C..9....[.@5.rG..j}_..3Rc..g.y.[...N.T.....i.../...j.M%.?...0....5.........E.^...Pr0C5.&i.<.hv.l.....~z...\^.3..F.IU.2"t.}.4QNG.A.....R....qW.@.~W.=....z..U..!...G.b.H...H~..e....B........[%....(.l.'........9.A..)A..W..N.._M.*..9#..jw......UJ......G.1.......x$Q:....fq.....P}.....N,.^.Q\.^.JsJ..GO...P}....&.sV=^_.(}+..dn.+;.....y..t.2QP.E....C.*..@.@.!J..j...Q....k...*......T.....K..ww.....}`.....8.p}.FB
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 668 x 287, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):193679
                                                    Entropy (8bit):7.996439067344639
                                                    Encrypted:true
                                                    SSDEEP:3072:rhytE1hnPzijQNdVM53UCJqmhoounNGClBRMDt9oAXl7nXhbVbWicFAsnGYECT:rvPACk3PJ9UgClBR0tzl7htEAsGYECT
                                                    MD5:A0AB7B72BA583BB119400C6C01E1CA30
                                                    SHA1:536C43ED6188D386D8AA294046D913155F9A9CC8
                                                    SHA-256:AD84D46019CE7C9F2F67575A740853266E3D1B3D2B9B45316EA8F173140DFAF4
                                                    SHA-512:2136965C563A635CC9AFC0109D3C7BBAEB9CA0A132A7F2C08EBA74DC4036003058491418911C565A0CA2A5D562E6BC8CB35F429874D25E45DF4E911636DB8B19
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20241/f77561fc42ad4b7f8d6180c116d9b7ff.png
                                                    Preview:.PNG........IHDR...............N.. .IDATx^.k.eYr.v3...gh..mA. ..E......qC. .@.............2...^..du.t...r.2o.{..#V.x.}...........W.y}<...._........t.N...[.>.p.k.......q.s.../.?.f .O......?{&..GS....<=...[)...........V.".h...^k.O..#.......K.q^}.=.:..#.*.U..r...x4g.......kR[a.4..w.w..{.9R.......g.Z..d.H/Zg=.yX&.c^.7.~.p.\.iDwF5.uk2u+.......Z....v...s...>.._.f...q..........$.=.x..@...h......@..&1...8.;n<)..1.&.... ..n..I../j....B.y]=.n........(.#.....B?...Zo(=V.2.....4..J..X...@.['....D....ZO...W...%.....Z...et.hK"5=?M.F..O1p>....xc.~).U.+U..@l...]...e.^t.o.7P..(.....pl.u?..PvMLH....]+.5.pm<"~...~P.IN...].O...f....Y.|W..../ "p.^g..-J..........$poz..ds.....3../....i..a[....~..3...L.1.7|.=<..p.=.v.NB..p".QH..=.M....N0./..WL8..Af...t.....369'.!5.B8.r.N..........B..S........].52.....gQ5.. .2....".'K...N.........m...s.;6...U`g:<J..V...4.q.c....A, eC.......v-[D/...3H.d.......T.m.P..C.|:..,Yf.9........xv...*..Of6<.....T;.m.C...O9vF.4.FdS...fl..{]
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:assembler source, ASCII text
                                                    Category:downloaded
                                                    Size (bytes):59822
                                                    Entropy (8bit):5.090132288290159
                                                    Encrypted:false
                                                    SSDEEP:1536:0B0BMgN7oQScK7DVgUfBHevH6BULHYYX/WT:0MNMQScK7DliHnHrXw
                                                    MD5:D83AFFD2586A5F58CCEF89D67DDA1A8B
                                                    SHA1:F2FE04A8440D9D7886BAC307369843BA880E4F98
                                                    SHA-256:9B42B4BE381206A3C8C2F512A063E1E7598543CA84A853C70DB279880E8854A9
                                                    SHA-512:B45307622B95D96C5B4D7910BE39959BAB23BCBF1EA7C3011EA5E13B7052FAE55103FA82D1EC102EAD9DEA3D68439F2CF02156A789BD963BDF7D030F598A981E
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/viewer.css
                                                    Preview:/* Copyright 2014 Mozilla Foundation. *. * Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. *. * http://www.apache.org/licenses/LICENSE-2.0. *. * Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. */...textLayer {. position: absolute;. left: 0;. top: 0;. right: 0;. bottom: 0;. overflow: hidden;. opacity: 0.2;. line-height: 1.0;.}...textLayer > span {. color: transparent;. position: absolute;. white-space: pre;. cursor: text;. -webkit-transform-origin: 0% 0%;. transform-origin: 0% 0%;.}...textLayer .highlight {. margin: -1px;. padding: 1px;. background-color: rgba(180, 0
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.606014465288503
                                                    Encrypted:false
                                                    SSDEEP:12288:wUmzrhlp2a8JRHCHPbI6gQwgxEd+7l9g46FfC0:wUgpr8JMvM6gbkEkj3Sq0
                                                    MD5:6726F9569707455825B84FBDEC3E38CF
                                                    SHA1:2BE5247DF18970C9C339075B1D40931C2195E02E
                                                    SHA-256:925462ED51D975A864C988EFF713B7E8CA0DB360DF245A3F004BB4C0E51F8B7E
                                                    SHA-512:3DCF4FDF991743AD6C58341C2D7CF841C26BC2817E0422A2CF667E9B679D46796B2F039ECA61FB1082E201644B95CDB2365F5650524D6B5FC9926446CA375250
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.kyM.|._.juU.^fQ.bj[.gof.dmc.iqf.u~n.u.k.r.d.v.d.z.c.n|U.s.X.}.`.t.X.foN.KT<.LW>.alO.q}].x.f.s.^.{.d...v.~.m.s.f.bpY.UbN.^jU.v.g.qx_.KSB.]fX.fpe.]h^.S`V.\i].htf.IVD.^lU.n|a.y.k.RbH.EW?.ZjQ.n~b.n._.r.a.z.g.r.\.gwS.^oL.SbE.[iL.o}V...]...[...e...n...f.|.\.s.].r.].|.g...o.{._.r}S...h...u...p...i...m...r.r.X...m.........w.d.isZ.u~f.nva.T\L.RZN.V\V.CLG.BKF.RYT.kqj.bi^.cl_.lvf.oxg.clZ.y.s...}.^l[.[iX.\jZ.YfY.\i_.and.Yf[.myn.y.y.u.v.ane.DPI.GTM.KXR.amf.{...cof.UbZ.GUL.JXN.^ka.^ka.cpg.gtn.MXV.BML.DPP.S__.NZZ.COO.FRR.GSR.NYY.R]\.Yec.myw.fqo.R^\.NYX.Wca.dqp.r...q...iw|.apx.hv..gv..lz..l{..r...t...kzw.l{u.etm.\kd.bqk.m|u.l{t.o~w.p.x.Zic.Sb].crk.m{s.cpi.TaZ.TaZ.R_X.Q^W.dqj.q~w.q.x.n{t.lyq.u~x.jsn.lup.gni.jpl.dmh.gmi.u|x.pxt.nws.jtp.mxt.o}x.m|w.iwr.jyt.p.z.kzv.l{x.gvs.cro.jzw.s.~.o.z.r.|.x...r.z.[ke.l|v.x...q.|.w...........................w.|.s.y.................................~.......~...{...izr.v.......{...s...q.~.s...........~...x...q.~.jzw.x...w..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=20, height=3648, bps=254, width=5472], baseline, precision 8, 5448x3294, components 3
                                                    Category:downloaded
                                                    Size (bytes):4005014
                                                    Entropy (8bit):7.97656772295358
                                                    Encrypted:false
                                                    SSDEEP:98304:KcP8Ih2qBpGLpkkK/aJLt3Iq05PaaQ2S6YXWs4pI8DpI2AbcMaLNc:KcEIYWpCkk1ZN05g4s9s1MaLNc
                                                    MD5:FA7A4BEDF261BBE4E59FFD25795DBA36
                                                    SHA1:962DDF924541347498582245DBB61B45844C4A97
                                                    SHA-256:2F3070100A9D5C858DCB76D4606FB25CA0832947A0A0EF404BAC9551D869A980
                                                    SHA-512:6F3BD0991AFA02973DEAD14422E60C963D5164C3FA7C6116B3C0FA9BAD7E2DBE313F71DB94C52884B7A29CC4986EE7390E87CED5CE55E81382B0759D83A41E39
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20247/eb309cf6e9594c32b1da3a2359fbe99d.jpg
                                                    Preview:......JFIF.....`.`....".Exif..II*...............`...........@...................................................(.......................i...........%.......<...0...........2...........................................$...0...........1.......,...2.......:...4.......Z...5.......x...N...........H.......H.....+00:00..+00:00..+00:00..434029000514..........,.......................EF28-300mm f/3.5-5.6L IS USM..000021210f............................"...........'...................0231....................................................................................................................18..........18..........18..........0100........H.......................*.......................".......................................................................P...?........`.......`......................2...............................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 399x170, components 3
                                                    Category:dropped
                                                    Size (bytes):18315
                                                    Entropy (8bit):7.926823763752089
                                                    Encrypted:false
                                                    SSDEEP:384:0wBk9ASNGDIXoLVc2nsw8yaWgJoFQ0+WzTJQ/ytgVBLBns6O:xBk9AumIYJsw8yaWK0+a+/y+zBs6O
                                                    MD5:3AC18860B9441802C181034D1B276791
                                                    SHA1:64E076FBE04F9C5621953AAB4B8F052A5DF0F297
                                                    SHA-256:375973FD45A53148B351904EB9842974B7FFB686451E0377890A0DD3B56A0ED1
                                                    SHA-512:C8FC18DB4AAD59435A50A479AA9BA1E2EBAB1DA69F10136932E6EFBE61FDAC0128E31FB630465FA63369E530A5D4D2AEF658B7FEF3FFAEB5D44DB285E907D74F
                                                    Malicious:false
                                                    Preview:......JFIF.....H.H......ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................".........................................D..........................!.1."AQ..aq2B...#...R3Sbr....$Cc...4d....................................>.........................!1A.Qa."q...2....#B...$br..%3CR................?...\R..J.p.....T....:..T.......}8.G9.{N.g.#.`..?.}..k.3.".CB._.V..ri....;.s|.Z...d[d;b.6c....06......9..}q.dH...u..z+.....<<].....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):7818
                                                    Entropy (8bit):4.3116320181902745
                                                    Encrypted:false
                                                    SSDEEP:192:C4CtNDKB7H3IhsxmjtSx7f/q00IKA4EWfW:Cf2B7H3vxmjtSx7f9VKA4q
                                                    MD5:67F84C8B8805DDCC524E63683D49C361
                                                    SHA1:00B86970008A1902E4C884524B756FC80A18D7EE
                                                    SHA-256:8CDD3620DD4F1D5BFCE92DF4D13A85C4F91C349F3AC0C8532963188C0FAC8978
                                                    SHA-512:F11035D06C20E6039E48B5C0D8E959519BFCA82D303903F63E526CACF7C266EBB5BEEC73CE627C2B22C3E73E2732EF81F343597F84F3B4D185E15B974BFF24FC
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/img/plane.svg
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 21.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id=".._1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 70 100" style="enable-background:new 0 0 70 100;" xml:space="preserve">..<style type="text/css">....st0{fill:#FFFFFF;}....st1{fill:#F7F8F8;}..</style>..<g>...<polygon class="st0" points="51.5,29 55,24.4 51.5,23.4 ."/>...<polygon class="st0" points="39.6,18.1 48.6,20.9 60.5,11.1 51.9,21.9 61.8,25 66.8,4.7 ."/>...<path class="st1" d="M40.6,78.4c-0.2,0-0.4,0.1-0.4,0.3c-0.1,0.3-0.1,0.6-0.2,0.9c0,0.2,0.1,0.4,0.3,0.5c0,0,0.1,0,0.1,0....c0.2,0,0.3-0.1,0.4-0.3c0.1-0.3,0.1-0.7,0.2-1C40.9,78.6,40.8,78.4,40.6,78.4z"/>...<path class="st1" d="M41.7,74c-0.2,0.2-0.4,0.5-0.7,0.7c0,0-0.1,0.1-0.1,0.1c0,0,0,0,0-0.1c0-0.2-0.2-0.3-0.4-0.3....c-0.2,0-0.4,0.2-0.3,0.4c0,0.3,0.1,0.6,0.1,1c0,0.2,0.2,0.4,0.4,0.4c0,0,0,0,0,0c0.2,0,0.4-0.2,
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 380x160, components 3
                                                    Category:dropped
                                                    Size (bytes):49497
                                                    Entropy (8bit):7.976831345996684
                                                    Encrypted:false
                                                    SSDEEP:1536:2h5ucs+/Fc5tcsdhFmfJ7po5KpRkWJclwpLID:UwE/m//ofo5KpmWsEMD
                                                    MD5:40F52EC8C8198C8C94C99A1AFAD7C2FD
                                                    SHA1:AE68817DF08FBEF44AA6771C8B882EEFB6834C30
                                                    SHA-256:1175E9DF746BEA8F8B516AC91D83DFF85C569346AF7F4994E2544DF4249273E3
                                                    SHA-512:54FB06009AC57193DAB5CEFA332527C70227817CCA87F54CCD62E87546D670F7A84E00C28DB6539A9898046D40D40BC71C62BEF70EF4209E9275111543736705
                                                    Malicious:false
                                                    Preview:......JFIF.....d.d......Ducky.......d.....(http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC Windows" xmpMM:InstanceID="xmp.iid:93D3FF25B0FA11EE9A21FD2CE2A0D897" xmpMM:DocumentID="xmp.did:93D3FF26B0FA11EE9A21FD2CE2A0D897"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:93D3FF23B0FA11EE9A21FD2CE2A0D897" stRef:documentID="xmp.did:93D3FF24B0FA11EE9A21FD2CE2A0D897"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d............................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text
                                                    Category:dropped
                                                    Size (bytes):1159
                                                    Entropy (8bit):5.202023838526686
                                                    Encrypted:false
                                                    SSDEEP:24:ZJgwzww2DdGVLu1oeZFGY7DEOJzn1nMeokXZHlJN:ZGF9DdcmzRMeo4XP
                                                    MD5:A05BBEA86033BD11CDE3ED0CF2776F0C
                                                    SHA1:169B7FD00B8CAD259EE8234AC29851A25BF90968
                                                    SHA-256:DBD0B1DCC856A58DEFEC98A51F722FC6848F6E53D1D945808B82350B953A9946
                                                    SHA-512:7CF3AA2B4F0525FF6F34B8A43BBF2FE307C61D95CC60719F332D43A8E5D0B9F77C6BABDC50A9E0318903810AF2BBBC501D0F0518A2363F4B968DDB93ABA2DA0F
                                                    Malicious:false
                                                    Preview:define(function (require, factory) {. return {. handler: function () {. $('.edui-upload-video').each(function (index) {. var width = $(this).attr('width');. var height = $(this).attr('height');. var src = $(this).attr('src');. var tmpAutoPlay = 0. if (!(typeof(cmsAutoPlay) == "undefined")){. tmpAutoPlay = cmsAutoPlay. }. var autoplay = tmpAutoPlay == 0 ? false : true;. var poster = $(this).attr('_poster') || $(this).attr('poster');. $(this).before('<div id="h-ckplayer-contain' + index + '" style="display: inline-block;width:' + width + 'px; height: ' + height + 'px"></div>');. $(this).remove();. var videoObject = {. container: '#h-ckplayer-contain' + index, //.#......ID............class. autoplay: autoplay, // ....... poster: poster, // ... variable: 'player', //..............ne
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (361)
                                                    Category:dropped
                                                    Size (bytes):342928
                                                    Entropy (8bit):4.958904119284503
                                                    Encrypted:false
                                                    SSDEEP:6144:i1TfZaaXWDJCFk8BlaF/ogFt2SuI+OxfyV0dyrgnZTu/6z5cKeSbtVR7ZMmzTCDZ:iOPfyZXcBpo
                                                    MD5:3C3E5300FC366A3B6C0CE79741395A30
                                                    SHA1:CA1B0F4C211BFC7DC94FF7B335AA372B6ADADA1A
                                                    SHA-256:54EDB2285C2A22B797D140C6C6C77C6B0457866A1FED28136DF7CD56D97D9B0D
                                                    SHA-512:342FAF0986A8BE5EAC782888DFC3E70C61F6CD9F8A8408CF302FEFC9E2A9B074BB04599B0104BB873D6306E298CA43301E149F6BF2045B63BD0BAEE614E8500A
                                                    Malicious:false
                                                    Preview:/**. * @licstart The following is the entire license notice for the. * Javascript code in this page. *. * Copyright 2020 Mozilla Foundation. *. * Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. *. * http://www.apache.org/licenses/LICENSE-2.0. *. * Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. *. * @licend The above is the entire license notice for the. * Javascript code in this page. */../******/ (function(modules) { // webpackBootstrap./******/ .// The module cache./******/ .var installedModules = {};./******/./******/ .// The require function./******/ .function __webpack_require__(modul
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, baseline, precision 8, 1920x637, components 3
                                                    Category:dropped
                                                    Size (bytes):401943
                                                    Entropy (8bit):7.978043142625089
                                                    Encrypted:false
                                                    SSDEEP:12288:HiY4nBcf32AzJ0HNCq4JHP44HpgZeVOoGi:HVlHWCJHP4dZe/
                                                    MD5:9EF8ECB66E8948058E98620FD5E5FB64
                                                    SHA1:57FE3FF6B93D23B65E80AF749F60DD060DFE9EF8
                                                    SHA-256:106992B7AD0395A9D637F6D1E09784DA69C6A123B41E401C045F7ED890CF0FFB
                                                    SHA-512:DE3A2906B28BB393578FE73FD854AA9EAAFCD4308960008ADCEDF45FA4169863355DD2CC5C2C40081C3B05B7CDD0C9B0750B1F9F81F96CBDAE9BA8DA6EE624D2
                                                    Malicious:false
                                                    Preview:..................................................................................................................................................Adobe.d...........}............................................................................................!...1.AQ.."aq2......B....#..$R.3br..%C...45STf....6DFdu.......&EUVst.......Gceg..'W.........................!1..AQ..aq......"....2r..34BRbc...#S...$CD..d.T..%.............?.WCAB..%...-l4T...$..H.y......Xzm.n1...^..b1.UY%'...E_.............._..7....~E?i...{..Pr...e..L..=F...o.P..*...5../{4r..'.4..........~......W..i...{.AC...S....z[.y........*.._.}.....f}.....;.4...S...?Wa..C..........F....J...6..;.........U...j..n^.k.n_..L..X.-...~.....W./.......|..&wH..I<.........*.._...W.r.._.r......}...|?\......U...j..n^.o.n_?..............7....~B.M_........F....6.......o.P..*..............T...M....]p~......W./......P...T....o.i........U...j..n^.g.(?.*}..H./.F...o.P..*...5../{3..?..>..i..F..../....~A............o..9.....v..T
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, baseline, precision 8, 1920x637, components 3
                                                    Category:downloaded
                                                    Size (bytes):346008
                                                    Entropy (8bit):7.97789422975208
                                                    Encrypted:false
                                                    SSDEEP:6144:nfF0zM0qkExKBK+Kd3P699+3VgU8hxzbDhkuL3qKG7kS+spAYu:fX/kvBK+Kdf6/M7mreuWrQ5nt
                                                    MD5:9414E8274140D7262098037489E926EA
                                                    SHA1:84C17F5486F7076A772CFDEA419A167D2D29EE77
                                                    SHA-256:90024099A2341DBC6A5FA448F3DD866454F8CF5E6B1FE8C835FFD8E39FF0C15D
                                                    SHA-512:F5A46E681A8DDABA0D60FE38F758D03C3DCCE65816E62216E3433F6B35A0E505DAE6200CDD39301C29844DE1023538022034521CEEB30A7781F499B699670B80
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/7d71f44751de4d31bc0d078f74f9d4a5.jpg
                                                    Preview:..................................................................................................................................................Adobe.d...........}..............................................................................................!1.AQ.."aq.2...#....BR....$3br......%4CScs...&56DEVdt.......FTUu.e..........................!1.AQ...aq."2...B.....R..#3bSr...Cc....$5............?...Xf...d.,.[.a.-E.....I$k=k.p......dy.2II..''..$......b..}..._.#....'.'\:....[..f......".Iyd..L.u.m.?....5......+..HF.....i...h...xq...~....$7.......;G..C....-N^B...........v.....~.j~H.....k...?.v....a........8?..q.Y)..6.......$m.....+ .....-Y..b.c..S.,l.o...`.no;65...\..E......p..y..?.TiC.rxS.....h<.....-.z....?s..a...+..*.QI..gpw.n...V...R.;.xG.D.............0p......g..;..*.!j...pr...a.y.[...R....fpRD....[.B...eM...epQ.p....B...(..x'.. p...,...b..W.p.O....6?.U.........?.......b...*xC..........Q.......#......_cc..4..5\..0..0.....Q.x.c..p.?.......V..Z.A..!..{......
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (12788), with no line terminators
                                                    Category:dropped
                                                    Size (bytes):12788
                                                    Entropy (8bit):5.257059867501364
                                                    Encrypted:false
                                                    SSDEEP:192:o1NY4iaUeeVw2Cla+b0dodXdEupiSFSPhLm+7JYKjiZT6CvUZs7UW:o44ileEx+b0d6XdEuiSksaYONY
                                                    MD5:602E621AF8DE682293E4D80E64D66BD9
                                                    SHA1:A45B20AFE90B6D101C73491BBAA3A25F10F50EB5
                                                    SHA-256:D2157F629B7C3D9AD48AC78C65ED4A9774AE2861C35BD723D169F4308CE4FE97
                                                    SHA-512:62ED3AEBF68E521400DD08E90202D0BF9D3FC8C67DA25538DCC9874D1FE502B87F34F587E044F1D9064EDC0B32E3247B7F4B7F2A2F26DB0B89D30C4E2655B7EC
                                                    Malicious:false
                                                    Preview:!function(e,n){"function"==typeof define&&(define.amd||define.cmd)?define(function(){return n(e)}):n(e,!0)}(this,function(e,n){function i(n,i,t){e.WeixinJSBridge?WeixinJSBridge.invoke(n,o(i),function(e){c(n,e,t)}):u(n,t)}function t(n,i,t){e.WeixinJSBridge?WeixinJSBridge.on(n,function(e){t&&t.trigger&&t.trigger(e),c(n,e,i)}):t?u(n,t):u(n,i)}function o(e){return e=e||{},e.appId=C.appId,e.verifyAppId=C.appId,e.verifySignType="sha1",e.verifyTimestamp=C.timestamp+"",e.verifyNonceStr=C.nonceStr,e.verifySignature=C.signature,e}function r(e){return{timeStamp:e.timestamp+"",nonceStr:e.nonceStr,package:e.package,paySign:e.paySign,signType:e.signType||"SHA1"}}function a(e){return e.postalCode=e.addressPostalCode,delete e.addressPostalCode,e.provinceName=e.proviceFirstStageName,delete e.proviceFirstStageName,e.cityName=e.addressCitySecondStageName,delete e.addressCitySecondStageName,e.countryName=e.addressCountiesThirdStageName,delete e.addressCountiesThirdStageName,e.detailInfo=e.addressDetailInf
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (31999)
                                                    Category:downloaded
                                                    Size (bytes):96422
                                                    Entropy (8bit):5.239795670807498
                                                    Encrypted:false
                                                    SSDEEP:1536:eyOkN3TklR3ZIFDJ+Y7n2L5ydUTq0tSQfCBTs:LTX73uTqm
                                                    MD5:C7543F91EA6430AC559AB7FAE0726891
                                                    SHA1:F0C0FA8786C2F5F08CAFCC5937E5BEA586F9DEBC
                                                    SHA-256:DA482DF4A70E8B9DCA09B224AEEFEF14A400FBA52137461881DAF9988D1C683C
                                                    SHA-512:50A280F2854B614F223DF62F255EE4640849AC6DA0424B3DECB9DAD3AFAC575BC7A9B4976E50F63D1A5FCC82D1D22163FD4A547AE5DEA0F7DF57683A9D160F61
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/swiper.min.js
                                                    Preview:/**. * Swiper 3.4.2. * Most modern mobile touch slider and framework with hardware accelerated transitions. * . * http://www.idangero.us/swiper/. * . * Copyright 2017, Vladimir Kharlampidi. * The iDangero.us. * http://www.idangero.us/. * . * Licensed under MIT. * . * Released on: March 10, 2017. */.!function(){"use strict";var e,a=function(s,i){function r(e){return Math.floor(e)}function n(){var e=T.params.autoplay,a=T.slides.eq(T.activeIndex);a.attr("data-swiper-autoplay")&&(e=a.attr("data-swiper-autoplay")||T.params.autoplay),T.autoplayTimeoutId=setTimeout(function(){T.params.loop?(T.fixLoop(),T._slideNext(),T.emit("onAutoplay",T)):T.isEnd?i.autoplayStopOnLast?T.stopAutoplay():(T._slideTo(0),T.emit("onAutoplay",T)):(T._slideNext(),T.emit("onAutoplay",T))},e)}function o(a,t){var s=e(a.target);if(!s.is(t))if("string"==typeof t)s=s.parents(t);else if(t.nodeType){var i;return s.parents().each(function(e,a){a===t&&(i=t)}),i?t:void 0}if(0!==s.length)return s[0]}function l(e,a){a=a||{};var
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):259
                                                    Entropy (8bit):6.8392748692345275
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO61shxB7lj1x/BZb5UaJzF6A4vKkg8onS8sBDbp:6v/7P1sh1j1xX/4SkB2S7n
                                                    MD5:F20A55DC99268DAC130586E52E2B10D6
                                                    SHA1:B25ABD4A3C95097A338B8B138476E22189CB235E
                                                    SHA-256:6F44F96517C6CED760EDE55714C5E7E1E259783974FCBA750F53880A932ECD50
                                                    SHA-512:7FF01EF840F3DD29CF9953B40B0DB3D0559E96895A63A152F9A01F6FF5659D01FBE09652704D2AED45D89FA124F71AB058F9327ADE7C5D0AB770E13EC4442AA0
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDATx...=..@.......P...^.........F.%$E@..,..5l..>v...Y,...y.}..~......A......-+*...)p..5.............,t{.e...'......G..0K..x...9.....1..;.2.....&Dn......Gi.q.....-..M..4^.S*...t..$;.`..G....@..h.4...Wf....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x369, components 3
                                                    Category:dropped
                                                    Size (bytes):197988
                                                    Entropy (8bit):7.972332637837605
                                                    Encrypted:false
                                                    SSDEEP:3072:9sABB0zg9Q1HcvQr5aHxw7uVDF4BaS1w+ocDqHjCsJzD1dSWEVc:WAIz6IHTr5aMaOBlC+SusPEVc
                                                    MD5:2FEFF5E9E2B9C3322236FF03FADD3FEF
                                                    SHA1:307FB7E8C24B8BE47923C3A4A7B27CCF567F3209
                                                    SHA-256:96701A0FB3F15DECD5BECD6AD49D6F1E39F65906885DBF1425DFEDAAD4B3F502
                                                    SHA-512:3F127F8E7C0A63C99C5F7F7B05EDEEAFD13DEC7871FEE53422DCFC7673B2E123665E61D0EAA526C1B98FC74743078D3CF901CC9F19B05E3D3CFF87E11658EB6A
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:09023C23FAF611EEB804C9B713FC4A66" xmpMM:DocumentID="xmp.did:09023C24FAF611EEB804C9B713FC4A66"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:09023C21FAF611EEB804C9B713FC4A66" stRef:documentID="xmp.did:09023C22FAF611EEB804C9B713FC4A66"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (913)
                                                    Category:downloaded
                                                    Size (bytes):368854
                                                    Entropy (8bit):4.895144787798025
                                                    Encrypted:false
                                                    SSDEEP:6144:ixciJaF+XEwlGjWCiof3oMM2yNYXmJEP+kFlDlkkT6qr:ixcYaFGWf40mJEP+kbJ
                                                    MD5:E83EB3F34CB5ACBED981BFE0A06EA461
                                                    SHA1:4745B0ECAA26831F7B31092ED1AE66D42ADDE6D6
                                                    SHA-256:3563FD98A03997E92D16ADE27182962585FA0FF2379917BBAA37EEF3ACBFBEA4
                                                    SHA-512:6082085D2508076834A9E68275DEB9DCF996B604C8BEE51F8C88E2235A1BF4ED60F33269E52D65F458B40DEB2866E8F08FCC332DFFC7B846B3760E62A1C00136
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/build/pdf.js
                                                    Preview:/**. * @licstart The following is the entire license notice for the. * Javascript code in this page. *. * Copyright 2020 Mozilla Foundation. *. * Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. *. * http://www.apache.org/licenses/LICENSE-2.0. *. * Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. *. * @licend The above is the entire license notice for the. * Javascript code in this page. */..(function webpackUniversalModuleDefinition(root, factory) {..if(typeof exports === 'object' && typeof module === 'object')...module.exports = factory();..else if(typeof define === 'function' && define.amd
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 5375x2617, components 3
                                                    Category:downloaded
                                                    Size (bytes):7731686
                                                    Entropy (8bit):7.983556952642901
                                                    Encrypted:false
                                                    SSDEEP:196608:GnuFhxYU7Q2lygWvyluyH+u60oiC3ovlF:ZjYWAB6luQ+uXc3odF
                                                    MD5:229A89CA202E393E386E10C8A3B6DC3C
                                                    SHA1:692889BA7F8A8A7C0D7DF3AAD9D6F5A898A21CE8
                                                    SHA-256:1BDA524EE705E56865245EDD1EB7E254C1E540A01F60AC7208D5313F5552FD89
                                                    SHA-512:EE4EFF47A2D7EE3A0167DC190A8AC10538CA84EDA1FF1BA1B3897C3A03A3F033892F9C555B1913B9C4C37F63D706AB0DDD23701CCFBFB49A809EF4EEC63D6D0A
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20244/8b08d546f6974e4c8120c0bc1dba76b5.jpg
                                                    Preview:......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................9...."...........................................k................%......!"...12..ABQ.Rab.#qr...3......C...S.....$cs.......%4....5..&Dt.67Tu..'(.Edv8FU.e.....................................[................#....!...1"A..Qa.2q..B..#R......b..$3..r..C..%4S..&Dc..56.'Ts.EF..(7Get..............?......Q..+ta...x.%..,_v(gH....e7+I...w..h>.3.....E..a.&.yb...O..W..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):167
                                                    Entropy (8bit):5.777977345951701
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPlgKK+lf8Lts7CX9/85ld4tTkZGqenqnnDw82jhQaTlljp:6v/lhP+F+l0R/e94tTkZ8g2rljp
                                                    MD5:1185B1B97705DFD7C04954700EAF395F
                                                    SHA1:B7414F8CCCDE034973E7E48065F325B3AEAD09D4
                                                    SHA-256:050FDE8CCAFCE7F3FB1812FE781E741A314A086AE6ECFCD7374DA7B529F1CED8
                                                    SHA-512:D3A619110100E5FC99ED0671A575E922E20000923E4033F683A8146B4D2EEF0D4DAF4576437E3B1214E7D0261DC51D4AFDADABA9E0FBFE01CB5D515AA1783547
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs...t...t..f.x...<IDAT.W-....0...._....O....z...".vd..Y....k..~...9...~.-.:..4.o....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (22010)
                                                    Category:downloaded
                                                    Size (bytes):22011
                                                    Entropy (8bit):5.3179916766708715
                                                    Encrypted:false
                                                    SSDEEP:384:F19Cih92A3igTLXSt/SdMrXqE6tGLxzAOTElH0jjhtjfs8:F14iV3iaWtXItqF13k8
                                                    MD5:386111F9108EFBC7426B3C42D7320511
                                                    SHA1:FD1CBFDEB7CA75C9E78E4996F4CAAF8C416CAFE6
                                                    SHA-256:D5644D8445225F7BEAB690029910B19FAF1A9A26BC2779899FEC81D7B519DADB
                                                    SHA-512:F66519DAB44BE0169147359538388C877FD52F6A96F8A159DF7A7EFB293B567A78BD8948F66006F7E554405EA2D0DCD2758BD7E8C4A3C51C166E727AE1008B18
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/default/script/layui/layer/layer.js
                                                    Preview:. ;!function(e,t){"use strict";var i,n,a=e.layui&&layui.define,o={getPath:function(){var e=document.currentScript?document.currentScript.src:function(){for(var e,t=document.scripts,i=t.length-1,n=i;n>0;n--)if("interactive"===t[n].readyState){e=t[n].src;break}return e||t[i].src}();return e.substring(0,e.lastIndexOf("/")+1)}(),config:{},end:{},minIndex:0,minLeft:[],btn:["&#x786E;&#x5B9A;","&#x53D6;&#x6D88;"],type:["dialog","page","iframe","loading","tips"],getStyle:function(t,i){var n=t.currentStyle?t.currentStyle:e.getComputedStyle(t,null);return n[n.getPropertyValue?"getPropertyValue":"getAttribute"](i)},link:function(t,i,n){if(r.path){var a=document.getElementsByTagName("head")[0],s=document.createElement("link");"string"==typeof i&&(n=i);var l=(n||t).replace(/\.|\//g,""),f="layuicss-"+l,c=0;s.rel="stylesheet",s.href=r.path+t,s.id=f,document.getElementById(f)||a.appendChild(s),"function"==typeof i&&!function u(){return++c>80?e.console&&console.error("layer.css: Invalid"):void(1989===p
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 87 x 87, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):11403
                                                    Entropy (8bit):7.972104400841308
                                                    Encrypted:false
                                                    SSDEEP:192:dS0XGIVlKWoEguzMgTUY2Ro14EoWHVnmTVHz+Qq4Xuxjobu7A0gpbPDKlmvW2Eqb:ZDVlRIMa2Gz+smjoympal8G6
                                                    MD5:BD57659A1BF20BA94FDB554861F4CBAB
                                                    SHA1:D1E99839670C21784A65983B0561C960BA7C2C6F
                                                    SHA-256:BD465B47DF6F97296E29F6CF2FB96C0AA43CE02E1296461150E376E1A3DEE44B
                                                    SHA-512:134A56B306DFF8710ED9D22C24307E81ECF3CC8F896B2FC52AEF4006A3C63FC930D728A82CDED6064AC069F289F50064BA63C455DE75EAE456F2E67548D52318
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...W...W.....q..l....sRGB....... .IDATx^...T..g...U..I.*..TrNMT.D. ..&D..QD.DT2.d.(... Q...M...o7.n..n....7..`t.s.^{.................c...].A.1......W." ..k......w...z........s.[N..7..Q...'.A.o.<[.fdd(99.O....*88X....4...*((.}.s...|.....s.....(==.}/$$..w<........&))./;.3...p.[......y.X.}v..3.}..4k.L...s...9=...2c...~..n..._.~.<y.......M.>]...w..;g...o........=.`c..c.=..........5h. =...z...5e..=.....+.....b.^.X....;.-,.....\P...4u.T._.^.;vt...|m...+..+W......7!!A7.t...:.V27'..}...j..8Fdd.Z.n.y..i.i....i.....!....w.}W...t... ...^..C..3.8...........{.y.}....8.2.3g.S.N...a\...;..U..|.r5l....~%@.|...:...O....q...u.7:.b.r..I.....{.u..b...}........&.iS../..Ro....4i..Z.`Ag..>v.X.rP.q@..'5d....3....H...qG....O...*P....*..9.g.V......!.U.^=7./......[.L.|...F.... .yz.....t.._..7V."E.q9~... *T.......V.R..A..#; he.f\P..@m.-=.eRm.u.."1.q.......h.........../...^xA.=..{.A.|.I.q....P..0.FGG+>>.Q....t.Rg._..[Wk......f.l.].
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 668x287, components 3
                                                    Category:dropped
                                                    Size (bytes):104705
                                                    Entropy (8bit):7.977109621278782
                                                    Encrypted:false
                                                    SSDEEP:3072:gtIOuFfD2zT9Ktjw0DhkUDUadnon3/bl6DHoYMQ:gw2zRsZDPUDl60YMQ
                                                    MD5:2B4AADC9719E27F996B8FC4F3C452FD1
                                                    SHA1:9319B30B7C8A2138BE69D2391612E1D91B5B78FB
                                                    SHA-256:998522589138458AF6124383326E901B3F2CFA2D91986C39A9F7E575EEE6929E
                                                    SHA-512:A9D10219BE7F99E753115466E7697222BD7DEC3B6EB6241E207EA69CF50B2B8C84CFA1EFB187509FBE2C1FA13513288B282A3C285864839BE816E54040F44B1E
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:2528F9856F5211EF84BFFFD755C32B67" xmpMM:DocumentID="xmp.did:2528F9866F5211EF84BFFFD755C32B67"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2528F9836F5211EF84BFFFD755C32B67" stRef:documentID="xmp.did:2528F9846F5211EF84BFFFD755C32B67"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x720, components 3
                                                    Category:downloaded
                                                    Size (bytes):180870
                                                    Entropy (8bit):7.980586830032701
                                                    Encrypted:false
                                                    SSDEEP:3072:ubJNORVPZuZiupSwDTcsKK/4evHDSb6PNwQYIY1qDFOiO1/rQxSTOxr+R7jMNG:u9N2VxuZiJwDZK2WMNVQOpOBrQx3IGG
                                                    MD5:68D1277E0C596E52BC936C959A1E09DF
                                                    SHA1:79D831BA4F465D08A903FAF47FCC6143E0B065B8
                                                    SHA-256:982E289A1716B4AA06CE5BB7AA500F00BE8AAAD0DE9CC4D7807DEB5AB93995B3
                                                    SHA-512:46A43378057C4FA0431B3A87406FE4F9498A184A2B0890B59D9DE046151168F2264896C9151230E9F09F522E9FCDBE2D3B778E46721A249A37935C5C58E68EE1
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20245/4f6224cb89c24312a738c6b8f49fd478.jpg
                                                    Preview:......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........8.."........................................K.........................!1A..Qa"q...2B..#R...br.3.....$CS..c..%4..&DT...................................3........................!1.A"Q..2aq#B....3.$...R.............?...@...=..}..W.|.Du......J.N.5.k..N.1.F^(......7.(...(4..F{S.m...D.....iUd.@).T.P...M8n......3.=.).....D....i.+.}i.7sRU.6...|TP)h....!..|R..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):922
                                                    Entropy (8bit):7.603777251290975
                                                    Encrypted:false
                                                    SSDEEP:24:WlE9n+kdQXjEVXGOgRzyXOzSkXPQwj4jq8:WGejEaRzVSkXPjjI
                                                    MD5:17E31E08E2F448508927984555A60702
                                                    SHA1:0A72E386D44B8DC258D2CD6424CC1E06AF6665E6
                                                    SHA-256:498F3DD982175970A9A20E0444F8542ADA1AE8139E71A7C81CFE525F122372F6
                                                    SHA-512:D6A87A14E844762438CED505F97097A352C816CB7E310AC0A5E86920B0ECF972682A3D71996A46B92429C3A57F377BCC7FEFDC7219AA13ADF9C2E5289A7485E3
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........TIDAT8O.TMh\U...7MlKbP...Xa.3.ro.Q..F..!.b]).R..Dt..t..7..........AM.Zt.y.22R..D...!b..{.\..q..ws.r.w..;.\.... ..D...y%M./...~T.&.<...........|P..j.q.n.7...p.N.!xnn.<...M.?.....f>V.._.Up).5....."rF.z..,.B..>.a......{.I....Y......1...Y..Y........h.ZYY.`.}..I":.$.Q..t:..j5-r....,....>.a..l.....acc..~.....|...\8.....y.?7..e.y...v.... .N..(.n.p.6!I..O*'H....x....!.{#3.S....8...s..d.x..Af...U.....@. ...3.R....v....EQ...VTP.y<M.7J...)..J....+.<...VE+..s.z....G.f....OV.m..V......f..[.,...../..\...(.|....^..0.F...0==}.....f..J.PE5....SD.L.$..`.}..v.} ..sD.q.$....s.s..........[..m.......vf.,.:..s"rw..K..:3k.t......M.......Z%.#._..Q..>.E..D.n.$.......1F..Yf~.bW.....sNM=....(.D...T.f.e}k......_Dn...8....{mmm.?..|srrRc.#k...^.&O].RE..c.....h...-0|....w.n...[k....J...""....455..........DdW.".?.)._.Nmm...w..V...^....c.C;}...7.....C......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1267 x 604, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1319491
                                                    Entropy (8bit):7.996686986301979
                                                    Encrypted:true
                                                    SSDEEP:24576:jrroumPuVmGlNFSA/lShMQfMvQ4/xjDC+SL3vxC/7VA7Xtr1FB9hL5xnCPh+A1A:/0ummQgaANOuvQ0xq+SVC/yVPhXnaE
                                                    MD5:2C6FBAE4F50B1F3014A4F9847C916E40
                                                    SHA1:C973842DFACF5C77114F34C6AC7BDD7C2A41B1D5
                                                    SHA-256:7554C03AB7E6CEB62BD064BB01FAAAC8E5408AA56F36CA4D783DD25C38C1CBF1
                                                    SHA-512:E6F176D232B19DF0EB0B8755AABF954363D02164BCD23C4D9C97A339BE4B7DE7DD72926F0531EC3B68B2DD68E6404E0EE7D51FA3A2114E834061C002FFC0BD6B
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202410/2d754adfc8554a52be99c115c39b86a1.png
                                                    Preview:.PNG........IHDR.......\...........KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?>..`... .IDATx...[.$I.-v.f...=.........EpI\.E(......GdD......C.<.zH..ws5}@..(.U.............U......W`...k.~....;.S..Y....B....W....=.....YW.....#~..E.Y..P......!..`...KE..rQ..`*.s2.8..&.;...>.......D....y....m@.7...*T....#..O....5Z.@d`.b@!.."Ns.P..>...d`....^.|...t..B".V..&..[...}*pL.............cb.....j./.....T.j..Q....V..?..C.!.VC..W..Ao.%ig}'..<..7......G.!...!.,g^...>...~..,Y..P..;._K.........$..#.9(!.y..*.....*W^F.e.z ..a..j..{.[q.....R.wHU..Q..or..J$......?s.Sdy..~..=....b..k.....H.Y......3...@>.0.R5,.Sa.i....l".c`..hi..u..K}).6.1)........P....T.....&S..mN.........1'..i....../.`.@E1....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.575151486168995
                                                    Encrypted:false
                                                    SSDEEP:12288:fzKUOV297nNWOIN0mnsLrM2uSFcO4DXS9sC+WGIXr5TY/4UN:uDV297AOINznsLrM2JN4DKNl95A4e
                                                    MD5:FA72621291CD96C3DF06FD15EF77A79B
                                                    SHA1:FF1B75B292092FD65738D0E3662A532ECAC8B5FE
                                                    SHA-256:0402DDA2709669049FF444CCDD3692A934A635EF4956313EEEFBFB65F069377A
                                                    SHA-512:A394CC97FF78F8BFCE93F208F912902A8843724623D41138F831089557594AD395B59B18C9F76C186D8B9C1322C1FC0521E99B777A481331F858712A4B2DD890
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|...3."16.%49.&5:.&59.$36.#25.#35.#33.!22..--..,/..-0..*...$).. &...%...#...!...!...!...!...!...!...............................".."&..%(. (+..#&..&)..$'. %(. %(..&)..&)..&)..$+..$,..$,..$,..$,..%-..&...'...&-..'...&-..&-..%,..$+..$*..&,..',..%)..&).................................................................%)).$+,..~x...u...w.......~..}r.uoh.?<9...................... #.TW^.................................................r...[eo.KR[.9:B...3."$%....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1557
                                                    Entropy (8bit):7.81148539095448
                                                    Encrypted:false
                                                    SSDEEP:24:8/EZnPnx9eUTLEaQAyyr6wnpnuP6ejT8OFThz03LTyXOwD29m5seWfOOR0k3Tov+:8sZTbEyrLm6ecAThwb0OJFzZ+K/BMS3d
                                                    MD5:C527410FB96AF969A049BF25357A259E
                                                    SHA1:B5CE931F524C8B491C16C469C1783EC2BF54AC2F
                                                    SHA-256:B5428F01DC3AD2783C4FDF0E07CA39AB344B9A65BB098F1C3F179404AC6A4C5A
                                                    SHA-512:A5F7C50735937FBCA8F974BC00722181D046D5D5E29249F49C0B9DE82974F1E82677E1AF8660540AA5452D0DA05AA1098EF47B310932A9179E573E2296F1ED8F
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............;0......sRGB.........IDATHK.Wkl.U...<..].n@.@.T.P.J4B....<....6X..`".".Z.....IiI.@....j|....V..F...^..>..nwfg.9.3.....mv...{.s...s.!.j..\F.|. ....S.c.....D...DF|)....!.$$s..../W....0.VBm.......{A._..^m.D....n.d..t...\..T..y!.w..y...A...B..... .5&........H.<.s...l......,.%....fj....Xmo.T...%...G...aKp..5().P.QXGgG..w....r..X. ..:....Bv...(....._bk..lESj......u.:/..d.....P$..H..'s...bk..`u<.R.............`....,..:.`$..*'..[.q...(XYP...)..fK.q.....H..Ag=>.....P...mM8.#..'ap..5r....]snX....6....6.i..r.B..`v%U......G-.y..H.S...w....({..].....dkqc..^.$..dB.k..U.......g.5.......Y.G..@.<..v.]..,......2`j1...k75<U.KmQx...H`.l..y.......Q...P..1.?7...f......L..3WC...`m.A`;.............3..[.!b...P.=........N.......[.p..`...3.}.N..I.B....W.^.O...S!.HT`.F+.;-..g..........S..Wah&d..wk.BI.id.&u....kLsP....2..g(..FH...Q.Z....V..XWs...:.U.`..^...f"......f..|.@vo..E,*...3.l.x..$.d...o......&...q.;~....."..T.._.9T_g.&.......$..B:6.>.5..Z*g1
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):589
                                                    Entropy (8bit):7.503171556132041
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7ifcsvkJ19gLX0pOZwp+SmLvaDxRWyVybRopHE4c5h623hax3hze1hKYgt:PZ8r2LX9L4RWaM5s23have0t
                                                    MD5:D560AE07A884885A44CDFBE03718CD6A
                                                    SHA1:67F24EDB9F6105151495B3B58E2B436270D2B51C
                                                    SHA-256:7B7F23BF3E38F126EB8C9E16372A87AD44E6A204253E700E17026F2BD979D258
                                                    SHA-512:49316A03621C8F83DB1EDDAE8916F0B6739D16990011DF77C0A14B5378986DC76DB38F37B5806C67C1F5FF35D398A42726994EDDD62A317C3E983BB3F11A7BBA
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O....a....9..).b.D!.~..-#&L..#.r.2... )w.B.1.....6@.d..(..S.[.m.........Z.Y.:0..1...w.~{...-..~.1x^^v.p;l.c.Fb...+.$.3L..Ra.;}...p.........c.M.I..G1.w.....3......=...".f..c...F`^N.@.-.f^.Ie5.....v.!..e..!.).W...Z+`4.^Z...*."\B.s...amy).TO..2.T....C..N. ..0.j..l...$O.q...=.kp.0..V.x/1.&O..X*.}:...*L.h..[..8..1;.......W....3va+.a]o.1r.......&5............$..'.5.s...D.N.~X|....\..%.U..b..)t..=..;.i.FL|...v.-.#..D.;X.....Z..I.t.gq...$sp.3q.;.".....@.O~.([e8VcTY[..^.F..........B.V.1...XhY>..X...........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):7818
                                                    Entropy (8bit):4.3116320181902745
                                                    Encrypted:false
                                                    SSDEEP:192:C4CtNDKB7H3IhsxmjtSx7f/q00IKA4EWfW:Cf2B7H3vxmjtSx7f9VKA4q
                                                    MD5:67F84C8B8805DDCC524E63683D49C361
                                                    SHA1:00B86970008A1902E4C884524B756FC80A18D7EE
                                                    SHA-256:8CDD3620DD4F1D5BFCE92DF4D13A85C4F91C349F3AC0C8532963188C0FAC8978
                                                    SHA-512:F11035D06C20E6039E48B5C0D8E959519BFCA82D303903F63E526CACF7C266EBB5BEEC73CE627C2B22C3E73E2732EF81F343597F84F3B4D185E15B974BFF24FC
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 21.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id=".._1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 70 100" style="enable-background:new 0 0 70 100;" xml:space="preserve">..<style type="text/css">....st0{fill:#FFFFFF;}....st1{fill:#F7F8F8;}..</style>..<g>...<polygon class="st0" points="51.5,29 55,24.4 51.5,23.4 ."/>...<polygon class="st0" points="39.6,18.1 48.6,20.9 60.5,11.1 51.9,21.9 61.8,25 66.8,4.7 ."/>...<path class="st1" d="M40.6,78.4c-0.2,0-0.4,0.1-0.4,0.3c-0.1,0.3-0.1,0.6-0.2,0.9c0,0.2,0.1,0.4,0.3,0.5c0,0,0.1,0,0.1,0....c0.2,0,0.3-0.1,0.4-0.3c0.1-0.3,0.1-0.7,0.2-1C40.9,78.6,40.8,78.4,40.6,78.4z"/>...<path class="st1" d="M41.7,74c-0.2,0.2-0.4,0.5-0.7,0.7c0,0-0.1,0.1-0.1,0.1c0,0,0,0,0-0.1c0-0.2-0.2-0.3-0.4-0.3....c-0.2,0-0.4,0.2-0.3,0.4c0,0.3,0.1,0.6,0.1,1c0,0.2,0.2,0.4,0.4,0.4c0,0,0,0,0,0c0.2,0,0.4-0.2,
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:downloaded
                                                    Size (bytes):197839
                                                    Entropy (8bit):7.981255688861366
                                                    Encrypted:false
                                                    SSDEEP:3072:xSmACuk34s5iONczMNV4m4EsUWSXCOpFhYGOXmzDN+RG+Lo:gFCuI/iONaMn4VEsUBCOpqmF+RLLo
                                                    MD5:85878413DF2D1091E2AD85C773033B09
                                                    SHA1:B49C34FA8EF240863AF1DD68A73B2F9EDF8AEA77
                                                    SHA-256:D326EAA3D454F043E8E4BD29B5CE25935C01AAB254840412CB7EC96C90ECB4F5
                                                    SHA-512:AD43071D14B410C5E6244CA6599892D55E6A6D27C7044BC4C77EABC2ADE5DA3F2D9DF96E9F768D39276134306DE087D4786DEADD1D8F9532D7192C9B62FE15EB
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20242/b3f044e8fe3f4b85b6e377f5ee74a6d9.jpg
                                                    Preview:......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................q...."...........................................g...........................!.1A.."Qa.q...#2.....$..%345B..6Rbrv....7stu.....&8DF.CUVw..')EGSx...Tc.....................................P.........................!1A.."Qaq......2.....#34Brs..5Rb..$t..Cu..%6Sc..&E...............?..?..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:downloaded
                                                    Size (bytes):113
                                                    Entropy (8bit):4.705610630775952
                                                    Encrypted:false
                                                    SSDEEP:3:YRM9WREauuTUV+bjcQ72ybLvSaijJpUHeS+MdLLMi:YsWiMUVWgQKcLKnJpnSzJLMi
                                                    MD5:88A23C52F32672A60560465E26366BC5
                                                    SHA1:90DDFA48D71866CDE0AA63817FEC4B90927CBA69
                                                    SHA-256:D04E495009AC1CC793A57DB076EA9DFFC295442DE9226997465E2A0A72C777C8
                                                    SHA-512:2FA246664D92646E3FA1210C921A75162F78AA3E71E2F78155743DF5C6AA62D9364C7045524D3CECB828CFE039A6DD1C373C802ED5C38861700C4E436EC63C40
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/favicon.ico
                                                    Preview:{"timestamp":"2024-11-20T08:30:32.979+00:00","status":404,"error":"Not Found","message":"","path":"/favicon.ico"}
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):612299
                                                    Entropy (8bit):6.743860551130316
                                                    Encrypted:false
                                                    SSDEEP:12288:PzvoJ19zcV49mMLqQGQ6EFOi0mgNBLQHLeFI/NjRErYhmmCCSd8:PzvoJ19ze49mMLqQGQ6EFOi0mgNFFFIV
                                                    MD5:40C2E569E287DABE9D7A4CD295489F84
                                                    SHA1:B5299D2CDD867DD78AF72DD42B6F0A50C4669037
                                                    SHA-256:24E9818E96522A8752AF4A0BA6F11AC69EA50899A669AD3C7A61B037DE47BB5C
                                                    SHA-512:E5C9C50F1174FBB7883AEF42F86D8A339A5051AFB99BF8AB3DCC02B146C553E7684DF784A4DBC11E6C5C8216D0F1073275CC159AB80A3F5C22DF9ED71760256C
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S1938f3cb13a440e49c53885d9de9ad96-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.............................................................................................................................................................................................................................................................................................................................................................{..fT..bF..a>..cD..fF..X5..aG.....{zu.TSO...........................................................................................................................................z...r..xi.yk].zj].yfY.xbV.|`W..jb..{v.............zj..rb..oa..qa..sa..wb..{h..|.........................................................VV^.MMW.``k.XWe.rr..................pv..^cn........................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC (Windows), datetime=2024-03-12T10:20:03+08:00], baseline, precision 8, 1920x637, components 3
                                                    Category:downloaded
                                                    Size (bytes):335414
                                                    Entropy (8bit):7.974615190743803
                                                    Encrypted:false
                                                    SSDEEP:6144:nH7e6UVJS1pce+/GlopzgFLffCqGduB5CxLw7NfdamC/dZqonl/Ls:nbe6kJTp/d5QfyuBIx8fdadXl/Ls
                                                    MD5:A55CBAA016021E27E064B99C841B980F
                                                    SHA1:D489E820EE8603B2F4C6574EA8AB4970BE8ACBD6
                                                    SHA-256:F8A8C97543D599ED2EDD22E92C4E455D6B6CC4619575DC10B44EF8ABDB6336BA
                                                    SHA-512:9CB2139F685D494F7DA83B767E3F4234CAA0A11A6BCCDB00B8A4624CED604696C3360D2CA9DF6E32BAFA33C9128C77D98A9EFB1CDECB25AD57B47096523960CB
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20243/2a28c7964bf7445c92d241174a3ac859.jpg
                                                    Preview:......Exif..II*.......1.......2...2.......P...i.......j.......Adobe Photoshop CC (Windows)..2024-03-12T10:20:03+08:00...........0220................................}.......}.........Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmp:CreateDate="2024-03-12T10:05:24+08:00" xmp:ModifyDate="2024-03-12T10:20:03+08:00" xmp:MetadataDate="2024-03-12T10:20:03+08:00" dc:format="image/jpeg" xmpMM:InstanceID="xmp.iid:08E533A9E01711EEB4EC99F66DDE239E" xmpMM:DocumentID="xmp.did:08E533AAE01711EEB4EC99F66DDE239
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 5376x2562, components 3
                                                    Category:dropped
                                                    Size (bytes):7536797
                                                    Entropy (8bit):7.983587209147242
                                                    Encrypted:false
                                                    SSDEEP:196608:IpWLn1zCAxiSei/FtfgnDHOu90QyENke2s23IKxxeiu+:rnFAivonDr0Qlk10KxT
                                                    MD5:7E4C4524E650AF49482058D57C0D8610
                                                    SHA1:2F01DCA01DB8066F50E880B3E2C06AA78CECB214
                                                    SHA-256:FC75F5DA2BFCA1E4DBE14DEEA2F581A0005558B01920F6718A9601A222049B5E
                                                    SHA-512:869FB34AF182F99344C772F2B0A300F015CFD894DFA021B9483E771A3A53F8D91FCF4022BDBEF762C1873559F1252C9C90EE5C8B5EB1B13CA62C587082551506
                                                    Malicious:false
                                                    Preview:......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"...........................................m................'......!"....12.ABQRab..#qr..3.....C.....S.....$c....s....%4.....&D..'5T.6Et(Vd.7Feu.)G.......................................]................%...!..1..A."Qa..2q..B....#R.....b..3r..$..C..%4.Ss....&5DTc.7.....'6EUdF..............?.}RQ..(.9.m.j#....GN....K*\.R.v..SBn..i...d.H.`.....]6..q.z...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x637, components 3
                                                    Category:dropped
                                                    Size (bytes):358575
                                                    Entropy (8bit):7.97337616019685
                                                    Encrypted:false
                                                    SSDEEP:6144:basLz3U5e3HHMF6nSKyIugim+Lfaog++MjriU1X6Wuz0MxiZLQtEI1x4CCfEML:basc5e3HHMF+FugimqfjF1XMTXx4xfEQ
                                                    MD5:4A1F645B9DF61CBD0322C7C4FB423A29
                                                    SHA1:EBD2983265120094BD1684677BFF3D5748A5D476
                                                    SHA-256:05E65BD5869035485DC06A7E0A0B4747E56244D25CF5F1E2C56494E48BDC8597
                                                    SHA-512:7331876C71AD79A905D9D9D8472E0F1E855E7F7B13A3D11077C1F7B21E40D0E6A0B44F0F80E6D8A7169F1F79DB306521EA9338847CAD69311E705D2E741AAE21
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......Q.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:18302280FAF611EE9240D4747675B714" xmpMM:DocumentID="xmp.did:18302281FAF611EE9240D4747675B714"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1830227EFAF611EE9240D4747675B714" stRef:documentID="xmp.did:1830227FFAF611EE9240D4747675B714"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=Canon, model=Canon EOS R5], baseline, precision 8, 7904x5272, components 3
                                                    Category:dropped
                                                    Size (bytes):3089482
                                                    Entropy (8bit):7.9351890000992755
                                                    Encrypted:false
                                                    SSDEEP:49152:J43+ZPOKD3n9OKA5LsPHMpU65VBqqNk83R09ozhy26IYvTGKdMlljnNjHuHZt:J43+ZPOqw5LnIqN5RYok26IXDhO5t
                                                    MD5:DEE8924C1D2FB65AB504A50C179CA6E8
                                                    SHA1:26BEFF43B171BA2B4FA10D8FC051312CC3BCF4E7
                                                    SHA-256:0AFAFBC0B0DE8BD5C769F1A0BAE4D2362D7C804BEF2476EDB64F962A1294C344
                                                    SHA-512:E0FF66E9B6CDB3AEF9CDEE809B8DEABB922342246ABA347D414EA8201A2BD7FE7C6D6DBCE66AAB2E6CA76998DB1BF1209A0A24360D9F479B1B6E8431E0A78165
                                                    Malicious:false
                                                    Preview:......JFIF.....H.H......Exif..MM.*.................J...........P.i.........^...........>................................................................................................................................................................................................................................................................................Canon.Canon EOS R5...............<...........D."...........'..................0231...........L...........`...........t...........|........................................................47..........47.........................0................................................................................................................................................................................................................................................................................................2024:11:05 17:20:14.2024:11:05 17:20:14...`........................5..........http://ns.adobe.com/xap/1.0/.<?xpacket begin='.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):1818
                                                    Entropy (8bit):5.029287530745692
                                                    Encrypted:false
                                                    SSDEEP:48:c4AlfEtwh+nKbtk+nWnhPD9NZJGGQyOq0e:slfYu+Kbtk3ndD9NZJzoe
                                                    MD5:1F69BA6D232A69AA989175D5680C7F0D
                                                    SHA1:7654036D71AE7576A101B403D3A7538F2026C14D
                                                    SHA-256:32998458DC12B6FF63D17DFD4B03E5E43E3CB5D64C2F53D72484C0AAB43A6EEB
                                                    SHA-512:58A7379A9BFBD2D46C85333B5DFC37EC4C41B8FA0B7D596F28348646213F20EE83C658286C65C3E0B42DE6C2A118C4A26D108AD83D80E8FBD92D905384D2EE66
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/img/sms.svg
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 21.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id=".._1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 48 48" style="enable-background:new 0 0 48 48;" xml:space="preserve">..<style type="text/css">....st0{fill:#FFBC47;}....st1{fill:#FFFFFF;}..</style>..<g>...<path class="st0" d="M24,12.4c-6.9,0-12.5,4.7-12.5,10.6c0,3.1,1.6,6.1,4.5,8.1l0.5,0.3l-0.3,3.8l3.5-2.3l0.4,0.1....c1.3,0.4,2.6,0.5,4,0.5c6.9,0,12.5-4.7,12.5-10.6S30.9,12.4,24,12.4z M17.4,24.6c-0.9,0-1.6-0.7-1.6-1.6c0-0.9,0.7-1.6,1.6-1.6....s1.6,0.7,1.6,1.6C19.1,23.9,18.3,24.6,17.4,24.6z M24,24.6c-0.9,0-1.6-0.7-1.6-1.6c0-0.9,0.7-1.6,1.6-1.6s1.6,0.7,1.6,1.6....C25.6,23.9,24.9,24.6,24,24.6z M30.6,24.6c-0.9,0-1.6-0.7-1.6-1.6c0-0.9,0.7-1.6,1.6-1.6s1.6,0.7,1.6,1.6....C32.2,23.9,31.5,24.6,30.6,24.6z"/>...<path class="st0" d="M24,0.5C11,0.5,0.5,11,0.5,24S11,47.5,24,4
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 668x287, components 3
                                                    Category:dropped
                                                    Size (bytes):92840
                                                    Entropy (8bit):7.977509185863719
                                                    Encrypted:false
                                                    SSDEEP:1536:6MlM2tmSKPbl9ytzEgpH1STi03SPHPTP9hoT3cJlbAsbUlWBlAtja5yufUX/:6MlvKPqtRHYuBPHPr9hoTsJhhZSJusX/
                                                    MD5:6784645725F20F1C786DF6F1FDFEF474
                                                    SHA1:B7A485A526BEE2568B79E7E817EEE0F942C0C6FE
                                                    SHA-256:7D29C61614BF03CA1222A62A7C77588BC0BC0E677C54B50BD3EBF96963645BD6
                                                    SHA-512:AB10C8B866507564B7B654F09E2E92061DDD7C425EDD3B39D816273C9E211FFACA55686A4242C8DE6DBF5EE75667B8CC50A77715C9BD9ED9179BFC121A4DFC9D
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:B48B10094F1811EFB669CA2E316F6E24" xmpMM:DocumentID="xmp.did:B48B100A4F1811EFB669CA2E316F6E24"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B48B10074F1811EFB669CA2E316F6E24" stRef:documentID="xmp.did:B48B10084F1811EFB669CA2E316F6E24"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x408, components 3
                                                    Category:downloaded
                                                    Size (bytes):56997
                                                    Entropy (8bit):7.96862158794905
                                                    Encrypted:false
                                                    SSDEEP:1536:IGyV4j7+Jpbaj9rKNR47jnpL9ZjSMN1sj10rWWlh:FBn+JpGjFa27jnpL9Vp/M12th
                                                    MD5:F23CC02A78DDC453687DA05708A2F6B0
                                                    SHA1:79D8726F3DF9E9027E2925658146B3B6FEB2E4CE
                                                    SHA-256:5D506263B940AF9957512DB735AE93888C986042519D92C097F2C6D2615D6219
                                                    SHA-512:6B7EEBE797FDF98CFA68C58316D135F0D90D910EED587B42EF4CF8C7866DA324F095659F43BE233DA9B3D69D67F3B4128A24161789895B5E217A27F5EECA9CE9
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/97526e57b9514644b32c58de5f21cb13.png
                                                    Preview:......JFIF.............C....................................................................C............................................................................"...........................................Y...........................!.1.AQa."q.2...#B...3R......$b....%4Cr.....5SXcv.&e..DHdfstu...................................?.........................!1.AQ."aq.2..........#BRr..3..$b...............?..kFKR.o.L"...INr...=.....+.Sh..m..|.-.b.....E..V..gRU..|1.b+....M.R.....N.$v.P....7S[..(..).F.!.4.mJ...'.7.s..."g...B.NroP.........k..I.dPe.Ze.....bCi.=2uYD.U%...C$...k...c:...\.7.4.Q.jz.e%.^.2......hu....J.....#j.I...".z.a_h.]p...=...k+uz.:.%.../.0q....h|g2.. .P.....[=]...m..c..n#.......R..sU...:...B.'.L.3....j.$....y...>.-l=rl-..0......Ta....,5...l..Y...IIwRo.v$*.0O.u..@....7.j.........E'..J...>..X..ej.....m|.!Y.......Z.qV.I...h.w..T..R{...g+.w..7..Ny.E....!5.{2.[_... ...9.7..Q.^...<....l.K:.y.....$..A........`........)v....'.(e..w..\H>.P....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=\346\226\260\345\215\216\351\200\232\350\256\257\347\244\276], baseline, precision 8, 800x522, components 3
                                                    Category:downloaded
                                                    Size (bytes):232242
                                                    Entropy (8bit):7.979246701772668
                                                    Encrypted:false
                                                    SSDEEP:6144:bLktV0AkT/AZYf5vYlXFY2SI3sPvoPG+G/u:bLWVCT/zQZFY2SkwvQ9N
                                                    MD5:C4C3EBD8010AD8B85BA6E4864B57A586
                                                    SHA1:98C7E7F345F74DCE3B5C2C79DFB6DA4EA7032D0B
                                                    SHA-256:21A41B839F48A6D6087323E763B2CB60C5545B587A42B67E22EE60348B5829AE
                                                    SHA-512:3ED7CA2B7C3BCD2615D8ED7F4FCDC288FF774C6CF8D2E078A5D949F4238A1525DA010570830F7295D27412233DA1DD4961B65A334CB83F31D70ADE58FDC9A34A
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20243/9cb08e4d470e4d85947430f6a1bf4dc6.jpg
                                                    Preview:.....4Exif..II*...................................Ducky.......L.....}http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:AB346D4BDA4011EE9059A5C723ED6A96" xmpMM:InstanceID="xmp.iid:AB346D4ADA4011EE9059A5C723ED6A96" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="4922E3EF4D1B02F20045C22E715891EA" stRef:documentID="4922E3EF4D1B02F20045C22E715891EA"/> <dc:rights> <rdf:Alt> <rdf:li xml:lang="x-default">.....</rdf:li> </rdf:Alt> </dc:rights> <dc:creator> <rdf:Seq> <rdf:li>..</rdf:li> <
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):816
                                                    Entropy (8bit):7.601124518249376
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7ilQLd4QpOGbvvoDgnrC3Sc7x5ZRqu0miSgfU6/CtiaBB4jzBfaSlLU4g7RgD:IPvvX2C2Zn9/mjzBXJsRPtDktic
                                                    MD5:22502504907E3E0FEBB29E10A4339D8A
                                                    SHA1:93D84D48E53CEF0C98F404BF950E813406EB26EC
                                                    SHA-256:F1343C992C9338520352387AF1ABFA63BB347FA5553D338190B84BDC70E78306
                                                    SHA-512:8F3A5EA916CD985288D791EB25A1A0CD9D7FBFC7833C69F81158ED5377BCE909D720CA0F557C8D22474FB20BD88706C9E53733F0BA967215AFC8DB8F1546ADD2
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O.T;h.Q.=w.$.V.......5.0o.......?.R...E *6~..DH%.....TVJ.].N.E...P...F.,..s........w...s.a....J....B..x.<j.03...;ccc.vI..@D...o.L_....8....@..5...R...m...@...&..j.L...p....B.;......4..`.ryw&.y..8..)b.U".. .`oR...'..|......a8CD.I."3O...<88.'..}..^.p5..kGG.700.n..<.....z.....X.....f.....g.... N&....T.\v......T...f...(..CCC.....\...t,.O.R).V.U......_.....#"...^.......Q$..7.....R=....w...Y....*..{.'.._.v`..0."....;;;{...........M"..}....J.<..K.'.|TJ.Ix..'.d....F.....z.U~.xc.1......Z.....xh...e.J.[iU$`.... j....r...x..A.R.5....>.Q..7...p4..\..5.....L...;..>..s.9.Q..43D5..]I.....m5..4..9f>CD..@Dk....(.F.......?+.lg_....A.......b).y<...h......Sg'.T*.P(Di....(F....Y"z......N.k......$....n...W..eg.RI..t.E..#a@."....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 117 x 118, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):18691
                                                    Entropy (8bit):7.977136585659524
                                                    Encrypted:false
                                                    SSDEEP:384:g+JfgIUOXDPmY4R3Mv8rQtzLeNslPN4Jaon2e8ugQv89h0OKgN1s2cc:RZECOY4hRrU347pn2e8Kv8j0Rg02j
                                                    MD5:ADD094281B4C54325095DB0A83236A2F
                                                    SHA1:13F89ECC457F7C3178085ADF198B5458FD18C269
                                                    SHA-256:F9F0DFE17D67DD38C244FB76716FC4F9FCE4B4ED85F55B2FEE08A1969BEBF893
                                                    SHA-512:024803037EECB5A8E55728C50A788E3306C65CF3CA461877068A69FCF248C2B9EE9D7396266459ACA9F2CF75C314BE09B67E862BFF887C68B010262F40006687
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...u...v.............sRGB....... .IDATx^..t.U...$77.&..J...)J.D.bwt...{........XivF..l8*.4..Q.B'..[.s...@...w>......sv......w................g....+.......C..8.bj.J..........3........`........%n........T..u....3....+K`........s...ht).YG..4.4.Ri*'q....H.*....yyyE.:Z..QQQG.AI..s~.....9W....8.|J...Sj.^{........{. .....a....w5o.\...S..]...K.....[t.y.)##C<...?W\\\.sM..........SOu..'t..q.u..u..z..G.....s...r...{.K..<xPW_}....K.~..z.....o..^.7oV||..G...?c....6m.....>.H._..../...r..'h.......Lu.lD..\.6m.i.&7y_...Tc...X>S_|.E]r.%.v.?..n...eff.e....O..\.......:..8.5..w.v.a..'Pk.ULL.c(B......"...=..o.uL^.d.O.z.).....w.y...."80.&,_......6.N:......f*..$..r....3...4...;.0.N.:.MC+./.4...ot.z..w.k...?....S.Bp/$.{q....gO.wrr......&$$..&.3W.^..t..N...[o...1.{...;.3..'.8...p.....2M..$w....7g,.....iS.l.c|h....n..0G.v....6S.L..I.&z...LI..s&.R5f......n..-.i....>.L....].4p.@G`3....{.g.T2...@2e....7....W.^N.`.w.}.@ ...s0...._....d.5.1...9s.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):1099
                                                    Entropy (8bit):4.7797269803293405
                                                    Encrypted:false
                                                    SSDEEP:24:IoV5WpDl85WplAX5Wp/C5WpJnAn5Wp7y5WpESA6D5WpWz6G5WpWVAT:Z5SS5kAX5oC5QnAn5Sy59SA6D5n6G5B4
                                                    MD5:6A4E7D6D7578B08B05430B816F4DBAB5
                                                    SHA1:D9D32326BC0E77FF8B7542EC14BD78087B1C944E
                                                    SHA-256:A88D41A418192739E54FB08455FA328F3BE95C5B7F218C609E8C8ACE313B1FF8
                                                    SHA-512:CF32E30BC85781F3501E2C9D6DE5B55734839A6A8AA3E8671D6778661606662242F66D7FE8C966227B287D32416D363804E209C7463E783954F5E3CC94B75ABE
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/css/mb-icon-extentions.css
                                                    Preview:/*Icon extend */...icon-qr-ext..{.. background-size:1.3rem;..}...icon-plant..{.. background-image:url(../images/mobile/plant.png);.. background-repeat:no-repeat;..}.....icon-plant-active..{.. background-image:url(../images/mobile/plant_active.png);.. background-repeat:no-repeat;..}.....icon-refresh-traceability..{.. background-image:url(../images/mobile/refresh_traceability.png);.. background-repeat:no-repeat;..}.....icon-refresh-traceability-active..{.. background-image:url(../images/mobile/refresh_traceability_active.png);.. background-repeat:no-repeat;..}.....icon-transport..{.. background-image:url(../images/mobile/transport.png);.. background-repeat:no-repeat;..}.....icon-transport-active..{.. background-image:url(../images/mobile/transport_active.png);.. background-repeat:no-repeat;..}.....icon-test-result..{.. background-image:url(../images/mobile/test_result.png);.. background-repeat:no-repeat;..}.....icon-test-result-active..{..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):33
                                                    Entropy (8bit):4.635006998015214
                                                    Encrypted:false
                                                    SSDEEP:3:qMY5QT5:qD5QT5
                                                    MD5:03425406AE047E2518EE3C90E1963E1D
                                                    SHA1:A900238DC50F40F5053B4FA27DEE0E395DB7CC59
                                                    SHA-256:7A656A46125F2A0B032498FFF2EC0EA02A96DFCD23C8954E9BA676831196B943
                                                    SHA-512:2C95DFAD8CAE2218A66F6153CE2C9AA42C08EE9196866831352AA660587D649C299E6F03A2436B0FCBEE137116EEBC50D7CD39C4848EED2A4F5872D94287D37F
                                                    Malicious:false
                                                    Preview:var juba_domain='.....'
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1920 x 478, 8-bit colormap, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):395869
                                                    Entropy (8bit):7.997055372678641
                                                    Encrypted:true
                                                    SSDEEP:6144:+6EQ2GRyGIrzMrfIQf2xP9D1r3KXNoA3fKVtt9WStqd:12caKwialD1rERSV5Wxd
                                                    MD5:F983CF4A49B776BA036A42DB0B779A0E
                                                    SHA1:EE310B966A918D400607D6AC41AEDC4436C8D802
                                                    SHA-256:9631A17B0EA39CB61B03A5F03BB6F2EDE980834B873DD8136D7CB43375681902
                                                    SHA-512:9E816B5D09BBF16FFD618CE858666F53B4E23B3636CE92E7B7AA07526A53625D8CADFCF356B0306313D79E08EE757589D4BD51BE0215B7F6ECF1840D40E1A9BF
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............M(.I....gAMA......a.....sRGB.........PLTE.e..d..`.._..e..f..d..e..d..d..d..^..c..]..d..f..c..e..Q..c..\..T..c..e..S..b..e..c..e..a..c..c..b..b..a..b..f..d..d..a..Q..b..R..S..a..g..c..b..f..O..c..U..a..a..T..`..U..g..c..U..R..P..Q..P..b..d..P..d..U..P..S..b..`..a..b..W..R..R..R..d..[..S..b..c..f..f..W..a..U..S..b..X..T..a..R..S..a..`..V..^..T..R..Q..U..]..`..U..T..Q..Q..Q..e..d.._..\.._..S..Z..\..S..R..c..R..d..S.._..b..R..^..S..b..`..O..]..Z..`..T..R..\..X..P..\..W..U..Y..V..Z..N..d..`.._..R..Y..W..^..V.._..a..`..Z..X..X..V..P..O..b..[..N..Q..V..\..U..c..X..Z..O..a..]..]..e..[..]..\..U..W..d..b..]..^..W..N..W.._..Z.._..Y..T..e..\..\..`..N..Z..Q..^..Z..Z..Y..V..Z..Q..f..`..W..c..N..^..S..e..V..N..P..b..e..]..e..d..d..[..N..S..S..N..S..f..U..V..e..V..c..N..W..V..T..R..c..\..O..P..Q..P..^..O..a..d..g.../b.. .IDATx..M.+.&&Ed*...+....4.)$M.&.-.....'..F.E.M.T..2V..^..Z.......h.K/L..e.z..0.g1.5La7M_..\.Yz......E.:.v7..S....T..=....3..O_.~.=O_./|.._}...1..'y
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):597
                                                    Entropy (8bit):7.528645322244031
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i1sPtV+O1x6jjurbG1yzWjaDUtxbLhIbjP8qxEQoiD8GNqWf1CBcWD:FsPXx6nz1yz67bqbjUsVqW0B5
                                                    MD5:C307364193798EE2491B3E3AF0654E53
                                                    SHA1:9D5F520A1C17F8B83684DEDFAE7B7062551AB1C5
                                                    SHA-256:59C97BBB472A40073E93A1FA606F130260299535A5CDE246635C33C546D9858D
                                                    SHA-512:4B3771DAF5A06627DA401F7AD6FAE536EA7608946E73D0B23B15F78C930E269202C8CE9D7F6BE9943698A1B518788B91D634BB92D35BAD37F84DCA7E86698667
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_13.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O..[..a...g.........(...&...)..~.Q.8^.+%%.$l7N.VRr>S.P".F..U.*.[....{.x..s..0..1..0.w..0v.h..^.J.l..A....h.N.i.3..8{..8.o...0>/.i.e=......m..M....?....Rl...<.w1....I}.9z.....g8^.S.._..&b9V.S....O....v..p?.Dk1VYD.w......]..a4...4...+.........L...q.w.,.0|.}...L.).4.a...J...m..L.`.[.J92...v...>.i..........^X..l...du..a.d.0....X..S..n..0E....h...~.$l..c.+uiR..=)..m......r.}..E.....z....lY&...6.[/.m.-...v..3......b.I%S.W7.y.C...?.!..Y.i.u.+...r......W...5...\]0.o.ft.]........x..c.v#,.......v...[..;.........8......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):2417
                                                    Entropy (8bit):7.850504166087918
                                                    Encrypted:false
                                                    SSDEEP:48:qLTTLq0R0S6wfOLB4MA3pYiA4ILrCjXk4KGXxFXJMK0ocflluJg0WmDq5AKGUec:qLnLCS6wfONRACzxLrsk8oKNaLWg0h+X
                                                    MD5:BE7CD9355FA2121FAB8E619ED546CED4
                                                    SHA1:230A3D5E2DFACFA7228F58A559DE5DF3734118F5
                                                    SHA-256:161FB247EDE7ECB867D864863B8E3DE3A93DAAE6286FCE1AB7C3700F55112C9E
                                                    SHA-512:EC893E352214AF962A16DBC8FA4E506187BE673F2AF780C7BA63B76D4710560DBBD26B02F2B6F321FE9109EB460BBE329FC2EBB798ADDDC58E13389157F3C33F
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/texture.png
                                                    Preview:.PNG........IHDR...@...@.............PLTE...,,,...222......%%%...444???'''...000!!!...)))666###999...;;;...===AAAFFF...JJJHHH.........LLL...DDD...NNNWWWQQQ^^^...UUU\\\SSSYYY```bbbiiimmmdddqqqfffooovvvxxxkkk...tttzzz'......:tRNS..........................................................~^.....8IDATx......H..#...U.........G..'.B.....{i.>.@.7q~"..Nk.@.xK.RO5J.16tw..C-..7..j.+.x.u.....n.."W...M.C.E..t4..c6....d.p.j.0!H..y.l......]>...U..J.iX@.....Ns7.*6r..JIi.....<.....n..hdAz{r.x.C..T.u-.Do..b..../..9+...<.x[.K....T'...O.Q.zF.?........x....|....!..$@...N....c...'.|8.Y1..s...=....XSV...H.a.u+.[P....y.l...q..f....>.@...&}.I..[..C.$.\..rK.P[.4U...+V.S..>....tp...2-.....0_h]...~.U...$.A(.J.Q..t....a..........m...4..|..5..\.....+....J.m...1.@..*|.aVW.K....[G:A..dd.....KYV........r.\.....O.f..>.7.+*1[..{.....~..^b''.Vq.Q<..&+..x....m....bt("Mg/..&..u..N]..=G.......*kX[..u.y.3".)gUkF..z.p.."e.96...Lbm.X(.%...{k..e.o#V..z.&.".&...N=i..ECD...........).vp....gUt
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (12788), with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):12788
                                                    Entropy (8bit):5.257059867501364
                                                    Encrypted:false
                                                    SSDEEP:192:o1NY4iaUeeVw2Cla+b0dodXdEupiSFSPhLm+7JYKjiZT6CvUZs7UW:o44ileEx+b0d6XdEuiSksaYONY
                                                    MD5:602E621AF8DE682293E4D80E64D66BD9
                                                    SHA1:A45B20AFE90B6D101C73491BBAA3A25F10F50EB5
                                                    SHA-256:D2157F629B7C3D9AD48AC78C65ED4A9774AE2861C35BD723D169F4308CE4FE97
                                                    SHA-512:62ED3AEBF68E521400DD08E90202D0BF9D3FC8C67DA25538DCC9874D1FE502B87F34F587E044F1D9064EDC0B32E3247B7F4B7F2A2F26DB0B89D30C4E2655B7EC
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/js/jweixin-1.4.0.js
                                                    Preview:!function(e,n){"function"==typeof define&&(define.amd||define.cmd)?define(function(){return n(e)}):n(e,!0)}(this,function(e,n){function i(n,i,t){e.WeixinJSBridge?WeixinJSBridge.invoke(n,o(i),function(e){c(n,e,t)}):u(n,t)}function t(n,i,t){e.WeixinJSBridge?WeixinJSBridge.on(n,function(e){t&&t.trigger&&t.trigger(e),c(n,e,i)}):t?u(n,t):u(n,i)}function o(e){return e=e||{},e.appId=C.appId,e.verifyAppId=C.appId,e.verifySignType="sha1",e.verifyTimestamp=C.timestamp+"",e.verifyNonceStr=C.nonceStr,e.verifySignature=C.signature,e}function r(e){return{timeStamp:e.timestamp+"",nonceStr:e.nonceStr,package:e.package,paySign:e.paySign,signType:e.signType||"SHA1"}}function a(e){return e.postalCode=e.addressPostalCode,delete e.addressPostalCode,e.provinceName=e.proviceFirstStageName,delete e.proviceFirstStageName,e.cityName=e.addressCitySecondStageName,delete e.addressCitySecondStageName,e.countryName=e.addressCountiesThirdStageName,delete e.addressCountiesThirdStageName,e.detailInfo=e.addressDetailInf
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):4190
                                                    Entropy (8bit):4.547069568552328
                                                    Encrypted:false
                                                    SSDEEP:96:8SCXqE6KySyKE6OyS+ySKuMy46kQKk+uC6SSQEHqqOQSumayY2e7ulMSeATCeuaW:qGXZmYPY
                                                    MD5:E09CDC3B378BE2E091686C10363F0B15
                                                    SHA1:958BEA12909F30886FA0A3D822BC982916FBE860
                                                    SHA-256:A4B5FB6D7C28B03AED164C4039514CB1ABB5619AC64E6B4F1A91EB0610EDD759
                                                    SHA-512:A63A4D86C4B59DE2DF23C344ADC5AAF0AB96453B1695B75A62B7C7978DAEEEBF2F69F762675A2242F43D3BFA3F4D1BE7FA52A5C8FCFB88A5EB3F1F8AC503F4AE
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/locale/locale.properties
                                                    Preview:[ach].@import url(ach/viewer.properties)..[af].@import url(af/viewer.properties)..[an].@import url(an/viewer.properties)..[ar].@import url(ar/viewer.properties)..[ast].@import url(ast/viewer.properties)..[az].@import url(az/viewer.properties)..[be].@import url(be/viewer.properties)..[bg].@import url(bg/viewer.properties)..[bn].@import url(bn/viewer.properties)..[bo].@import url(bo/viewer.properties)..[br].@import url(br/viewer.properties)..[brx].@import url(brx/viewer.properties)..[bs].@import url(bs/viewer.properties)..[ca].@import url(ca/viewer.properties)..[cak].@import url(cak/viewer.properties)..[cs].@import url(cs/viewer.properties)..[cy].@import url(cy/viewer.properties)..[da].@import url(da/viewer.properties)..[de].@import url(de/viewer.properties)..[dsb].@import url(dsb/viewer.properties)..[el].@import url(el/viewer.properties)..[en-CA].@import url(en-CA/viewer.properties)..[en-GB].@import url(en-GB/viewer.properties)..[en-US].@import url(en-US/viewer.properties)..[eo].@import
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):321
                                                    Entropy (8bit):6.815695264083707
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6key13YWkOLiR8Fr7KAAX0SsvPUs33/kNYwnDXM4zoEdp:6v/7Pkey1k6iR8hKAAkSsvPfkNjnDXr7
                                                    MD5:FB94CA39AEC07D85A29FDB62B0B03B24
                                                    SHA1:3D206E303F9663DCA95482DF9ABE55A08851C574
                                                    SHA-256:F386BFF1C7C4986544A70003BD5B6B730153F0788E4D12FFB1372B709D2468B9
                                                    SHA-512:674F36AA503C4B443208A91B42546967227B17871AB9E6688259150F1C735A187DEE737F51F3E01E443DC7247669486BA130C29ACB78B9D4842846836553B948
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-presentationMode.png
                                                    Preview:.PNG........IHDR...............7.....IDAT(Sc` .....:.H.L..}....2(..(]....(x.........m.D..}pi......;.Q.........<.......T.>....G:..=.....C<.T.2......iG..../...(.....V.4...I..y....a.....A......?.*}.............[.....z ~.....O......E......?.i..;.i......?..=.Qp...4#...t.D... .....wU..S.Q......&.........z:mI....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 7 x 16, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):107
                                                    Entropy (8bit):5.422522634824745
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPlyvtBXYBd0IKz5Ul3tUdY6l93leg1p:6v/lhPwd00IM+dUu+jp
                                                    MD5:0F776A81F64ED3775CE1917917879E4B
                                                    SHA1:ACBBC7071A0641A10E1D50991D1ABBFA26B5DCE9
                                                    SHA-256:59280AC4EC15B3176CD6948FA4D2319698D484C971F432EB8454DD851416E5DD
                                                    SHA-512:9D0F7693EE97837DC9EFB8C8A0E127A654C01332FDA3EB23360AF16E7BA460D7F2F5DCF3D268CD72F9455E9ADDE385BD45754EAAD83BC4DC392547E6A5454C9F
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-menuArrows.png
                                                    Preview:.PNG........IHDR..............e....2IDATx.c.H....~ ^...%X.x-.?..,.K.....|7.2...0.2...1.[.K.G.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.4086820731466325
                                                    Encrypted:false
                                                    SSDEEP:12288:bBcdYccTJ4yR3m3FyONcD97yuDDeZBSjpKEzFHjac:biuc6m3FFcDRAKpKUFHjn
                                                    MD5:7506F2C45F9C03C1F8F26E87D47E402C
                                                    SHA1:0ECF6FFB7F55180979C8856B826E2933970FC3E3
                                                    SHA-256:684EDC6942C86090950E1B5CA92D5601B7532958E835265325CE083747137330
                                                    SHA-512:606B42952BC199873A0CC058B25275C8F75C2308F5B8EBBDBE17DAFB1BBD35E6E34B1F17C837880D5E43ADA6CCF168DBF69B08937F82AE38E5B300C252A89C74
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|..W+..X,..X,..Y-..Y...Y...X,..Y...X/..U-..U+..T,..T+..U-..W0..X0..W/..Y0..Z1..[2..\3..[1..Y/..X2..X2..V1..X4..Y4..X2..X1..X2..X3..W3..T2..R0..R/..T1..S1..R0..R/..P/..Y7..uQ..yW..sT..nQ..eN.yMF.a>?.X;=.L23.eF@.X:8.E,..bA:..]K..`L..]J..bO..]K..\M..[M..^V..qq..vu..xv..xu..xt..ws..ws..xt..xu..xv..xv..xw..xv..xw..yx..xx..xy..ww..wv..wu..wt..wu..wt..xu..wt..wt..xu..yw..xv..yw..yw..yw..yx..zy..zz..{{..{{..{{..||..||..}}..}}..{|..{|..{|..|}..|~..{}..{~..|...|...}...|...|~..|...vv..dZ..aV..aV.._T..VL..^Q..dT..bV.mMN.H5>.`BE.uVQ.I=K.M=F.[>E.oMR.._Y..m\..mY..lY..oZ..jS..V9..R5..S6..V9..Y;..Z<..Y;..V:..T5..S5..V7..V8..T4..T7..X:..Y<..X:..V7..T6..W9..Z:..]<.._>..a@..b@..\:..^<..dB..gD..dA..c@..a?..a@..W;.o@1..T;..W=..Z@..\B.._C..aE..aD..]@..[?..[?..]A..\@..Y<..X;..Z=..[>..]?..`B..`B..^@.._A..bC..bC..aA..^?.._A..`@..]A..\A..`D..`C.._@..cC..eE..dD..c@..dB..hD..lH..\>..N4.._<..b?..dB..eC..eC..hF..gB..jD..jE..hD..fD..`?..^<..]9..`=..c>..f?..hA..iB..hA..hC
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):225
                                                    Entropy (8bit):6.631326953854896
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6XAxjAz6Wqjjqy9CmTcEgvlH3lAZ/iF9oBrjp:6v/7PwYLOqbmTc9lH3lABiFIrN
                                                    MD5:6C365A103073FF2D8303C68856DF0A4E
                                                    SHA1:FF7EF30371233ABE8C548C2F3D5CBB335183CA92
                                                    SHA-256:B97006DDA25F0B3908CE7604108261FF8AB1E1984118F3DAC296428BCF34B1A3
                                                    SHA-512:A18B81BFCEAF82C7DAF68F501186134EF01DDB64D130625074065AA23D78CD420C8A77E43D4263C649BC3125C61352EBCFBB0FF3DED4332562C556E58C7D9B16
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDATx.....P...o.%.m"..d.1V..aZ\7...F.G.v..!..{...N.a......k.3..._....aA3`..h..))...V.......2.eeV"..K.H...n.....7..N......k.....0..Wa..$X......C..BM........K.G.oq......m........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, ASCII text, with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):544
                                                    Entropy (8bit):5.189991607093636
                                                    Encrypted:false
                                                    SSDEEP:12:hPJXrYIHTooo6uYLACUrY4MexGcW6PWjpLZ/LrLPJ5WuN0OMJMGv:hPJXsiModuYDUrY4VoDZrVkQ0OMuw
                                                    MD5:5CC6D4D82BCE7663D505A18D25890203
                                                    SHA1:198CD998861D70D1B6C117EB78CCB08F0041442B
                                                    SHA-256:9FD2B7A81DCF235F711E84E59C7C894EDDF3E191A29EFE145CDE33888B259B4C
                                                    SHA-512:020811634C1018BC26DC730F69694789D6E77679693DA5F5ABFD07159E2725DE7AA4D9FF9B740CF249DFB4A3C90FF3E458F0F816155FAECE0FEB6D0A48858ECC
                                                    Malicious:false
                                                    URL:https://weixin.qq.com/r/kxEjO1vEOwZErR9Y90SB
                                                    Preview:<!DOCTYPE html>..<html>...<head>....<meta http-equiv="content-type" content="text/html;charset=gb2312"/>.......</head>...<body>........<script>................... if(navigator.language == "zh-CN" || navigator.userLanguage == "zh-CN"){.. window.location="http://weixin.qq.com/cgi-bin/readtemplate?check=false&t=weixin_getdownurl_sms&s=download&from=100&stype=10037102";.. }else{.. window.location = "http://wechat.com/cgi-bin/readtemplate?t=market_redirect";.. }.......</script>......</body>....</html>....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x1392, components 3
                                                    Category:downloaded
                                                    Size (bytes):195132
                                                    Entropy (8bit):7.978759071373553
                                                    Encrypted:false
                                                    SSDEEP:3072:jaErLI4JjiX5OQWpUtKOiR9DfAAwbY7jr6ouI/walROJ4jAOSbXYPGj8+ook1/+Z:uUIn5iYu73fRR040BrYPGj8+ooiPQvQg
                                                    MD5:57277D4546C3DEBDE3C17A403E0B3A45
                                                    SHA1:219458058A45FC3AC5EB8D8DAAC7FCDBEEE35835
                                                    SHA-256:94B4D26B43FCEA22B60A8D788F748794ABA3C5686D6F9330252F64E8F411CB98
                                                    SHA-512:9F9EA0D7D06D209D857DC4BC2A21A821A00D2B785C2A57DED194114F6ED51C6D379FF11097031C7FC7D157CFD1BBA9FBC89B01971F172D64C8D0E9E94E1E4A31
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20247/1ef4d7a75b9447e89bff35d997a2d605.jpg
                                                    Preview:......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......p....".........................................a..........................!1..AQaq."2....#3BRr......$CSTbs....%456Dct.....&U...Ed.7V....F.'....................................;........................!..1AQ."2q.4BRa#$...3.....S.5.Cb.............?..H..qO.!.\2........&...jD...\.+. b&.$...R'...'...DBT.. .....H......J...*P...#..nJ.....P.....J...S...#.v.].I.HM..a9
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, manufacturer=Canon, model=Canon EOS R5], baseline, precision 8, 7904x5272, components 3
                                                    Category:downloaded
                                                    Size (bytes):3089482
                                                    Entropy (8bit):7.9351890000992755
                                                    Encrypted:false
                                                    SSDEEP:49152:J43+ZPOKD3n9OKA5LsPHMpU65VBqqNk83R09ozhy26IYvTGKdMlljnNjHuHZt:J43+ZPOqw5LnIqN5RYok26IXDhO5t
                                                    MD5:DEE8924C1D2FB65AB504A50C179CA6E8
                                                    SHA1:26BEFF43B171BA2B4FA10D8FC051312CC3BCF4E7
                                                    SHA-256:0AFAFBC0B0DE8BD5C769F1A0BAE4D2362D7C804BEF2476EDB64F962A1294C344
                                                    SHA-512:E0FF66E9B6CDB3AEF9CDEE809B8DEABB922342246ABA347D414EA8201A2BD7FE7C6D6DBCE66AAB2E6CA76998DB1BF1209A0A24360D9F479B1B6E8431E0A78165
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202410/c01da4db7f164eb98286d2a31083e9e9.jpg
                                                    Preview:......JFIF.....H.H......Exif..MM.*.................J...........P.i.........^...........>................................................................................................................................................................................................................................................................................Canon.Canon EOS R5...............<...........D."...........'..................0231...........L...........`...........t...........|........................................................47..........47.........................0................................................................................................................................................................................................................................................................................................2024:11:05 17:20:14.2024:11:05 17:20:14...`........................5..........http://ns.adobe.com/xap/1.0/.<?xpacket begin='.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 380 x 159, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):77938
                                                    Entropy (8bit):7.993835553037984
                                                    Encrypted:true
                                                    SSDEEP:1536:bPSABKuSrKuIuJ9vbwFUCHWvsSjA0yojNaghpECQysdBxXawXa/AU:LSjuSZ39Tw9AsSjgoBaKpExxXaZ/T
                                                    MD5:5FE98884FAC02836E28F48B366F815A4
                                                    SHA1:1837C80DD0E6D5BE23C82253BE923A0CC3E06BB7
                                                    SHA-256:8CEABEFAE0A3F9B89DBFB58EB30DA2F5F3351AA49EA3F7815B52D36259CED4BF
                                                    SHA-512:07AC98D242833C100765029BB33C94AA23ABA0D4EF6A4B9937D39078472889500370128E0C6A21CA8B10D212250A263A0D6357D245A713CC4C8ADC1B328AEEF6
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/4786971ebbe7437ca39334f22bb181fc.png
                                                    Preview:.PNG........IHDR...|..........@bR....sBIT....|.d... .IDATx^.Y.m.U.vn.[R.C6j.. ) .. 8c ...`...(.$ ...............N...?.d......[AL...F=H..z.J..uoe}.s.s.[....T......k...s..>......>..k...=|zx..A..w....j|..x.5..7.........V.<....k......e.t.....^C...^...Ht........=..YT.._[Rh~.._.D.c:.I.u..'.?.. ..B....U..w1.....3N......>.\@....A+.c.$|..J6...f;..!..}]'.K...a~~hur.R...X8w}.B.c8.?....A.&.".C...(..x.....#Y..A......_.c|DK..;.]....z..._._"\.......:.,.....3..^.f9I,.s.E..@.J....n...Y...A.....Q...jf..-.g..y.|h..n.k.....5....h@.r....v.z...v.?......-..s..h.cl...u"6..a/......4.9.l..B..o.......&.B.];..6m+4~t]xCFG.!..e...wa.uta[r..kK3.5F../....Ko....M.w..d.&.E...[w......w.....z.X.U............?@;.8.,-.. ..zb0.........c.......*.M..v8&.l..#Mt..T...>..y].......l.$..7...Z.p.E...M..C.0....o....ha..s...! ,..Z...3`,U..M.g.%.K.X..L...\.....f#.q..!p.0..aG..x...7b.....1[#2../>... ?..B`........].`U...y.,.........bL.c..jH>.V.Sx.....f.C0&..o.....C.t.y.dI.Y.k..C......x..I.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):295
                                                    Entropy (8bit):6.879166317647769
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6RshxAW6uUnVfbh+X/MIKVaVcikuAoiqLMReEjHpe3T4/jp:6v/7PRshF6uUhm/MAOi/iCsi4/N
                                                    MD5:8DB4158C49B8A31E311EE501AF30566F
                                                    SHA1:6B17ACD1C4EA6A9D9859819456952EFF133F3CC1
                                                    SHA-256:EC9DD66C32FEDBF6D5E1FD166E01AC13AC751E2441D7FE9AB8DD79DC5C94B825
                                                    SHA-512:F6BC16EC563E614E54060BB7C0911FBE8BBF776F77EF189E8910CB6181E6919384F2E695B24C62D2CD6C419B4357EED408FB2D0EB4C96519D884247C9BC4BFD8
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-openFile.png
                                                    Preview:.PNG........IHDR...............7.....IDATx.c .......n........g..@ .5...GH....H..XAG:....Tp.h4nx.....7a......o'."..3.....~;...........L..2.+../..C@iN..9.J.AD.t3......k# ..%u...sy......A..n...d....f.o...... D..1.P....a.."......?...`i...t1.U<...?..@w_..0....,..L.v..8.-.....A.^8yl....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):259
                                                    Entropy (8bit):6.8392748692345275
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO61shxB7lj1x/BZb5UaJzF6A4vKkg8onS8sBDbp:6v/7P1sh1j1xX/4SkB2S7n
                                                    MD5:F20A55DC99268DAC130586E52E2B10D6
                                                    SHA1:B25ABD4A3C95097A338B8B138476E22189CB235E
                                                    SHA-256:6F44F96517C6CED760EDE55714C5E7E1E259783974FCBA750F53880A932ECD50
                                                    SHA-512:7FF01EF840F3DD29CF9953B40B0DB3D0559E96895A63A152F9A01F6FF5659D01FBE09652704D2AED45D89FA124F71AB058F9327ADE7C5D0AB770E13EC4442AA0
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-download.png
                                                    Preview:.PNG........IHDR...............7.....IDATx...=..@.......P...^.........F.%$E@..,..5l..>v...Y,...y.}..~......A......-+*...)p..5.............,t{.e...'......G..0K..x...9.....1..;.2.....&Dn......Gi.q.....-..M..4^.S*...t..$;.`..G....@..h.4...Wf....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1540, components 3
                                                    Category:downloaded
                                                    Size (bytes):262392
                                                    Entropy (8bit):7.945952908620789
                                                    Encrypted:false
                                                    SSDEEP:6144:ufzCtX3SYwuigfARIpzwitM5b7DokLIPylQaUA:uGtn/wuigi+7o7DokrQ1A
                                                    MD5:989C07DCA28C49D7F3A87CED6CB53C1D
                                                    SHA1:097EE55F396C1376DE8E30F868666D96FBDFF5EC
                                                    SHA-256:B346925F80089E9B8FD815DE340D0E5D425B102DF92AB62ED4F714F147EC627D
                                                    SHA-512:0EAE964524B4068DE763E71B1959DBAFD28C64F0C2F0D9D28A8202CD1B7FD0AAA50287E111BE6732CF39C486DAAC39F27D9F04774479710042DC553761C01BDA
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202410/38a52e0789d14cd0a7e43ab11eb029c3.jpg
                                                    Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........8..".........................................e..........................!1.AQ.."aq...2.....#3BRTUt....6.$Sbr.....%&457CVs....DEFcu..d..'...8We...................................<.........................!14Qqr...23A..R"$a..B...Sb..#cC..............?../b...|.;.....+.(8vH....;$~.~..R..d..O.S.G..+%(8vH......d..O...f..d..O..vH......y.h1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%(1.H....;$~.~..R..d..O.S.G..+%3A..G..).#.S.......#.S....)...L.c..)..vH....d..>......d..O.VJPc..)..vH....d..>......d..O.VJPc..)...8...R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (431)
                                                    Category:downloaded
                                                    Size (bytes):54714
                                                    Entropy (8bit):5.222710376887887
                                                    Encrypted:false
                                                    SSDEEP:192:bz8fW6D1ksUGND9o0mMJc0dfsCmR/Cp6TiLbMRe+Wp3vl+1basCdO1QaIx/YLq46:IW6D1bn5A0dfsL8Lo4ACdr/Y/+Bd
                                                    MD5:699CF22F1309FCF0AB8C76DAEF0EBBB8
                                                    SHA1:872ECD95386519EBD96A07B247D58E74FA5E97A5
                                                    SHA-256:6E7E1FF6449131B1FBF6486906DE2D13B0089B39706608AE2622A1AA9184FD27
                                                    SHA-512:18F290B63B3E9E4D69E7529E72F7222672D3E914DA827D0B9FA8F0DCA3248133D2D8143F63349746B425B53268FA196C5A0663F49FA848E20F4129D8D7FB9008
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/script/202311/dd9f88ae9522429291c7c4fa82adc362.js
                                                    Preview:document.writeln("<style>");.document.writeln(" /* ...... */html,body,h1,h2,h3,h4,h5,h6,input,ul,ol,li,input,p,dl,dd,dt,button {padding:0;margin:0;}");.document.writeln("button {outline:none;border:none;}");.document.writeln("body {font-size:16px;font-family:\'PingFang SC\';overflow-x:hidden;}");.document.writeln("ul,li {list-style:none;}");.document.writeln("a {text-decoration:none;color:#333333;}");.document.writeln(".top_wrap .nav ul li a:hover,.footer_bot_r p a:hover {color:#DE0617;}");.document.writeln("a:focus {outline:none;}");.document.writeln("img {vertical-align:middle;border:0;border-style:none;}");.document.writeln(".clearfix:after {content:\'\';height:0;width:0;clear:both;visibility:hidden;display:block;font-size:0;}");.document.writeln(".clearfix {zoom:1;}");.document.writeln(".fl {float:left;}");.document.writeln(".fr {float:right;}");.document.writeln(".core {width:1200px;margin:0 auto;}");.document.writeln("body {background:#FFFFFF;font-family:\'....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):17
                                                    Entropy (8bit):3.5724694587701364
                                                    Encrypted:false
                                                    SSDEEP:3:AJAwWVcbn:sAwWV2n
                                                    MD5:CA7F6DF58D657613F7260A93F6FE4490
                                                    SHA1:CAC9C3A25FEFE6D7B809EE78E88F5874A3068792
                                                    SHA-256:2B205AA5B0E5389071BDAA82FE6919F7C413A16998B84E89489724D39E5552FD
                                                    SHA-512:2CDCE67B931AC752B40B5467CF2176FEAB836BFDB71DEC7CBF6D9AE2332CA3BD0544101DC1ED743122EFF07D3B7629C7BD224D75CA8F2DEBBD5BFE7ECBF96002
                                                    Malicious:false
                                                    Preview:handleResponse(1)
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):1688
                                                    Entropy (8bit):5.0713346828958334
                                                    Encrypted:false
                                                    SSDEEP:48:c4AlfEtkZAmVbSvViOYNEuqGMX3Hm9m7oKlK4kgF:slfYNmUdiOluqX3Hm9mJE4k2
                                                    MD5:32D87ADEFC9AAE8732107E05B61BC84C
                                                    SHA1:5B323A9868EEEF9F7C703B4EAC847320BB1288BC
                                                    SHA-256:A0574D92FDA687C9B6777EBCDC6FF034BFBD0CDAE8C3A3889A0B71BE94077CBF
                                                    SHA-512:649A84ABE026C267982D0376E42EC03314F366AB5084129A4930DC60CFF2AA6D02A32D1AFBBBBB991499C75D6D5B811DB06BD2ADFD3ABD916E47C5A44B03C5AA
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 21.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id=".._1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 48 48" style="enable-background:new 0 0 48 48;" xml:space="preserve">..<style type="text/css">....st0{fill:#5C95D0;}....st1{fill:#FFFFFF;}..</style>..<g>...<path class="st0" d="M24.6,28.8c0,0-0.1,0-0.1,0.1c0,0-0.1,0-0.1,0.1C24.3,29,24.1,29,24,29c0,0,0,0,0,0s0,0,0,0....c-0.1,0-0.3,0-0.4-0.1c0,0-0.1,0-0.1-0.1c0,0-0.1,0-0.1-0.1l-3.2-2.5L13.4,33h21.2l-6.7-6.8L24.6,28.8z"/>...<path class="st0" d="M11,19.1v13.4c0,0,0,0.1,0,0.1l7.6-7.6L11,19.1z"/>...<path class="st0" d="M37,32.6C37,32.6,37,32.6,37,32.6l0-13.6L29.5,25L37,32.6z"/>...<path class="st0" d="M36.5,15h-25c-0.3,0-0.5,0.2-0.5,0.5v1.1l13,10.2l13-10.2v-1C37,15.2,36.8,15,36.5,15z"/>...<path class="st0" d="M24,0.5C11,0.5,0.5,11,0.5,24S11,47.5,24,47.5S47.5,37,47.5,24
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.348183146473142
                                                    Encrypted:false
                                                    SSDEEP:12288:WgX4dn+VrN/9yVtUN98BH/+SyaNahpnSoZtDKH9nMFnnVdLTx9DNNwkl:vX4B+Vh1y8k1zNqpG9nMFnnTLTx9DMkl
                                                    MD5:FEED81A0B5869100E30E83DFCE9E866F
                                                    SHA1:1D9842E48BEFD9C4E55AD84DBBB8C308F130CBA5
                                                    SHA-256:75CB34EF14B6FDF7D96EB5DDA6EB04788EEB9A45B605F89B699CE6167E739DF0
                                                    SHA-512:7AF4B96A2FFEE029153B698B7E09E0803BF4E2523E4289D47BC3601522315C6CBD1FBB62A8579BFF9AE59343AADC1EF4AC388FB1B0B7503BC72F7CDBDAA45FF4
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/Se56633285c594e44a34b2267620f35b6-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|..........................................................................................................................................................................................................................................................|...{...|.......................................z.npN...k...l.......................w...{...........w...c...i...z.......|...z...v...q...i...b...h...{...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x182, components 3
                                                    Category:dropped
                                                    Size (bytes):110152
                                                    Entropy (8bit):7.975075256251562
                                                    Encrypted:false
                                                    SSDEEP:3072:wowgY8Kr7Bfmw4l5Iw0cGK0uvXQAtySlos4bru:wUYGwqIJtK1vrDd4e
                                                    MD5:C8B45900A1587FD678AFC51653685F17
                                                    SHA1:84BB8FB0C64146F59C20F96060AADBCC5FD3DBBC
                                                    SHA-256:027BAFDDFFA561600DF61C9BC06AAC729F933F0BB66F70E7821E483444FFA986
                                                    SHA-512:56D0627B50152DF6A4DD48D65F16FFECC8E3EF1DD8571F3086F1A037ECFFB3CC4B42C6AF3DE0478E8105DE769B6A022B2BEF3C391B5551DFE22DF10BF5D5F9F9
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:308709D76F5211EFBF32A64EEEDB5ADD" xmpMM:DocumentID="xmp.did:308709D86F5211EFBF32A64EEEDB5ADD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:308709D56F5211EFBF32A64EEEDB5ADD" stRef:documentID="xmp.did:308709D66F5211EFBF32A64EEEDB5ADD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):178
                                                    Entropy (8bit):6.444808654141112
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPl9vtJK6PtcBxdk41ITtW3Ggq3C0MsvVUmNj3FUt+pZSqM76+L5w/+G:6v/lhPO6ykhYHh0M+b0AMtPCRdp
                                                    MD5:2D32348DB7B0ECA4195BF844551A5C58
                                                    SHA1:EC7AA605C063FAF6A951C2D64A8D98933B60F6A4
                                                    SHA-256:F4BF8E4B3DDD92EDAA4F3D39DA434AA55CA52F487964CFE139242A29CFB596BF
                                                    SHA-512:469D3AF1C820E25F62E5ADD0A5950FC2D84FC3E0E47555B4145C4178026026E2BB22D47ED072656E36632041338E9B06C5E5E0347B5DBA6F8181277E5FE1D9A0
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-viewOutline.png
                                                    Preview:.PNG........IHDR...............7....yIDATx...-..A.....c...0(.?..<........V..7......#O..)....5.|'@.c..2.;..|. q.c..L.wC..Gi^3.u[.x..'..\K.H..U...o..?|..U....}....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:dropped
                                                    Size (bytes):196299
                                                    Entropy (8bit):7.971651336670829
                                                    Encrypted:false
                                                    SSDEEP:3072:fzcVc4KxrlmyMD+NWsJPLNWjo2Fo70gi5c8GhfWoO7kVNzNHmXBewuluB2duzs0K:KcZm3Dj4NeLsfWB6zdmxVnBsuzs0+jWW
                                                    MD5:4F46FB9A5363A3C3F3529329D9CD564B
                                                    SHA1:D5D9B91D8F54652D8546CC0125C9EF08A5A8378E
                                                    SHA-256:1A59C93712A22421F08846BDFC8A7D361C813A544BDA6A9F698F260B570D2DE6
                                                    SHA-512:8A5D685499B87431CD742E40C553AC922E81DBDBA281FE8DC7CF1761607ADC98D6ABDA84BD6AC9AE604CCDE11CE28BD5F095D8C9EC84C49B5A1878B2BC9F2308
                                                    Malicious:false
                                                    Preview:......JFIF.............C....................................................................C.......................................................................q...."..........................................\.........................!...1.AQ."aq..2.....#...3B...$45Rr.%bst..6Cu7Sv.....8...&9DEc......................................R.......................!..1A..Qa"q...2...#...B....3Rr..$Cbs..456t..%w..7EScuv...............?...U..*.K.V..8 |>....y.).(.)l.H.PV.rs....zw.8&.}!...+......u..."..\..Z...L6.V.JX).........[..R.WQ..t.M......F.).7.OR...u...=..n.2.^[.B.......3....%H.]I..}.9...?...~.....Gy.A).\h+p...;......sH.P..g..v.....'i.E.......;.{.V.x.*.{......._n1..4.v#....<m....J.......}7.c.YK.....l{.....e.^I..P..|goL...c...RG..5..?..J.........%.....I?..M.x?r.i.AVRGo..xMi.):R0...`c....\(.A..TIV7'.n....x.CgbI-g....U..C..A.|..2A.c.......~1..m.......!..~.dIH.8...?_....O/r.T....oO.8...oJ.......W...a.0t.<.....y...................NO..~_w...N......o...dl(..=.=../.w.6S.{
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (22010)
                                                    Category:dropped
                                                    Size (bytes):22011
                                                    Entropy (8bit):5.3179916766708715
                                                    Encrypted:false
                                                    SSDEEP:384:F19Cih92A3igTLXSt/SdMrXqE6tGLxzAOTElH0jjhtjfs8:F14iV3iaWtXItqF13k8
                                                    MD5:386111F9108EFBC7426B3C42D7320511
                                                    SHA1:FD1CBFDEB7CA75C9E78E4996F4CAAF8C416CAFE6
                                                    SHA-256:D5644D8445225F7BEAB690029910B19FAF1A9A26BC2779899FEC81D7B519DADB
                                                    SHA-512:F66519DAB44BE0169147359538388C877FD52F6A96F8A159DF7A7EFB293B567A78BD8948F66006F7E554405EA2D0DCD2758BD7E8C4A3C51C166E727AE1008B18
                                                    Malicious:false
                                                    Preview:. ;!function(e,t){"use strict";var i,n,a=e.layui&&layui.define,o={getPath:function(){var e=document.currentScript?document.currentScript.src:function(){for(var e,t=document.scripts,i=t.length-1,n=i;n>0;n--)if("interactive"===t[n].readyState){e=t[n].src;break}return e||t[i].src}();return e.substring(0,e.lastIndexOf("/")+1)}(),config:{},end:{},minIndex:0,minLeft:[],btn:["&#x786E;&#x5B9A;","&#x53D6;&#x6D88;"],type:["dialog","page","iframe","loading","tips"],getStyle:function(t,i){var n=t.currentStyle?t.currentStyle:e.getComputedStyle(t,null);return n[n.getPropertyValue?"getPropertyValue":"getAttribute"](i)},link:function(t,i,n){if(r.path){var a=document.getElementsByTagName("head")[0],s=document.createElement("link");"string"==typeof i&&(n=i);var l=(n||t).replace(/\.|\//g,""),f="layuicss-"+l,c=0;s.rel="stylesheet",s.href=r.path+t,s.id=f,document.getElementById(f)||a.appendChild(s),"function"==typeof i&&!function u(){return++c>80?e.console&&console.error("layer.css: Invalid"):void(1989===p
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (17454)
                                                    Category:dropped
                                                    Size (bytes):17648
                                                    Entropy (8bit):5.2183319518062605
                                                    Encrypted:false
                                                    SSDEEP:384:6Ezyz85k6MTQmeYl8oSdNdSoUYdHvEDezCnGgqo6N6TBIueHtf:I76MTQxYl8oSdNdS/QHvED9StETBKHtf
                                                    MD5:F59CEBC35A59C34B77A29D90CE2F453B
                                                    SHA1:0C5D5A72C6DA0FE17F4522F0D567B7E297A5A536
                                                    SHA-256:7128756CA0E757599A32FDC265602101C32C2DAC709B6812AC9A17721B8457D7
                                                    SHA-512:5A52B0367E7BA8897A8CD1EE6CB5F05C5D574D9E2C7F9578FBA944DDF7E16DD107D62AF52650472C54DCE4F12E1D04740BEEA07FE43C3B79C8880E6D57733DB7
                                                    Malicious:false
                                                    Preview:/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.. * Released under MIT license, github.com/requirejs/requirejs/blob/master/LICENSE. */.var requirejs,require,define;!function(global,setTimeout){var req,s,head,baseElement,dataMain,src,interactiveScript,currentlyAddingScript,mainScript,subPath,version="2.3.6",commentRegExp=/\/\*[\s\S]*?\*\/|([^:"'=]|^)\/\/.*$/gm,cjsRequireRegExp=/[^.]\s*require\s*\(\s*["']([^'"\s]+)["']\s*\)/g,jsSuffixRegExp=/\.js$/,currDirRegExp=/^\.\//,op=Object.prototype,ostring=op.toString,hasOwn=op.hasOwnProperty,isBrowser=!("undefined"==typeof window||"undefined"==typeof navigator||!window.document),isWebWorker=!isBrowser&&"undefined"!=typeof importScripts,readyRegExp=isBrowser&&"PLAYSTATION 3"===navigator.platform?/^complete$/:/^(complete|loaded)$/,defContextName="_",isOpera="undefined"!=typeof opera&&"[object Opera]"===opera.toString(),contexts={},cfg={},globalDefQueue=[],useInteractive=!1;function comment
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):5.069578991915547
                                                    Encrypted:false
                                                    SSDEEP:6144:afwMHB8SFItbNxiF3TTW7U7+YpJoyoRgau61Mm/vdLvNJPod3eNftj:i9zL7ajRodofR
                                                    MD5:E1C4C0FA46A5B4AA71934A9375AC17A7
                                                    SHA1:11DE2D6C7E241EC0899DEC462D34DB24271786C2
                                                    SHA-256:0D420B81D3FE8DDC679F6684CF49945D1A2906380C077B707913FA0FC0F192BE
                                                    SHA-512:F9731B6AEF5F0BC9553AFE6E896FA97E2A6A5E99965C5533D207D3796052929DB25074267FDDD2F074FA5FA45FD2B444F30DEC23E048709BF81859808A067A9A
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.........................<DM."%).. !. "#.&*).*//..46.18:.4<>.8@C.:CE.>IJ.BNO.FQR.MVW.PYZ.S]].OZX._ji.............................z...v...lwu.aml.DKN............."".."#.......... ../0).02*.-/'.*,%....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.598167631925766
                                                    Encrypted:false
                                                    SSDEEP:12288:+0rq/rDz4eIA1PYDI1Qdog7g3h1mhyJ34TuBuL+mg/HlhVeZPqaXWnKqxJTbbAUk:o/vz4eudXVXWnKqxhXAUceHhKOpd67l7
                                                    MD5:483A1B69E89C6B256B601DC1E3D73FE6
                                                    SHA1:0D3549EA3614495EDB638CD611743C004FBA30F8
                                                    SHA-256:748BAEFA34D802D410FB19EC343E5F9C5D932F6349869D706118E470279A3374
                                                    SHA-512:A9E84358EEC9F36DF5CAEE9170EB2AC1021C545C7241DEFA8B7DB0299B877E8E347A1D4BEC7D7FF38A25F4C23770588A902D0B433D3BFC2DB608B3C8C08AA10C
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.ron.vvs.ssq.ttr.ttr.utr.rrp.qqo.ttr.qqo.rrp.pqp.opo.qqq.mmm.llj.jjh.mmk.gge.jji.fff.fff.kkj.fge.jjh.ggf.gge.cca.cca.hhf.efe.bbc.hhg.`a`.hif.bd`.ac`.\][.XZW.`b_.efc.dec._a^.]^[.]]Z.``].fgc.efb.]]Z.[]Z.PSS.GIM.AEF.@A@.PQN.UUS.WVT.UUS.RSR.WYV.XZW.XZX.STR.TTR.UUS.STR.OOM.STQ.TVS.NOL.MNK.KLJ.FEC.FEC.EEA.EE@.QRM.ceb.mom.rvu.qts.lnm.knl.fhd.oqn.oqp.wyx.uwv.wyx.x||.~...........wz|.y{{.vxw.wyv.wxu.xxv.~~|.{{y.{{y.......................~.......................................................qiZ.vn^.rk_.lh_.utn...~.............................................................neZ.kbT.f^P.gbY.|xr...z.......y.kcX.ph].leX.hcU.hcX.XQI.RLC.PKB.HF=.GB;.:6/.?;4.B>7.B?7.C?:.A=:.B?:.FC=.?<7.530.@?<.BA>.EC?.NKH.HEC.LIH.WUR.PPK.POL.ONK.TSP.ZZU.a`\.][X.SSN.YYT.XTP.\[W.[]W.TSM.^^Y.]]Y.[ZV.fgb.ee_.ggb.dd_.]\X.db].RPJ.]ZS._\U.YWQ.TSM.KHC.LGC.GC@.?=;.964.*" .'....%#.( !. .".9>D.-/6.$$%." .'$".(%".)%".)%".)#!.-%#.,%"..'$.+&".*%!.*%!.)$ .(# .*$!.9,).=/,.@20.:/.....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:GIF image data, version 89a, 24 x 24
                                                    Category:dropped
                                                    Size (bytes):2545
                                                    Entropy (8bit):7.142191857408522
                                                    Encrypted:false
                                                    SSDEEP:48:H5vqZ5vmZv9Cd9c567nXCp1MWBXpSP+km6dAuzvdEKP:HxYJndGU7nyp1RXplkHdAiv6
                                                    MD5:FAA74E8C61FC64D5EDB11613C7EEAD2C
                                                    SHA1:E043879D3EE94A3EDF10260F21F44BFA4A6FC66E
                                                    SHA-256:483C4A0396691993A641EC409C44B8B7E1DAAB0AE7E2B2944C4BC59520BB7655
                                                    SHA-512:451DB4141333FE6561E6259352B6259F80A2B080380D48117B693CC1EA1D6F3CECB5F4A4493AF11C734989E4096B01BAD2B31E47D2E13718628AC254C4DEB70E
                                                    Malicious:false
                                                    Preview:GIF89a...........................................vvv......hhh..........................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,........... .$.AeZ...<...Q46.<...A.......H.a....:....ID0.F...a\xG.3...!...O:-....Rj...TJ..*........t...........~."...ds]......)t...-"...i;H>.n.Qg]_*......R.3.....GI?.....v$...j3!.!.......,........... .$.0eZ..y..0..q ..P..W...)";..qX.^..D50......<H3.!.....k-.n..a. .(.i...d.$P@y.w`.J..#.....?..y........o...g.....f....'8..{..'C.p`j.n."...2.{.`x...jy.4...C,.4..o#n.$.....!.!.......,........... .$. eZ...$.2.....q....E. ....p$H@D/.....G.D.j8v#..P((D..... ..N.(3..#.y....(@...gUx*.kK.).....?K...............$..."....*.......K.....W......x..?.G...#.W....n.h.K,.....+.....*!.!.......,........... .$ .eZ..Y.$1..Q(c......O'"............. 1....q.d"..A.....V.x8p..4988.MRC.@....e*.3@.iI.)..'.?I.........@.......,.....#.........5..,.....".E..z...?..@.E...@.....).....*!.!.......,........... .$.(e..$....C.E1..;...('2$..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):700
                                                    Entropy (8bit):7.593819163854851
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7ib/r5yiPKP+jnnearbYI1YC1bgDUX+HCyBkwEridJBzrbdq:o4KP+jzHdqPouhzrbw
                                                    MD5:15B29D6CC25CDFECB4C1E4A08B8086CE
                                                    SHA1:37DBE72C675256A87DE5913E3781698361B1A7CF
                                                    SHA-256:E2271C163A0133D20A18500063526E39C3A3E53831EE60A7F881974DA2CF108E
                                                    SHA-512:245D85000E0709376D589E14757095FD6244C011E7385E434367A0D6416CF2A5ABEEF83571D049B4E14C7FA3BE249692AF09BCDAD4F4E298422C71D188893CA5
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........vIDAT8O..[..e....LH.{..Ca...b..JIa.DH..>D..F..B.^B|Q.......$.S1R.R.K`""..H$..(....{..#...7.}k.Z{.........`.......8.'._..e.......1.+...`.~...[...$....c.7&`...U.......je.H.W...O....u.[V4...8.+./.u....b.o..E......j..n1z.K.9>..,..-m...uW......v...Me_._X.>E.zYr/.bt..|..aL....j.rp.>+...E...~...Y...PL..|.~../W....Y.a..gcG...%4.....z.x..T."9.9...........r|.{...)...D.7,.....D.`..k....x.7p...(.........N|.#.pb...y^...U.S.0..M.....).!L.....V!......T(.E^.......u .....+.],.N.."{;Zs.CM<N.Z..}r.+"5.2.Z.i...~....u.....*..w.`1.U..#S..a]m.>..n.c.n.*.....kX....>....U..gP...y.k1...E...6.d.>*i......Z.!.H....|.t.>l.5q.1......S...pP.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):723
                                                    Entropy (8bit):7.638356371195466
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i/I15/nXJKu/qUCJ7I3ACVDYnRKOEXmNWPYJMfgu06xlTSGEM:PI1pJzqUCO3VDYn2mNadf8Ul4M
                                                    MD5:538AB2B3935988D2BC2DB107906093E8
                                                    SHA1:B28990728B8835665E1A1DF397507A47C7F719CD
                                                    SHA-256:C303C2060524A92F80776C8305F5DFC42D078C4BC15A0D3B4666130CBEF2D4E4
                                                    SHA-512:7F02F12AE57730BB42C90C81A9FD9B669601D763FE5F515E36613758A0DBF4C09636B2D7CC6D8333C63E8E37514F97A3EDF8C40F16FF409ADEBDAA8AFB1970AB
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_14.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O}.K..U.....&8..m.h....(.d..(.#15....a...,.+_a.$..nZ....=&...a...T..."....d]._>....s..>..>.C.....k....X.....A'..................X.a0..\.ab.~.?.o.V7<..0.'.|r.....O....v.....?V......+.....`.0:E.....+q/.G..Vl..`.^.X........3../......XU.......{N.{..P....*g&.i..Pr.6.)<.c%.l<..I......(^........5..U..{.U9#.q4n>..........._.B...j.\x........r.........8...D.....3....xC.?.....Ft.#|.y.Z...$z...`[.........n..h..c.).(._..2gH..Ib.....|<Wn..H..*l.-L.~=.~eVt.E.q....`.."&aZI..R.b...{..`,R~.v.....+.9...H....z1)k..7ms...F..Hr..........M.....W.....W.L..2.z.3.2.RB.......RM.kf..%...k..1 ....j.a$.z.e.69O..<........Un3......f....5.:..U...}.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 7 x 16, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):107
                                                    Entropy (8bit):5.422522634824745
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPlyvtBXYBd0IKz5Ul3tUdY6l93leg1p:6v/lhPwd00IM+dUu+jp
                                                    MD5:0F776A81F64ED3775CE1917917879E4B
                                                    SHA1:ACBBC7071A0641A10E1D50991D1ABBFA26B5DCE9
                                                    SHA-256:59280AC4EC15B3176CD6948FA4D2319698D484C971F432EB8454DD851416E5DD
                                                    SHA-512:9D0F7693EE97837DC9EFB8C8A0E127A654C01332FDA3EB23360AF16E7BA460D7F2F5DCF3D268CD72F9455E9ADDE385BD45754EAAD83BC4DC392547E6A5454C9F
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............e....2IDATx.c.H....~ ^...%X.x-.?..,.K.....|7.2...0.2...1.[.K.G.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, baseline, precision 8, 1920x637, components 3
                                                    Category:downloaded
                                                    Size (bytes):333706
                                                    Entropy (8bit):7.966680312301619
                                                    Encrypted:false
                                                    SSDEEP:6144:0Ah/a2l8CsbgFvM7mMJBbOsWalsFDlfwU/QMvNrJbHIpCD17jamuc85HLpef:0Ah/a68CAGsBrZlL+QKbopk72mqpef
                                                    MD5:CA446EFBD89FFF911588932B5644D6AD
                                                    SHA1:73F60D18E7AC646200A004D1344CDB1D7C3F7A1B
                                                    SHA-256:A45DBB1B58E5684612B62FA71655F684C2524591DA6F87F162A78E6599CA4724
                                                    SHA-512:9EEC0EFD3787B057B2342FA3F3F644ED2BABE7258EDE5680E9058C45D13B5A1B80E0E8097395C536B3CD622B46C18537D666CDC57D521622E8021F4642ABCC75
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/4b8280cdd37b4416bed4caa259e2b195.jpg
                                                    Preview:..................................................................................................................................................Adobe.d...........}.............................................................................................!..1A.Qa.."q..2....B......#.R..$%3b&4Cr..56DSVe...EFTUcdstu........7fg.........'..8G.......................!1.A...Qaq"2...........#3BR..STr..4C$b.D...cs..............?..n..........<.......SQ:..s&-t.+R...I%.1.#.h|.M.z...\.........M._..G..<.G....!......?..R...\L..C<.C..._...Z....K...0...3..8.....N.....R....d.....)...c..I8.....V...'...E./..............]..8d......v..a.....?...~..H.!.^"....-....}...e-....2G..;....x....>....i?.p...3?........?....2...7......q.....#...?.Rj_..c.H.".~&......|.._.)..P.......O;?-....}.......T2G.......g.x|...........$|...C...?..E....2.......E..C..;?...>.7...?....#..g....v~....Q.......(d.....o.w.....p...>...>....o.w....>."...H.m.u.H.!...;:...p......t.7........a..g...'....]&...2G..3.....{..x|<.......>.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x642, components 3
                                                    Category:downloaded
                                                    Size (bytes):109278
                                                    Entropy (8bit):7.98013670890316
                                                    Encrypted:false
                                                    SSDEEP:1536:QHlSEozBqq3Zq7XV+OrxNZ04xE6NNKE+rintCm5On3jSee6bCuLwa07XquDhKQfj:QpSWXVFVTt3kitNgjSelCXauDUFA
                                                    MD5:65C6C60B9A61F1D8EF686AC6A9AE676F
                                                    SHA1:CDF565E4B3B03493082718127491712057AE080A
                                                    SHA-256:DF5262E249EF058B9BB9D24C625C933771E09444D1F61B9FBC3ADD0CF2CEAFF0
                                                    SHA-512:67B75AF5986E70AADE7FC0FD69BD8EBAD237C5CCF0D6C3DE5D76E4E7CCC42BA73624E855153D15E8BA05251BBE5DC9409E183DFE01A2978315FD5DA26E3A716B
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20247/a942f54defa24e308f9e42b973967145.jpg
                                                    Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........8.."........................................[..........................!1.AQaq.."#2345rs....$%6Bbt.....Rc..&CS....DETUd.......7.'F.u........................................................!1.AQ.."2.R.Ba#..3q.$............?...5..T.f.UUT.o..2...ek.#.\...zP.6.e....kk4...s.}.e._..#^5q)`9..r.R....N.........ww.zA...4.=.u...=.p.5.....j....&.`w..K..8..~.k..$..Q...r..a.6.....O.g.G.d.1Kct..CFN;..S...s....C.{..^.....#.....N...Z.y.V...].........9AO.D...D.l...$].e...1........?%.+.{..W.E+dv....w|x.\.TZ#q.0..?.....C..cz..R..k#...)...l".."}.=rcpbf.....Tv..3..PL...G.f...FS...]N?.o.K..-...y...hrK.F..v..?.D.2...3...... ...H~.\.id=.>...9.9;5S.)....f..dFp,.!..7......Y...29.5.~.L...2...tf..[..Jv.cN.Ju....<..U......:............g_.....J.h...d..V.&.@..7s.8.Sd..K....cp.....RU.D.......9.....:S..._T..7..uc.\....h
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 10 x 19, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):393
                                                    Entropy (8bit):7.296770951568778
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7utP+b38KAj3Feb7W7lsVCdUvf7XvTAfIQNA/:7vjFebqCVg4jOI+K
                                                    MD5:253C7B15056DDFD7AAF52F40F08C8C33
                                                    SHA1:E05E37BF142955204E12C8B1BFBB501C3F681FA4
                                                    SHA-256:779D131D7BD335804E51B20FBF21476F81A97085791541B74777823AEA115E78
                                                    SHA-512:DD329A0DB9FF0144EEAF4DBE71A5E367953A48C7CB630050B9FA4A482E22559120109921A577C8E99F9454DC23F1BEC20EA3C3715E5D4C69B4AC2CE778A499F2
                                                    Malicious:false
                                                    Preview:.PNG........IHDR....................sRGB........CIDAT8Ou.N.Q....,.H%..o$.Q..C..H.+0......DW.4j.9|.......A..;........?..O...<.S[...#c..i.......8..9C,.....=..R..)..BW...^..q.XJ^......E.r;9..m|.=.+|..R.p........%lp^.V.6....)..v.K.F..1v&a.iJ7..O...7'...^c}21.}...E.....L.of`......q~u..0+'=.>....z...=3V....o...7X...j.('5'.\OF.d.b...a..I..Cw.].j.O?....x.......L2.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 117 x 118, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):18691
                                                    Entropy (8bit):7.977136585659524
                                                    Encrypted:false
                                                    SSDEEP:384:g+JfgIUOXDPmY4R3Mv8rQtzLeNslPN4Jaon2e8ugQv89h0OKgN1s2cc:RZECOY4hRrU347pn2e8Kv8j0Rg02j
                                                    MD5:ADD094281B4C54325095DB0A83236A2F
                                                    SHA1:13F89ECC457F7C3178085ADF198B5458FD18C269
                                                    SHA-256:F9F0DFE17D67DD38C244FB76716FC4F9FCE4B4ED85F55B2FEE08A1969BEBF893
                                                    SHA-512:024803037EECB5A8E55728C50A788E3306C65CF3CA461877068A69FCF248C2B9EE9D7396266459ACA9F2CF75C314BE09B67E862BFF887C68B010262F40006687
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/f456bc7231c6442fac5e5be4a0cf893b.png
                                                    Preview:.PNG........IHDR...u...v.............sRGB....... .IDATx^..t.U...$77.&..J...)J.D.bwt...{........XivF..l8*.4..Q.B'..[.s...@...w>......sv......w................g....+.......C..8.bj.J..........3........`........%n........T..u....3....+K`........s...ht).YG..4.4.Ri*'q....H.*....yyyE.:Z..QQQG.AI..s~.....9W....8.|J...Sj.^{........{. .....a....w5o.\...S..]...K.....[t.y.)##C<...?W\\\.sM..........SOu..'t..q.u..u..z..G.....s...r...{.K..<xPW_}....K.~..z.....o..^.7oV||..G...?c....6m.....>.H._..../...r..'h.......Lu.lD..\.6m.i.&7y_...Tc...X>S_|.E]r.%.v.?..n...eff.e....O..\.......:..8.5..w.v.a..'Pk.ULL.c(B......"...=..o.uL^.d.O.z.).....w.y...."80.&,_......6.N:......f*..$..r....3...4...;.0.N.:.MC+./.4...ot.z..w.k...?....S.Bp/$.{q....gO.wrr......&$$..&.3W.^..t..N...[o...1.{...;.3..'.8...p.....2M..$w....7g,.....iS.l.c|h....n..0G.v....6S.L..I.&z...LI..s&.R5f......n..-.i....>.L....].4p.@G`3....{.g.T2...@2e....7....W.^N.`.w.}.@ ...s0...._....d.5.1...9s.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, ASCII text, with very long lines (65536), with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):93578
                                                    Entropy (8bit):5.291896334227797
                                                    Encrypted:false
                                                    SSDEEP:1536:O6IzxET/avYSGaW4snuHEk/yosnSFngC/VEEG0vd0KO4emAp2LSEMBoviR+I1z5T:M+9Iklosn/BLXjxzMhsSQ
                                                    MD5:BCB3E127244F7839A12645B423179A1A
                                                    SHA1:43FCC8636660DC8FB9828F19505AF4F80553DD2B
                                                    SHA-256:6F0A83FD18DE44DD9A49C0344CA94C6EE7494F34DABFDC760534C2B089BB3185
                                                    SHA-512:62AA98E2FEDDF4D677A4F0E9C4CDA2A1EA592AE91FA3817F03DA34A2082158868B448A34EC45C79D9E2D8B1E8A224EDD2074CC5DBCA1B6512ACEEFC057282827
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/default/script/jslib/jquery.js
                                                    Preview:(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t||0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t,r)}return v.grep(e,function(e,r){return v.inArray(e,t
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x182, components 3
                                                    Category:dropped
                                                    Size (bytes):115722
                                                    Entropy (8bit):7.977452460239957
                                                    Encrypted:false
                                                    SSDEEP:3072:eQiMZ/3qD8eIdOrhQPHsYv3H/RahKXL3k:GMNS89OdTMHZakk
                                                    MD5:C5BE9B537473C18A10075990DDF75F8A
                                                    SHA1:C9C02C7B9E461B7EE952DD516A330BE6FA1044F9
                                                    SHA-256:82ED03BD1E7D79C836C62D30B75F6E7B544F11C71FDC4F6CEC227F6C4B343963
                                                    SHA-512:F70EEDB10C6D23804134B8C3FD5125CC101842A53081A313363E8A800A9288988577A13625B9FEFC89BCEDCA84C43A05D8D4A548B11AB850705837E35FBBEB00
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:268ED8396E8111EFA78DD0CA966806A1" xmpMM:InstanceID="xmp.iid:268ED8386E8111EFA78DD0CA966806A1" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DC2928974F1711EFBBD4AA51360F33BF" stRef:documentID="xmp.did:DC2928984F1711EFBBD4AA51360F33BF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.645333368030347
                                                    Encrypted:false
                                                    SSDEEP:12288:Az/pRSaCnHQBEK08+HxegLFjzQnVqrR/SgINN3ZKZW1P5y1tFeB7b:I/6aCHQBEt8+HfFjcnViSg0JpF5IS
                                                    MD5:A20561C3EB203213B4513C492F7A4ADD
                                                    SHA1:8B9B942F5B2AEC7D2F8319C4F2E3707E52DB3D27
                                                    SHA-256:FA0603ACC252940514D1F0ABAC9886E156C0798E1DA3E8560A97FAB4398E9991
                                                    SHA-512:19E4412D9F11EE7A288B094CA4F02B8F8D4D8E93819FA1A672C8C040BBE89B8BEE286D7C935D656F57CD1C27BFF793162312B244BB83497D50B6BCE38761A4AE
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|..y...u...v....~MF.Z+$.].&.}M@..YJ.Q$..I....h`......z..bK......c.^3#.0...Z/)..\P.q@8..^O.B...N+$.._X..cX..xf...~...{...s..v]..dM..ZE..YE..gR..s\...m..........y..x...............oX..fJ..jM..rU..qV..kQ..fL..aI..ZE..T@..fQ..yb..XE..U?..eO.{J7.pB2.Q%..S#..r:-.h2$.L ..H$..K!..yB2.\.$.pH@.8...6...8...B...E!..H$..L%.._4'.}N?..p]...l...j..v]..gM..K1.zA'..T:..gL..v\...o...............w..te..}k..rb.qHA.xI>..kR..w^.uE<.E$ .Q-)..xk......~...u..yl..\M..M<..^I..w_..g........zA6.g4-..MF..LD.xC:..WL..g\..f[..zp..`V..si..mc..QH..VL..d\.._U..j\..m..{g..y..|..{..ZN.U1*..\O...y..XJ.qMA.eC8.dE;.,...9 ..Z>0.[>5.;.../...E+#.]@5.\=2.S1&.kF4..U>..gO..`J.{Q<.Y4&.V0&.W5'.W9,.b@1.|R>..[C..s[..~c..oX.sL>.N/(.>&%.8 ..S64.tOJ..^W..`U..m`.~TJ.yQI.mG>.pLB.kE<.xPF.R.$.V4-.P/*.Y95.]?:.Z=6.N/*.Z:3.kI@.vOF...z...t..XP.]>9.fLG.|a\.|_X......|..ga...........................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 414x391, components 3
                                                    Category:dropped
                                                    Size (bytes):104912
                                                    Entropy (8bit):7.962395053617
                                                    Encrypted:false
                                                    SSDEEP:1536:l3OpWfJ2YAVXjMF9hxeoik4yFTndH6Nlbs/aX8RO1t7o6hhMO/AuOJav2BndRmyV:zB2zCJxeR9edH6NpBM67oSbCnmyV
                                                    MD5:F454F5483B5F6C954E818177A5B3AF18
                                                    SHA1:ACD35C59A3877D42B9352CA4DACAFD410188C4BC
                                                    SHA-256:C02DC4FA2081FEF649D5BBAA44E1D116E53BF7785B5BAC8EBE28172856CB5E64
                                                    SHA-512:0E2A05B0C4566A2DFE062E8718FD1DF4A639DDDA3632D2F746F4E1690C5A49FFCF26467C5C17BB56A5256309CDA288042D69864170BBAEEC798F38F6045BF309
                                                    Malicious:false
                                                    Preview:......JFIF.............C....................................................................C............................................................................"...........................................i..........................!.1..A.."Qaq....#2.....BR..$3.%Cb...'467FUV......&5DSTdfr....8EGsu..ct.........................................Z......................!...1..AQ"a..2q...#...3BR.....$%4S.5Cb..&6crstuv......7DT..EUdf...............?...........b.....X....V+.......G.|....;J....V..Os.O........;N....V..E..............h...'..w\}..R...."...%.....?g...b.......9.Y.>..>...?..0..'........X..$.#~......j..........XH .....eI>....~..)......=\(...:E..=.c,k.A.3.GXV.W.G...t=q.9I.z.s..........$..q.J....q.....:..J8.;}.=..r~\c.!.j.....s....[..8RA.#.=..9.............o....G..=..j.o.......Kd..q..1.{g..>:..g.O8.....m....''.m...88>...z.R.....#..W.. `.=9.@......bA...G..f....q.........6..g.$.G.../....}.8....%.`.}..=e.R"..D^..8....P'...z..Y.s...z......9A...........
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1920 x 602, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):261317
                                                    Entropy (8bit):7.972556552684337
                                                    Encrypted:false
                                                    SSDEEP:6144:KhykCMVw+TD8F/FKDzK69NM9OeBBXiRIf5WCkMrMu7GP6cmBbflifbq:KgkCMVw+TDGFUKiLASRArhyVELlV
                                                    MD5:FCB48F854617B5EA3830BD1475494955
                                                    SHA1:CF931BDE445C46E6DD2025A2AFE2A56142458FDB
                                                    SHA-256:5B153DF3E239010C25E7386717498D7EFEB3A8DBDF4118D3A35AD509E0ACF086
                                                    SHA-512:CFEB11323857E49C5A705220098C6A3103D41C55218E0C3C83363EB07D98991FFE896F7434F55EC1F8A2B6FD19DA9D4F6B2089F97A46C346EA30302665E92910
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.......Z......?Z(.. .IDATx^.]..#..u.......t....,.....N<.l.........~~..}~@._.we._R./..h..w.....R.d1.lH.g...&m......l....ky.2..r.k.......a.............l.s3.>sh.T........_.E...6..cj.M.....A..Zr....d~.x..*.....Y........z<.....y....?(...Y^M;........3.h..3.W.]E....A..i.i8.U.Oo...nl*.X.7.]U.'.T.p...H...;..|...2.3.W._.l.J...5e....'oC!..W.hZ.o..s9.a..._..yynzKf.........X.4L.m......X,-.m...H...%..&g.U[C.&.kr......e9...<F.{../NR..jW4q...y.f...u.T.X.5.?:x.*.8.!....u.sA....PI)....%b......c.k..a..tsm..m...>.??.4....|~=^.......v.m..=...&v..,).=..!.*1.L.....PSe.=1..M.=.:..3Lc....5...i...~.'..g.x.....\7.;.*....5.63zPL..3.zQV/.f....^..........7...J-@?.(?.=.>sh.T....u........l..2..m.f..5.o:..Lh...y>.....=6<.E..F.`;.^.0....4.t....i........C.lp.b-.x..Vw.i.;4...;>..bfl.........NK.X.0....l.6.p-..[B.....`.w..g......c.y<...u.G.).......y*........=.`.k..l..0.6.....x....&..p..........V...]..hM.....#.W.y.8...m'...w*,,.I..6..A.&9d.....b{.xC...-.xTs...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):2873
                                                    Entropy (8bit):5.032515959381224
                                                    Encrypted:false
                                                    SSDEEP:48:U1gv+jyVx2BegHppvkMFALhoj9jtevxNEl/YuRlgaYyKTQgQpMvQ:UtyVx2cgHppvb6LhoBIN0/ZljDKVQpF
                                                    MD5:1ED35ABFA5977EEFB9C92AF91BACE0EF
                                                    SHA1:25D79E21C6C3984CA15114E9A0C22410674F96F1
                                                    SHA-256:503972E16AB207ADB52D5875CB737BEC4197F212431F09CFE620CFD5CF676ADA
                                                    SHA-512:CE38901D7BC1DE0B062A72293E9BE9B136AC223B7BB45F69EA8F59CA4C154FAA976EC8D8F0D43504E28FB03018D9CFBE5B4F114CF5F4ADC93723D8F2524430F6
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/default/script/jslib/jquery.cookie.js
                                                    Preview:.(function (factory) {..if (typeof exports === 'object') {...// CommonJS...factory(require('jquery'));..} else {...// Browser globals...factory(jQuery);..}.}(function ($) {...var pluses = /\+/g;...function encode(s) {...return config.raw ? s : encodeURIComponent(s);..}...function decode(s) {...return config.raw ? s : decodeURIComponent(s);..}...function stringifyCookieValue(value) {...return encode(config.json ? JSON.stringify(value) : String(value));..}...function parseCookieValue(s) {...if (s.indexOf('"') === 0) {....// This is a quoted cookie as according to RFC2068, unescape.......s = s.slice(1, -1).replace(/\\"/g, '"').replace(/\\\\/g, '\\');...}....try {....// Replace server-side written pluses with spaces.....// If we can't decode the cookie, ignore it, it's unusable.....// If we can't parse the cookie, ignore it, it's unusable.....s = decodeURIComponent(s.replace(pluses, ' '));....return config.json ? JSON.parse(s) : s;...} catch(e) {}..}...function read(s, converter) {...var v
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1296
                                                    Entropy (8bit):7.789956811401049
                                                    Encrypted:false
                                                    SSDEEP:24:gAGC/Fcj740Ne65ikvtZ51vLq/1/Ao79/QY1QnLxhDa7qF4M9r56WKeOZz1:gXCtcpNfvtZvWNAa1QnLxhUqXr0WE1
                                                    MD5:3E369E7E8D5207AA4A63842176B7B6F1
                                                    SHA1:884775225BC6817C078B9FCEB814507F4B7C1841
                                                    SHA-256:F9F41B369305F9D1CB3C746D1D66E5647919A9E86643C1B210B01119F883637E
                                                    SHA-512:32D55991E10F93463D065C37429AD4DFF098B42B8C0E835D1B686589DE4057D3B8349E264EA72CF9EBFDC4448269CA809ED9A66C8CC70D99210808B096FC6DF9
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/newsWrap01.png
                                                    Preview:.PNG........IHDR.............r......sRGB.........IDATHK..mlSe....uc.^D.eq. ..j..T.f..,......1!.. .B4!sQ>./..Y.Q4..{.Q.2.-.21l.1D......yio.......l-.>..9.....{.C.6...#.4.,..........p]./...24...G46.;IRZc]W.6..!.........3..k. ..`..3....Xb.q.v...T.).yk...@;.x.....!...^..."...]..<.a.$.*..L8.3.7.[._....drx.V..;.P$.G....Rad.e.........j.. ..Hky.....O.J.....R....]6..|.......a;.q..b..yj.g.8..6..I..h._..K.0..zV...|3.SV.v.^......=f~..\..W..8....B`..;..=...N.5o`...K.]Q...#.n.'.....5...6...I..m)...._........qeS .'...g._.;.....G.<.P_.l-9...!..::+#.@. :....3.-....P.....4op../...[..d#0m.7...f`.i..."z(.0]w.|...s...B..a?i..)....9_.&.D.M3.hh..o%..8K.7x.........<O.>.\#.D...../..u.w.i0..mA.3.).r.H.Y...x*.V.\L.Z.>=I.....z.)..)..?y.A..N.!j........R.t...>S..I+'...A.[..F.u..-....._.5.>........#.#....=N......P8 %.......z.f.......<!....z...<....A..>....{C~...%4Z..`..Sb.C..]....^..f.it....`F..w.'..cM.R0..n....i..G*`...6W...W.n...>+:.E...O......6....E..Z..."S...l..W....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):719
                                                    Entropy (8bit):7.659296170807827
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i7pUL69QkN0PYxfJQ0bxzsIepGmwPHRJK6mXhHdbycaDl0On7gaJGUtIMz1U:iHkNAKS0b1mcHnK6mx9bycyCw7garZzi
                                                    MD5:9AF2FCD4846E680EE038C7C2C490DE83
                                                    SHA1:E43DF0A8537EAEFAC850851AF0983B254CDA9B99
                                                    SHA-256:89647F21BD0F75E8CF3A91E900F9FDF377A0736AF65880BF60C73D33FB2EE786
                                                    SHA-512:D0F9D40BB5A363EDBADD82689FC0D1FAF4E88275F7DB60F0649A42C939C6F20C6C0C033CF31CDE43E97473BA31C5035F5699C842F3DD8D9FEEE5030AB73EC2D6
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_03.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8Ou.[.U...21,..0.,DMBE.}.D.f..*..a.&...C....E`.J....Ae..R........3..(..%+..p<..s...f..5...7...~.....c..0^.............#..w.+......a......Y..=....:......o.q.G...0.w..v.Q..a..?..*..l...Sq....h.s.....m.[.S..*Fgp7....Q...*...$'J...^..7....e.7....j.?.'...x.Cq..&/.6.w.......Y....B.|..;.........S.|.7....{u.......(R.{..g.g;.n..z....`.......~.~U.....;l.......S.)`..!....B,...p."%.........[...X.]<..c..).M.........1.*.s.:n.2v..Ag.D....s.VE......,...l.")....`.\.{...r].Y.L:.-..m>....R.[..t.r.e....X...<.O..c..b.+.=..9m.?=....W..IS.J........d|..q.&.<a.&....{g.+.;....R-....o...T.'.ga7....B...&+{'.&....e...i...`..v7......k ..........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 6 x 11, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):245
                                                    Entropy (8bit):6.658967091038261
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPkNMRjAAcVAsYEqYUmg70TlRF0icTevExltjp:6v/78CjAAcTqTj7Kl3+aEN
                                                    MD5:59521C2CE7F6172299173DF0F65F6E28
                                                    SHA1:D52C1B8DACAFA0C7C20A8FE4648178C3D0003A7B
                                                    SHA-256:3EB91F60810D0AE50A8DE43E630A358D6066AF74D3B634529B073B33E1AA9346
                                                    SHA-512:21D7A954D050DF43DE601D9C6BED44F91233E84BCDFE46F3D7CE7E7C0B42CCA9AE1EF49F4D015F10261B73DAF1522E8C74D1EB1D4241A2436A6FECA57FA56B15
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............\R......sRGB.........IDAT(SU....0.Dgs).CO...,z.i.....zH!...*^Dp...F.o..!c..g.....xC..m.J.=3..i.g(..HDuQ.a...@.In....af.Bx&E.Z...U.|....c..p..]..c..9...Ck} ..s......@5....J...4M..>.zH..,.?7....HB.l......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1057
                                                    Entropy (8bit):7.615682278734755
                                                    Encrypted:false
                                                    SSDEEP:24:gfAaUKIKXBKfQdm8Z/Z7zl3ww7fKyMolxHl6oPBm6q5D9r8Vn:gf06RVZ/VzlAuSyFXBrqh9C
                                                    MD5:5A42E51D26C8E057EFAB7580EAA2F68C
                                                    SHA1:9AF13CBBA86717E047BF12D002088DFB95306981
                                                    SHA-256:5F83BB60517A644910D720213DDC203EAE751473EA9857329FE0E36CA139AE30
                                                    SHA-512:28ECB891CE00A281B11C4407D854D1F7C6CDD4D796DC2FA79BDF42F3D3E26D360F85D9855DE72E3BDDFAAFA3E6991A81AECAEB9BD23C4426CAB7BBDBD3431370
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O]U]h.U....v.&T.$/.E.!e......>.Z...o7...P..T.*..iZ.ZEPQA.....RE.)j.-...X..."R...`..{..3q....s.{.w..-.......h.j........k.......>..p...<[...F... .C.^..3.]......,.....I0.e"r#.+....Qk..,7....1.>.O.8&"O:..:X>FQt...h...d... ..6.d.E.D...v.c...T....inn.h..]M..y......{V....(.......Z.V.....H;M.U.. M........3..0.".8.j...{...9k.tM.G/.'.......Z.Sig.%..3.K...Zb...|BD..c....p...j... .V.8.`.Z...i..E...D....+......K(........O.s[..b.X...V.%.e.?.....E..*w.K.....".....n..`c.....'.......f.|.E.....("..97...3...9"...s....p..#.FEd.sn..R)...sQ.M.B.@".7...nc......p^D...p.{....D.1.....8.)"..x6.fkv.33...A.{...........#.w...T..Z-H..*J.5."k.......n.L....c.g.A....^..[?33.g^b.|2.*..GD.m.....|..v":...N.... "78.~M.t~*.HD.......*.J...d..3s.f.V..8.@..!...9Q.L....r[...JV...TK"......./-...E.)..99-oN.RY.Nw....ak...9.G....}}}.:..?D.O.D.......EI.!ku..L...c.M...U.baa..d}.6..7..Xk.]0.2......d.T.nM..?..!.+/--....?...I...&..{3.".....=.c+.,;
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):384
                                                    Entropy (8bit):7.1112457972995715
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6kiHN2FOEGWaegKHIfXzpHBbIEgvMMISNdnej4E2oPlTJnLQIjaW85M/w:6v/7PkiHiWCIfXlHZvN+hejTPEImGW/N
                                                    MD5:B58498A5BA191146108D60BF1E079592
                                                    SHA1:53C5A0C4C40F5F47FB6D2F57A82A4A6D0A83FEB0
                                                    SHA-256:0BCE5882A5B8CAABD453FCC98C3D017F5663C845F50A00DCC78DF854248B7D20
                                                    SHA-512:F3854BA432856682FAEBEE10A06EE08831041AFAB7F83992745AB7D5A43ABE4A2F36DCC14FD696C9F8499C510B8ADA15A2A3E896844C48E83B146CE8FD2768C3
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-viewAttachments.png
                                                    Preview:.PNG........IHDR...............7....GIDAT(Sc` ..W..........K..w.....l.b............>....{vV*..P........o......d.A.....[M..{oM.....$.......3..z....&....>...&'...._......}.#....y{r..#.......6E}...^.......Gs..~.[....w.1.S...&.P.....vx20...+......*...J.@.......@..].-...:.C.M66pi `z..K)..b0d0.T.m..#.4.L..w......F....sp``e@..m._V.?........`%.........!.....0......4a.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):662
                                                    Entropy (8bit):7.585060484420764
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7yJB4mmvt70U4h29MI7+o5igBfeQ3rD1UTW/m3M2ZbrOX1iPYURiOs6c:nJB4mmvtAPQ3KaBfX33+T4m8S3OX1zw4
                                                    MD5:8082D23DF9256217C05AF69284FE8EBB
                                                    SHA1:C05F6A2C068B73F41EF1577796FCA92B8A360CFA
                                                    SHA-256:4E7599136FDDA0FEC8BF3C073F0A02253C0EB17176725137278FDDD9E7A7AFEC
                                                    SHA-512:AD5211DD08971E94484E4739843556BB23A645B1E50C578D2CAC5ECCD58B888D5ECDEEA69DEFC98053F3E03B941E273C24F6A7CE14A20F914207E4E4C654A212
                                                    Malicious:false
                                                    Preview:.PNG........IHDR................U....sBIT....|.d....MIDATHK.V.q.@...g..H.$..T.g...h...L.....3..Ebl* .@T.P...[vOV"K....E..n.....Cp..........a..{.....?.".5Ds....L.... ."=C....p....7..1.W.`....yt!...T\#....B.^.[..x....R^.C........r.".l......LR..}m.Qy..:...%....!.7....e.../..`.N_.~...s..T...<l..24.w.jU....w.OX.>..|.....U.1S..:...k.,.cIzYgH<..............]..,......b.`*.y..i..\.."cuG.X.{?.U.}#.p.~..h..Gu.\.]..?,......].At.....J$...%..q...".=...,[M.aY.]iA.u.5..l. .).Y;..w.Ffr.`..T..a,..w.......5Z...<..".m:o.:.l......y>S....XV.!Gw.i..}.O...$...A..X.ZMc.-V..P....FikD.gU.4..i:d....un..2.y.>.J.q..1....%...`b..,/5M......0X..V....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1557
                                                    Entropy (8bit):7.81148539095448
                                                    Encrypted:false
                                                    SSDEEP:24:8/EZnPnx9eUTLEaQAyyr6wnpnuP6ejT8OFThz03LTyXOwD29m5seWfOOR0k3Tov+:8sZTbEyrLm6ecAThwb0OJFzZ+K/BMS3d
                                                    MD5:C527410FB96AF969A049BF25357A259E
                                                    SHA1:B5CE931F524C8B491C16C469C1783EC2BF54AC2F
                                                    SHA-256:B5428F01DC3AD2783C4FDF0E07CA39AB344B9A65BB098F1C3F179404AC6A4C5A
                                                    SHA-512:A5F7C50735937FBCA8F974BC00722181D046D5D5E29249F49C0B9DE82974F1E82677E1AF8660540AA5452D0DA05AA1098EF47B310932A9179E573E2296F1ED8F
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/9807bb4f80b848e9ba23ed7d71f8fe1d.png
                                                    Preview:.PNG........IHDR.............;0......sRGB.........IDATHK.Wkl.U...<..].n@.@.T.P.J4B....<....6X..`".".Z.....IiI.@....j|....V..F...^..>..nwfg.9.3.....mv...{.s...s.!.j..\F.|. ....S.c.....D...DF|)....!.$$s..../W....0.VBm.......{A._..^m.D....n.d..t...\..T..y!.w..y...A...B..... .5&........H.<.s...l......,.%....fj....Xmo.T...%...G...aKp..5().P.QXGgG..w....r..X. ..:....Bv...(....._bk..lESj......u.:/..d.....P$..H..'s...bk..`u<.R.............`....,..:.`$..*'..[.q...(XYP...)..fK.q.....H..Ag=>.....P...mM8.#..'ap..5r....]snX....6....6.i..r.B..`v%U......G-.y..H.S...w....({..].....dkqc..^.$..dB.k..U.......g.5.......Y.G..@.<..v.]..,......2`j1...k75<U.KmQx...H`.l..y.......Q...P..1.?7...f......L..3WC...`m.A`;.............3..[.!b...P.=........N.......[.p..`...3.}.N..I.B....W.^.O...S!.HT`.F+.;-..g..........S..Wah&d..wk.BI.id.&u....kLsP....2..g(..FH...Q.Z....V..XWs...:.U.`..^...f"......f..|.@vo..E,*...3.l.x..$.d...o......&...q.;~....."..T.._.9T_g.&.......$..B:6.>.5..Z*g1
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 399x170, components 3
                                                    Category:dropped
                                                    Size (bytes):19742
                                                    Entropy (8bit):7.935993085793207
                                                    Encrypted:false
                                                    SSDEEP:384:0w8HbPfKgQLyTswW60LpYXZw0U3tjBW7OzVRSCxJkbpvA3Qkde5m8JX:x8DKgQC5W66qdU3tjaOzzxJkktAnt
                                                    MD5:6B8643EDDEAF9A61B6F7A6F1E999FEB6
                                                    SHA1:5B5AE1B336B103E6BF5411A606034D9B50728184
                                                    SHA-256:D2A3A9318C4A9D476315D16CEA64C8575DD4E7901BD506EBB48A358D1A84521B
                                                    SHA-512:4287A606E992E85A3C6F5CB7DDFB2E49E8ED961CC893ADD1DC3B3983A050C4018567271D82E557A94CFF89A20CF1A830C7EC82A58A5ABCA1C7BAF46B48ED5813
                                                    Malicious:false
                                                    Preview:......JFIF.....H.H......ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................".........................................I.........................!..1..AQa"2q....B.#RSb....3CT..$4Dcr....%6..................................6........................!1A.Q.."aq....2...R..#3Bb..C............?...t%G.I..>..G.u.F..u..U..k..d.l1&k..".....#2.9.8[AR.>9........W.0...I.CM../0....C.G....Iq..s.u..A..4+<.e.T\r..N.tG..M.gw....I[.+..,.a..%..qU.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, from Unix, original size modulo 2^32 285649
                                                    Category:dropped
                                                    Size (bytes):57925
                                                    Entropy (8bit):7.99485849731364
                                                    Encrypted:true
                                                    SSDEEP:1536:D8BaW387Hc1/QzIPlmY13a7dCjqsMGZFNak:D/m8g/YYs7dClBZrak
                                                    MD5:3BCA45CCACC9EFDC5E6AF02F91A956A3
                                                    SHA1:2C6A023A7F337A5F58CD39D0EC76C164F25FD619
                                                    SHA-256:7D892B4AD0C6CC0F0C5292C831E8FC6651FD3E11B59C88EA8757CC4BF1CE0103
                                                    SHA-512:5F9706E1A8E5CB8FBDC5741F7CB02A4DD146DC6AF150837F22C1FE2F2D99E08E06F656CB940FEDCAFCFDCE17345971A0DFF2AE826FD8BFDBAFDB58F5B3B26288
                                                    Malicious:false
                                                    Preview:...........k...q ....0.Uw..==.. ..`A.\..A...Hx8K.t........`H.9.ZZ.i.k.e.!.....c..L..c.. ?./.....z.R.-..]...........|..3.h.(..x..k..l+.'Q/.-....._..~.g[q...e(.$.,?s.x..|..4.F.......t...|:,.Y.x'z...>K."..2O...g.......t...~..?..{..~.G.d;..........evm..k.v<...T....|....~..................n.w3.I^..Q:.6.......T.6/v.w............_x...........?.....}...Y.G..&<...l^&.........._...~..)L..Yr3.&.hi.l.KX../......?;......G...O......qV$.!".7~|..?....../.......k.......|...#v9.n.;@....A.LGmA..<.....?h.~2+3.z2.cZ3..~...~.G.r?..........._......o../.G..-.hE>Y.O...y....1.f.Y.'..$Nq7..h.|.#...b6N.v..n.....u...cj...I9....?.Y...F. ....yh.?N.;...<yR.E4.....ErmZ..b#.........s..}..V....h_B..J\.Jh.........$..y.'..g.>.z.y..........Rgc....|!....|.%.[.h_..q..hg..k...l....|........M..H.....l...Q...F..$..-[.}...pW.....2..X......K..d6..I{...U.....2.N.....,./.E..F.@.~..=.h.DiE'U.:.'q..N}L.....,w....|iW....-.Y,.!...xM..%...?..k@w..H..Q../...+....oee.MZ.N...!BFC..Z,.. ..'.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, from Unix, original size modulo 2^32 285649
                                                    Category:downloaded
                                                    Size (bytes):57925
                                                    Entropy (8bit):7.99485849731364
                                                    Encrypted:true
                                                    SSDEEP:1536:D8BaW387Hc1/QzIPlmY13a7dCjqsMGZFNak:D/m8g/YYs7dClBZrak
                                                    MD5:3BCA45CCACC9EFDC5E6AF02F91A956A3
                                                    SHA1:2C6A023A7F337A5F58CD39D0EC76C164F25FD619
                                                    SHA-256:7D892B4AD0C6CC0F0C5292C831E8FC6651FD3E11B59C88EA8757CC4BF1CE0103
                                                    SHA-512:5F9706E1A8E5CB8FBDC5741F7CB02A4DD146DC6AF150837F22C1FE2F2D99E08E06F656CB940FEDCAFCFDCE17345971A0DFF2AE826FD8BFDBAFDB58F5B3B26288
                                                    Malicious:false
                                                    URL:http://g.alicdn.com/msui/sm/0.6.2/js/sm.js
                                                    Preview:...........k...q ....0.Uw..==.. ..`A.\..A...Hx8K.t........`H.9.ZZ.i.k.e.!.....c..L..c.. ?./.....z.R.-..]...........|..3.h.(..x..k..l+.'Q/.-....._..~.g[q...e(.$.,?s.x..|..4.F.......t...|:,.Y.x'z...>K."..2O...g.......t...~..?..{..~.G.d;..........evm..k.v<...T....|....~..................n.w3.I^..Q:.6.......T.6/v.w............_x...........?.....}...Y.G..&<...l^&.........._...~..)L..Yr3.&.hi.l.KX../......?;......G...O......qV$.!".7~|..?....../.......k.......|...#v9.n.;@....A.LGmA..<.....?h.~2+3.z2.cZ3..~...~.G.r?..........._......o../.G..-.hE>Y.O...y....1.f.Y.'..$Nq7..h.|.#...b6N.v..n.....u...cj...I9....?.Y...F. ....yh.?N.;...<yR.E4.....ErmZ..b#.........s..}..V....h_B..J\.Jh.........$..y.'..g.>.z.y..........Rgc....|!....|.%.[.h_..q..hg..k...l....|........M..H.....l...Q...F..$..-[.}...pW.....2..X......K..d6..I{...U.....2.N.....,./.E..F.@.~..=.h.DiE'U.:.'q..N}L.....,w....|iW....-.Y,.!...xM..%...?..k@w..H..Q../...+....oee.MZ.N...!BFC..Z,.. ..'.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):167
                                                    Entropy (8bit):5.777977345951701
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPlgKK+lf8Lts7CX9/85ld4tTkZGqenqnnDw82jhQaTlljp:6v/lhP+F+l0R/e94tTkZ8g2rljp
                                                    MD5:1185B1B97705DFD7C04954700EAF395F
                                                    SHA1:B7414F8CCCDE034973E7E48065F325B3AEAD09D4
                                                    SHA-256:050FDE8CCAFCE7F3FB1812FE781E741A314A086AE6ECFCD7374DA7B529F1CED8
                                                    SHA-512:D3A619110100E5FC99ED0671A575E922E20000923E4033F683A8146B4D2EEF0D4DAF4576437E3B1214E7D0261DC51D4AFDADABA9E0FBFE01CB5D515AA1783547
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/newsWrap04_5.png
                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs...t...t..f.x...<IDAT.W-....0...._....O....z...".vd..Y....k..~...9...~.-.:..4.o....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):592
                                                    Entropy (8bit):7.544907235672319
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iPFHyRsTvxBz7lFoordP8U1JIDSZgVulWptET19:NHYsT7NH0lGHaE59
                                                    MD5:F7DF70AE88DDE51DD85907B08BA57CC1
                                                    SHA1:409A0C813B660ACFE919DAFCAF2B1DA2F8678723
                                                    SHA-256:B30FC3CED84D2DBE2D5C4A6652B107FCF1979990C9FE227210582628711664E3
                                                    SHA-512:DFD33067DF1AE21ABB61B049E5DF778EFB048F0F53DEE626322F17CB59DEB25E39E6C8EFD865FAE0C237E8BEC95B3F53E2BB0A8A6115C8A3879DC2AABACCC612
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_11.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O..K..a...._B....D.Qn)#..2.;.H........1 .8..XB!#.e..I.r)......s.}...n.................U........2..t|G...$.ax..q~..8.....-v...CJ%?.].?a/:c..kp.D..`N...j.....Q..`l{../.p?._..g*....a.......X.#.=.0.g.....p..p...p...]-.....q....f...4M...Rv.h.....-@.&$..<l-.S.d7.[p.......:z.s1....G...q.{0.$...[..WUS.p.....p.......BL*.L.'.O.Z@.mt..JG.c.^...e"p..K.F...Gp..K7G...[..v,.5L(..?.|.r.n...=..1..0..J.u..%.\l...MJ....D.At..F.QCN...L..]..W1..|...P.#.>..n..j...m.e..,gR..s.d..S...E...v.....-....d.(S......,...T..V.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.682873598437663
                                                    Encrypted:false
                                                    SSDEEP:12288:qJJQFPfTlKrwkWtcEqcKOfp9gd0qOZ+W9f8FS:cJQFBXkQnqc8dYH
                                                    MD5:995AFDE0E7958F3027934A9FED6A9866
                                                    SHA1:4278943C62336CD667C15096111CC49AFBB9386D
                                                    SHA-256:A29E8078505F4A8D239828DE2882C7B16EF98004494712479F0D69C955B823AF
                                                    SHA-512:F55E8EE9BD0EF1185013A0A49C3D2B4D916A12D77D318BF9769D102FD50B4F04A5B117C9898F28C20DEE6D9A941A70E3CB3342ECAEEB16F818ABC8254F834294
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/Sf00adea621204474bbba20f128f4e23c-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.|...z...z...{...}...~.......................l_w.C&5.1...,...A(G.j`..........wt..lc..hX..k^..fd..\\..XV~.WZ..W]..\^..`a..gi..ru..y~..|...}...........}...}...|...|...z...{...........}...{...z...x...pz..ah..U[..X`..]g..eo..iq..U\~.=A^.3;V.4>W.9C_.DNq.U`..fp..pz..u~..w~..u}..pv..ty..z...w...rz..^d....D...$.......................................................................................................&...)...*...(... ...................................................................................#..!0.<AX.V[|.Y^..Z_..Y_..Y_..[`..\a..[a..[c..\b..\b..\d..[b..NS~..#@.......&...*..*8.>Id.JT|.FPx.3=]..#>...-...!...%...&....................."...'...+.&...+.1.0.=.".F...I...I...F...;.!.&.#...$...%...(...1..)@.'/J.+0N..0O../O.-/N..0O.03O.&'=. !6.()E.+,J.+,L.-.J.55N.[Xo.........hp..>B^.21K.VWt.ch..05Z.AGo.ku..r}..[d..FH_.POk.\Y~.KEo.A<e.a_..d_.._Y..\W~.]X..\X..^Y..b^..a`..fc..je..pj..jf..KIe.77M. !1..!/.EH].pr..........V\..(-L.$-H.@Io.W`..\d.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=\346\226\260\345\215\216\351\200\232\350\256\257\347\244\276], baseline, precision 8, 800x522, components 3
                                                    Category:dropped
                                                    Size (bytes):232242
                                                    Entropy (8bit):7.979246701772668
                                                    Encrypted:false
                                                    SSDEEP:6144:bLktV0AkT/AZYf5vYlXFY2SI3sPvoPG+G/u:bLWVCT/zQZFY2SkwvQ9N
                                                    MD5:C4C3EBD8010AD8B85BA6E4864B57A586
                                                    SHA1:98C7E7F345F74DCE3B5C2C79DFB6DA4EA7032D0B
                                                    SHA-256:21A41B839F48A6D6087323E763B2CB60C5545B587A42B67E22EE60348B5829AE
                                                    SHA-512:3ED7CA2B7C3BCD2615D8ED7F4FCDC288FF774C6CF8D2E078A5D949F4238A1525DA010570830F7295D27412233DA1DD4961B65A334CB83F31D70ADE58FDC9A34A
                                                    Malicious:false
                                                    Preview:.....4Exif..II*...................................Ducky.......L.....}http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:AB346D4BDA4011EE9059A5C723ED6A96" xmpMM:InstanceID="xmp.iid:AB346D4ADA4011EE9059A5C723ED6A96" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="4922E3EF4D1B02F20045C22E715891EA" stRef:documentID="4922E3EF4D1B02F20045C22E715891EA"/> <dc:rights> <rdf:Alt> <rdf:li xml:lang="x-default">.....</rdf:li> </rdf:Alt> </dc:rights> <dc:creator> <rdf:Seq> <rdf:li>..</rdf:li> <
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x369, components 3
                                                    Category:dropped
                                                    Size (bytes):169994
                                                    Entropy (8bit):7.97940095220045
                                                    Encrypted:false
                                                    SSDEEP:3072:QXr61pvZg+BlHSDAbjvax2iUzXxd5dBGOPySjq6rO4ITemdRTa4P9jTGrq5EO1yP:Qu1HSDAfpxTHnlLOzj9nGrGd1I
                                                    MD5:C020B6E87AAF6399536FD3085CD1A069
                                                    SHA1:A7EB0608472E0A1BA0F8B88A5A4BEAF41FFF179C
                                                    SHA-256:2E542C71AF530829C57232E5FB22D315FC623AAB327B536472A07C3F7C1E5ED7
                                                    SHA-512:89D857BCE08ECF0AB86679B63CF6E36CC68A667DE7B39001EC96045C9B36252130C932E42F7D32F9AB8557D8C953B2854EB54EB8B49C1ED2B5BE1C8F21181F94
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:1ED70D2DFAF611EE84C591D1C693F92E" xmpMM:DocumentID="xmp.did:1ED70D2EFAF611EE84C591D1C693F92E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1ED70D2BFAF611EE84C591D1C693F92E" stRef:documentID="xmp.did:1ED70D2CFAF611EE84C591D1C693F92E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):309
                                                    Entropy (8bit):7.019311728235004
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6DAJprZO5UrO9T0cM+JWLE5PKT+wmOsUSkfHfZZ8zSjp:6v/7PUfZEUrWM+JWLEACi0kf/4WN
                                                    MD5:273CFFAD049D5B4E1F0A9D7AF149E597
                                                    SHA1:14C3EF60D3979DF9E8D13CF39CAD10ED043F5578
                                                    SHA-256:0A0C8700265901B93FEB0814D2DB720D0E4F0B66EBFA98F717D1DC4E28E36646
                                                    SHA-512:82AD162E40244A791A9B39E42F5FCE43E209696A3FB94A23CF374CE84B09D700405A6D26CB3DB9FC84A0D16A5D4ED0226E1BFC4B7A5D09442B1D8EB785C2A49B
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-search.png
                                                    Preview:.PNG........IHDR...............7.....IDAT.....J.......4*.&m.N..kX.......m9.9...8..c.E.?...=$E...{.....xQ...H.C.......w.1.f...1...-l.W.o...U.n....&%...Z...9....\.N*..T..k..1iw....vL..^.|.h.#Ms|%..CL.E....^.."........].X..B.#.5.O..Q.9.Q..@k.c.g..w..V.S\q...w.s{.RP?{9{.....".TP......H..7.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 1267 x 604, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1319491
                                                    Entropy (8bit):7.996686986301979
                                                    Encrypted:true
                                                    SSDEEP:24576:jrroumPuVmGlNFSA/lShMQfMvQ4/xjDC+SL3vxC/7VA7Xtr1FB9hL5xnCPh+A1A:/0ummQgaANOuvQ0xq+SVC/yVPhXnaE
                                                    MD5:2C6FBAE4F50B1F3014A4F9847C916E40
                                                    SHA1:C973842DFACF5C77114F34C6AC7BDD7C2A41B1D5
                                                    SHA-256:7554C03AB7E6CEB62BD064BB01FAAAC8E5408AA56F36CA4D783DD25C38C1CBF1
                                                    SHA-512:E6F176D232B19DF0EB0B8755AABF954363D02164BCD23C4D9C97A339BE4B7DE7DD72926F0531EC3B68B2DD68E6404E0EE7D51FA3A2114E834061C002FFC0BD6B
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.......\...........KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?>..`... .IDATx...[.$I.-v.f...=.........EpI\.E(......GdD......C.<.zH..ws5}@..(.U.............U......W`...k.~....;.S..Y....B....W....=.....YW.....#~..E.Y..P......!..`...KE..rQ..`*.s2.8..&.;...>.......D....y....m@.7...*T....#..O....5Z.@d`.b@!.."Ns.P..>...d`....^.|...t..B".V..&..[...}*pL.............cb.....j./.....T.j..Q....V..?..C.!.VC..W..Ao.%ig}'..<..7......G.!...!.,g^...>...~..,Y..P..;._K.........$..#.9(!.y..*.....*W^F.e.z ..a..j..{.[q.....R.wHU..Q..or..J$......?s.Sdy..~..=....b..k.....H.Y......3...@>.0.R5,.Sa.i....l".c`..hi..u..K}).6.1)........P....T.....&S..mN.........1'..i....../.`.@E1....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text
                                                    Category:downloaded
                                                    Size (bytes):3698
                                                    Entropy (8bit):5.130559091763356
                                                    Encrypted:false
                                                    SSDEEP:96:pe8kMf/ahrvZf1SJdyH1XErJ9dBueCz6AhWa0xZ:MBoahrBf1SJdeZEbdBueCz6AEJxZ
                                                    MD5:3F9FDC877D887F6BEA476D207BC72EB2
                                                    SHA1:43D9850E9AB7AFA032B298FAFC139EFF16E98634
                                                    SHA-256:2FB1D5FB32241118928A7D0846308B473AAB4BE867C13D406B824D66C3A51FB6
                                                    SHA-512:BED279B819FD7FABEF3257A07E32D042FC824C3AE4D7879F611E4A58ECCA713AF5A96AEEF6D81B7E9EDB3503E356602508D272D163724A46B8676CC2D2850FD4
                                                    Malicious:false
                                                    URL:https://www.ccic.com/plugins/advertise/js/adv.js
                                                    Preview:var advJsonData.var advUrl1.var bayWindowLength = 0 // .................var advUrl2 = '/script/plugins.js'.if (getQueryString('isPreview')) { // ........ // url = advJsonPath+'global.js'. // url2 = allPageJsonPath+'global.js'. $.ajax({. url: '/api-gateway/jpaas-cms-server/manager/global/params/find',. type: 'post',. dataType: 'json',. data: {. webAdvertiseId: getQueryString("iid"),. },. success: function (res) {. if (res.success) {. var data = JSON.parse(res.data.globalParams.advertiseJson). for (var i = 0; i < data.length; i++) {. loadAdvScript(data[i]). }. }. },. error: function (err) {. throw err. }. }).} else {. if (document.getElementById('pagetype').content != 1) {. var hrefArr = window.location.href.split('/');. var htmlName = hrefArr[hrefArr.length - 1];. if (!htmlName) {. htmlName = 'index';. }. var columnPath = window.location.pat
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 28 x 62, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1365
                                                    Entropy (8bit):7.801373468631307
                                                    Encrypted:false
                                                    SSDEEP:24:L1350JdKtL+69IR+9xfwepCo+PLomFMectJmnZralsXu9z:ZJ0vKxZGcxfwhoeomFxPZ+AuR
                                                    MD5:64AED0B16C6CC6E3AE445251496D5440
                                                    SHA1:1CD58C842FE1248FC0E68E653516AF585195BBC7
                                                    SHA-256:ADB8D7A214A077B893A8FC4C3AC65596F1A9F069BBA0C6851FE634A904B9B071
                                                    SHA-512:9352790F6E85D78C364B1EDE2766C84038E0C42FA1785223762F5FB080E4EDB1915E294B33960D3D760E1803E8F8F76CB25DD51690AE41D3C1FDCB1BBC7D84BB
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/ztzl_left.png
                                                    Preview:.PNG........IHDR.......>.....8i{.....sRGB.........IDATXG.AL#e...L..vh(.D$..p ..N]..#!.<.@..M$(..O.4.pu. .1..8.......!...A....6T......f;.GfL..;-......~...{.{}_...$v..N.............p.kJz.(..q..G........O...N.x~2.......O.....^.x.j..T........?..../@............H`.f........M.P..y..|.@.-./5.H.T...@$..Tx....xd.PW.#....RHP....5..'.J.sf.)L6..>...,.....@.F...m...4.2RJ.<.s...mA.....S.K.c..(T^.-...V. ..$I........(....~.q....'&mR.6::.......q.`0.........0}...0....,H.....z.....*..................`!...t8...E".udd...%.5......1v*.rxaa.....%.+O.......V.VkN0.......c.=UQ....^[[..M..........._......TU.p......QUUUC.C.P...wxrrrK...$Iq...*$3...8//."......40...o.q..r....U..JJJ....{JKK+h............A...*3..<.......-..yguu...y^.e.W...5).q.....a>......iV..P__...j.I.t.+.$..,...tvv.........D.......L2.(gR.....JmZb.9......6.-.&X[[[.......Q.K...8..."IR....`zz.....g.....V[[{'....VQ.C..D M..E....v{...L_AA..t.............|..'2....+++.............]oss.....1..Y.,_=......Iaaa.....eee....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x269, components 3
                                                    Category:downloaded
                                                    Size (bytes):17105
                                                    Entropy (8bit):7.970078822142352
                                                    Encrypted:false
                                                    SSDEEP:384:c0z4+Y8hWkmu38jBXZ4MvaYrLaXnY7VElH1YtUSAuL/crnN:9z4F8kQ38l6aLH7VY1YKruLQnN
                                                    MD5:A2EEE8B8F597E4D72E23182C3B491E33
                                                    SHA1:0E19767D25B5FD99F4A9C096137BDF5EF9A824A9
                                                    SHA-256:047AB81388B026DF6F5D3FF3F2784A5CFDEBB0A818A8C1C8BB1E2CF7A5A842AA
                                                    SHA-512:0FC6D975ECA2A40D38398B7858F232E9AD0C770F2C411FDF3EBCFC3C8ACD1A4DAF228B9772376E86B917ACF84BB4FFCBF7A59A39332FC09DC111027E6F30DF9C
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202410/S66a31086b6284efd9aab20e5f1c2b732-400.jpg
                                                    Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".......................................;........................!..1.AQ"a..2Bq...#R..$3.%Cb.drs.................................*.......................!.1.AQa."2.#Rq...............?..<.I....E.|!.bI:d.I....(.$.Ii.h...d4...#...t3.......]Q.......i.....=.c..p...A.f......I..`.>Q.....[.[F..e..'....t..ht.........!H..AH...>.A@...5.K.$|.@..$..:bc..."....}'...A:G..p.%..4..D.>.M.h.".O..N.6F.........z...}..XQ..$C..^..."I&...R..)...%.S.@".9.! .c..R...2-.8.C.?.|..WL..K..h,cw....[..|.a...Ndq......X...w.*......-..s.Bf....+h..N....3....7G.x.S......].qP..,w. ..c...i.......}.9.6\}i...p~....=hu6..V&W.._&g.....Q....8..n.W...d..<3M.......sQTlm...R.I.z.UF.W!Q. .:..H^?...V.].i..f.`<...9...L...f...Ng....c...N..V.o..G.....w.5....w.:l.iH....'dt..\c.....T.....>.ps.,os....#........7.. `..X...>....k..........=..|w~..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 28 x 62, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1416
                                                    Entropy (8bit):7.765385327947409
                                                    Encrypted:false
                                                    SSDEEP:24:B0xphOg9evPFh9/8o0qIYD59lhZ5DOht41vH+DF4xpXqKPiU23Xr3egw:B0/Ub9Xm4vDOhwvex4OhUGXr1w
                                                    MD5:3AC8AB2A95426F916AC9254601B30CAE
                                                    SHA1:C73CA55C599AD17E79A4B95B5705126ABB736EFA
                                                    SHA-256:802FD499FB5AA520393D0F20013F0FCA69C9F2CFBE37DA629C0201A30769203B
                                                    SHA-512:3051D23694B50B328922724409F4BDB9EB5B3FA1BF14B80ECA2B8B8DE020AA0624FE8EBBF193014B4BE7823FAD22725ED025F6FE1CEDD0AE5307B64BDA978446
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.......>.....8i{.....sRGB........BIDATXG._H,U..;......c..aiY.'.U.4.Tb...z..5...J.kv1S....../..^..."..........[.....'..f....J...23..9.?..;.76D.l..b.\..4.,.........d..1.<.........3.?=..O.4.< .f.2...$.....$G.lT..A.FZU.p.P.61....pX..Z.)..V}dd[........8.l.M&\C...`f..}F.........@ ......M....N..{.n......!e...Il.]J.GR..S.y.-.....x.-.+..93...Y&.......}..G.......@.ep,cH....u...(I.i...`SU....#.)....[I..5M..4".4.u.dzz.-.......tww.#EQ...@..s......J.....n...u=444.}[[..@#jH..4.x``.......f;.....?455.D.`0..5e...A.}}}....wDQ$.mjjj...~JQ..`0.].M'.....n..~..===.]]].%$$.^....UUU?.L.D.6.5..p....|....M.e..`yyy..r}'I.mO.M.....$\Q.1......|.....EQhW........ou]..A.....aP.CCC...pGJJ.m......v..><<$jB4.Z..A....O....OOO......7+++..^o0..2...,...........p8h....O^^...jL@J.....~.oqq...v.A.....sss{|>..K.....,..i+++.eee.$.......>....U..k.....`...A.WWW..............MLL.J...-...J.D.LKMM.............`.......(.....#]l&eAr.p8....>v:..$i.......omm.H...F...C.eY.UU....$...vdg
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):624
                                                    Entropy (8bit):7.560161652355821
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iHj+T8hkczvw71p/r9pcjtLYTlSxuTc9lAq2tXfoz8wZek1:3j+wSa6trLcjtLWPwIFXfooMem
                                                    MD5:03E3101F7A80A31C9930AC70BE34578E
                                                    SHA1:924E653A4AC740D09AD509365775A8A20379D30F
                                                    SHA-256:F1D73D6A710F918DB6B3C993D5D0160F1087E430C59455B5702D296D09D9B766
                                                    SHA-512:F5C244E66B647E81BA9622E65760B271F26E92B9EA1F0A3ED9A415C829F18A74EFB62BFDC9B2CE73E8CB7A2CFC49A7220D32583E25D638258D2EE7FD448600E6
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........*IDAT8O..K..i.....=.fA....YL...q..H..&..b7..D...Y....m....QB.......<.y..:....y......s.!z....[...r..9{.....8..cs.......;..}.........M.....$..........v..........*9...c....q............W%6.0....Y:o..H.!..l.N....<...N?`3....p.......2...RR.Oc$.....[...4+p.w../.`+u?v.F....(L~..8..8.m..}.0Y.m!n.6_.C.i./..y5..q.+.8..K..569.jh;z...0L.?.3.8.....aL..4....e{..K<..,.X.pv5d\.....4..f.......Z.&c.lq..v?...b..+....^l.X.1.s..g...K.....X.,.....yf.U....M.....`O....&..S>y...2...X....G...}N....a...vVl9....U..x..../...x.yA..I=W)s)....leD...km.5....B......#.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x408, components 3
                                                    Category:dropped
                                                    Size (bytes):56997
                                                    Entropy (8bit):7.96862158794905
                                                    Encrypted:false
                                                    SSDEEP:1536:IGyV4j7+Jpbaj9rKNR47jnpL9ZjSMN1sj10rWWlh:FBn+JpGjFa27jnpL9Vp/M12th
                                                    MD5:F23CC02A78DDC453687DA05708A2F6B0
                                                    SHA1:79D8726F3DF9E9027E2925658146B3B6FEB2E4CE
                                                    SHA-256:5D506263B940AF9957512DB735AE93888C986042519D92C097F2C6D2615D6219
                                                    SHA-512:6B7EEBE797FDF98CFA68C58316D135F0D90D910EED587B42EF4CF8C7866DA324F095659F43BE233DA9B3D69D67F3B4128A24161789895B5E217A27F5EECA9CE9
                                                    Malicious:false
                                                    Preview:......JFIF.............C....................................................................C............................................................................"...........................................Y...........................!.1.AQa."q.2...#B...3R......$b....%4Cr.....5SXcv.&e..DHdfstu...................................?.........................!1.AQ."aq.2..........#BRr..3..$b...............?..kFKR.o.L"...INr...=.....+.Sh..m..|.-.b.....E..V..gRU..|1.b+....M.R.....N.$v.P....7S[..(..).F.!.4.mJ...'.7.s..."g...B.NroP.........k..I.dPe.Ze.....bCi.=2uYD.U%...C$...k...c:...\.7.4.Q.jz.e%.^.2......hu....J.....#j.I...".z.a_h.]p...=...k+uz.:.%.../.0q....h|g2.. .P.....[=]...m..c..n#.......R..sU...:...B.'.L.3....j.$....y...>.-l=rl-..0......Ta....,5...l..Y...IIwRo.v$*.0O.u..@....7.j.........E'..J...>..X..ej.....m|.!Y.......Z.qV.I...h.w..T..R{...g+.w..7..Ny.E....!5.{2.[_... ...9.7..Q.^...<....l.K:.y.....$..A........`........)v....'.(e..w..\H>.P....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):243
                                                    Entropy (8bit):6.564897028272429
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6FsyTSmn8afeaT6KC2kHtj5HUBO8d3N1npC4gBs0aghoVp:6v/7PFsVm8afeY6gUtjEO8dNvCt3q
                                                    MD5:7AF7E96CF59FEA4B789DB1C5D4636D08
                                                    SHA1:6CEDBEDDAC0D6191AFE09CABED7B6D517F7C7B21
                                                    SHA-256:C41DD1F67D354720DF07F64ACAA46716D50AC22E10EFE15E92FE6033DEA8FF68
                                                    SHA-512:72352C3E9A1120A2B6EC41BE1A5DD82CE4E56B183FAF75C196FBD8C88F45A7F1261300A3377136C1D871D93ED45B3E6AC1FB46DBC0526732FFF485CF5C355FED
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDATx.c...?..; ...?...AH....O.?...?32...Bh.Y......7.gEfC..)............l......._......(..p.|..K./}.~X.0...0.............X..0...?.....f.L.l.t.....>Y.e....I7.?......@i$6"(....P..ME.....$8......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                    Category:downloaded
                                                    Size (bytes):124714
                                                    Entropy (8bit):5.716304392772495
                                                    Encrypted:false
                                                    SSDEEP:1536:4jwUE/UkuV2UE/Ukup0UE/UkWdL3c4EAgtZ20xNmVnstkrwrpNIUR:4j9VXpvlpujM6
                                                    MD5:1AD9F7BCDA8B65D4E53B71AB040B17B7
                                                    SHA1:E2D05FB0D003A0B84B4F70B79D9C93F775051061
                                                    SHA-256:35FEABB4561B68535FA674E0E57671C4ABFC30F0A1A7EC002ACE36330575FB86
                                                    SHA-512:3CC08E84BF6BA411B9AF443DF04C10633F1C4E57DC1A568E9CFD9EC3A67D28E34770235A4017246706FFDCA3018C18256D93B88A2B51E3417E81B3FA04FC35C9
                                                    Malicious:false
                                                    URL:https://www.ccic.com/
                                                    Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. . <link rel="stylesheet" href="/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/hanweb.min.css">. <link rel="stylesheet" href="/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/swiper.min.css">. <link rel="stylesheet" href="/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/swiper-bundle.min.css"> -->. <link rel="stylesheet" href="/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/index.css">.</link></link></link></meta></meta><script src="/cms_files/default/script/jslib/jquery.js"></script>.. <script src="/cms_files/default/script/jslib/jquery.cookie.js"></script>.. <script src="/cms_files/default/script/layui/layui.all.js"></script>.. <script src="/cms_files/default/script/layui/layer/layer.js"></script>.. <script src="/script/web
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):1091
                                                    Entropy (8bit):7.7318245756508786
                                                    Encrypted:false
                                                    SSDEEP:24:rU6uwHYSHq6gUGMFvLrcbI8qCjQUZ/maLUm3cl7nsCj4CuFuiRBhqw:g6uw4SNgUbHCIWR8aL9cdsRCyuqmw
                                                    MD5:06FDEBB55E6F6BE220F65E610B54BBC3
                                                    SHA1:9EEFE6EA4BCBA05711506908C3D96055C9F4D22F
                                                    SHA-256:2E78CB64AD8674DDADEB401DA76FCA0877811AA5BCEA3A38B09389096A914F7F
                                                    SHA-512:AEC4D689E2558F81A74715DD7FB38C80E7F9DD21D61CE9DB87EF26B29B102D2582114A22D296CDEFCD2B3F430A7D9144B8CDA303B47F70531A8B8177D1AEBCA0
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............w=.....sRGB.........IDATHK..Kh\U....G.X.&.B.TR.B0....J%.......$X.Hc...+(..M7.P..7.&w.gnj.".Jm....B%fcIm.`H|.N2....1.I.)zVwq.....:WHz/..........\g/......?...D.....U.AyK.n<.l......I.H*e,..z..8[?.s....v].V.V.m.gP..t......:1v.^.{;..he..R..0....w@wS....rq.@.#.8.3!.&...L]E.E.a...76..(...:0.z..?\.....s.....W...THu.?.....<.^.J..(.<....Y..U..D...B..D!..jg...A.)...z[.-.A.|.`5.v.w...`.......1].._..c.H<..l<Wr.\.J........a....:.W.3.L4.D..^@t...h..P}.t..=9...iY.p..E?.........).*...>.y..k%.......o.@..N..QV.|E.9D.{.8..a.U.sfk!....p.X.1w....R...n.8....#Z...a ..$Hz#.Zf..d...wE...)&.I..<]'e.]JQ..ZfM.!.^...i&Y......~.....*....7..jZ.....>....E.I\....k.5.&.`..@.....X......P...`|..JT.H.{Iz..Pm%.w.2.....^.h..p.......b./.@.e..,Qc.c..Cx._N .M(.!.H`Y.8i...:w.&.....&P.GL.d....}.4.........U|".{1......pJ.i..1..Gq..$....`........)..|...y.$.7..#..u.1.QE...G..I2.1.6.WDN........../P........m..S.q.s./..}..N....U....1M.4.,^6........l..x.f..!...S......p..s.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):643
                                                    Entropy (8bit):7.588902211909661
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iPF0ETODcT2xF6+1ey5hSjkiebnioueozxhGZ5BY9cHukXjMn5sWoc:/L0cTMFhQy54wieW3V8hBHu3n5sWoc
                                                    MD5:F56221BD644BFFE7F232DB474683A052
                                                    SHA1:4A2DD6DFC429967D6EE8BA89AF840972E801D89E
                                                    SHA-256:08755A87899DE8AB92B401C77F00D0FE34CAB4349012939CDEB45DC49EA6DD10
                                                    SHA-512:B0B8B8DBAF177EA66C22256D214E28947EB64B0E14FB46F0E1CA156B19BF9D6A87E9B77B20446D49584EE351ECCC7EFCAEF3AA2AD85B4B580B2669E43C934C00
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........=IDAT8O..K..i....g..r6J..&.Y.;.#.1. ..Y....d..lHLYLSfaG..M3.iV...2.F,....0.......<.............xY....=...+5.}...?&a.>....[h1o....f9}6.c....)...................2.c.~....#M..`.7..~..X....G...3X..UQ._v3...6...p.Fm..b.Sw...ftj]...x..u@7..b=....u=..`L%......w+$..o>>.b..o...;....i.&.y.+~>6...(.az...E.k.".`,..0....&c...;....] {.....C$.O......sX.....Na......K}....L.`.p ..0.`a.~.'.e.Z0'....O.k.n.V'....z........q..Gb..a#~h........Q{P..p..$.......@.-.Vr...\..#.d.3n........9.-.L.....-....W...}SA.&kP.......%.g.4.6.{...0..b..d.b.^......t3..o.SQ...t.^...3,o\..........X....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (65451)
                                                    Category:downloaded
                                                    Size (bytes):89476
                                                    Entropy (8bit):5.2896589255084425
                                                    Encrypted:false
                                                    SSDEEP:1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
                                                    MD5:DC5E7F18C8D36AC1D3D4753A87C98D0A
                                                    SHA1:C8E1C8B386DC5B7A9184C763C88D19A346EB3342
                                                    SHA-256:F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
                                                    SHA-512:6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/js/jquery-3.5.1.min.js
                                                    Preview:/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):674
                                                    Entropy (8bit):7.5971378965380545
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iTAuFwa2cYN7N9PjHjNvm7NkP+IgF7a31pB626YsxgtjA2H9fruM7:7FN2xzhFMNkPfgO1pBoxCRdrZ7
                                                    MD5:FE404F2CB26549D8DFF60B40DE75871E
                                                    SHA1:EBCA557295CF6A72C7A3311E48AB0E9364EFBF82
                                                    SHA-256:ECD6300591DB1445FF624D69F43A3579B603E8176147D55694D955E3C0629212
                                                    SHA-512:221DDD074B933D98EACC0052A34D8264101F5DE8499430E465516A8B9B8BEDB96CE9524E49D075CCD4355A80F2538DFDD428B0DCEBBDC798EC63EB1CD77D7DBE
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_19.png
                                                    Preview:.PNG........IHDR.....................sRGB........\IDAT8O..M..U....5mPJ .6P...QAB..A.....?.;..V(.8q...%..S/..IQ$d.((BPD.hb..`..!J....sY..}9.........k...]...;..W..31..]./8.....0...H.nb/c'~.g......k.(..G..M0b....a...c7w2..8.#x....`BN..x........p..Wb7...L.I|...j.....d....XT)?_._`)~...aD...D...q...)...x.o.].Y./...c.&..^..<......)R<....\.:V..L.o...Z.'...c1f....!..&...6.........a.X...T)o*O...n.N,..U....y.,..k.....f.n|.....{.|;^......RA..fW.....v..8..+.s0iL.y.......X.,..C9.....l:..f...=....z.]lZ...mQgOpy.S...*..~`7X..bI.\.>.:Cdo.6.m.T...%..I.?.......TA._V"..7..1.._..?.cx.a.......L...G;.R.....V.s.8..o...O.}..^3..Vul..w.l^..+ X...F...6P.8.._....~......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):816
                                                    Entropy (8bit):7.601124518249376
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7ilQLd4QpOGbvvoDgnrC3Sc7x5ZRqu0miSgfU6/CtiaBB4jzBfaSlLU4g7RgD:IPvvX2C2Zn9/mjzBXJsRPtDktic
                                                    MD5:22502504907E3E0FEBB29E10A4339D8A
                                                    SHA1:93D84D48E53CEF0C98F404BF950E813406EB26EC
                                                    SHA-256:F1343C992C9338520352387AF1ABFA63BB347FA5553D338190B84BDC70E78306
                                                    SHA-512:8F3A5EA916CD985288D791EB25A1A0CD9D7FBFC7833C69F81158ED5377BCE909D720CA0F557C8D22474FB20BD88706C9E53733F0BA967215AFC8DB8F1546ADD2
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202311/5729f42d2d93486e882793d207bfcd6d.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O.T;h.Q.=w.$.V.......5.0o.......?.R...E *6~..DH%.....TVJ.].N.E...P...F.,..s........w...s.a....J....B..x.<j.03...;ccc.vI..@D...o.L_....8....@..5...R...m...@...&..j.L...p....B.;......4..`.ryw&.y..8..)b.U".. .`oR...'..|......a8CD.I."3O...<88.'..}..^.p5..kGG.700.n..<.....z.....X.....f.....g.... N&....T.\v......T...f...(..CCC.....\...t,.O.R).V.U......_.....#"...^.......Q$..7.....R=....w...Y....*..{.'.._.v`..0."....;;;{...........M"..}....J.<..K.'.|TJ.Ix..'.d....F.....z.U~.xc.1......Z.....xh...e.J.[iU$`.... j....r...x..A.R.5....>.Q..7...p4..\..5.....L...;..>..s.9.Q..43D5..]I.....m5..4..9f>CD..@Dk....(.F.......?+.lg_....A.......b).y<...h......Sg'.T*.P(Di....(F....Y"z......N.k......$....n...W..eg.RI..t.E..#a@."....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):665
                                                    Entropy (8bit):7.6312651303376775
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i6rBARZGQKgK9+JFoD6Lozt57lwlJCOX6Yajgt5obF/Dqx:qrBArGQKgN3VLo5Rwl07YAf8x
                                                    MD5:1EE9BA5C72E0E63030CB7DA618D3F257
                                                    SHA1:BA4D608187C055A5D5BD7661EA04D20FCDE8B3E9
                                                    SHA-256:54351A0B01D8AE1D6E15277E69C890149413DF6A9CDF11B762306F11EA7C114C
                                                    SHA-512:FE3884402D7EC0D5467930A0F7B269F8607A801CEA8C698F53E0ED7AF0DD5417B067BEA00E055D43D573452689994D46F07471BA77997E577E4E6753B523ADF1
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_08.png
                                                    Preview:.PNG........IHDR.....................sRGB........SIDAT8O..K.Ue...i....i.&IR..D...|dhZ..N|!b`H.|4H.6(m..b.....A.5........#..g.r....p...:k.............G...$......z....4.W1....;.gI.......b9...X=.".]...l....V..|.m8.wp....`.E..x...U.Q.l.n|.uh...{...i..l.^|X?I<?..X..+........X.CX...i6..qa.o+..a...5....q.o.7}..wX.}.e.l.....`I.(.C.........;.le..-....}N...._~...{..X+.m......G.Xd9..^-g:~...{H'.......x..F.\Y...W..v|..o..]..ak]..J{.G1..._bC.'.?...w...,..8..kJFW..j...-.......`..u8..6.V..4..3.s1....z^-.4.Z".;.....,...W..=c.L.qL.$\...8`.^...Q...,.bh1...0.d.[M.....&%../.;....=.<.........R..Z./.$.,.0..dm.e......7kN..,.LQ..y...n.y....,...$....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 38 x 33, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):352
                                                    Entropy (8bit):7.094605541717571
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPCYfRFHzd4UCtxdJzwMANzn11VEb6KumgkHZPUkV2LasRzTinSsup:6v/7KYp9FCJ9wr1ZK/gk5PPV0Hzunfc
                                                    MD5:EBCDAA13B86EDC7948EEB715B44CB736
                                                    SHA1:D9DE7CCFCC541C4207F976FD0F342D261B1E2E46
                                                    SHA-256:0E1F25C95EEC44A263F4C9E42B98C7EC83E74D457537FE6A3EB0BCB4A121CFF0
                                                    SHA-512:AAFFD5A1F39C9557A2938BA1D4AF616F59BD85CD0D7A294B5DABEEE2206D184717506AAA8B655F935AAA86EC850A829DE446E6B8FE329A0DD73C43E29A9B8D87
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/56f8b11ea7f149869c032188f4c75c48.png
                                                    Preview:.PNG........IHDR...&...!......8......sRGB.........IDATXG.=N.1...M.DA.(B$z.~$.1(.C:{}..^.........m......x~<.!..x.0.Ti...=..{$9.jsb.5.{t]wO.MD.D.0U.Y(......9....`...\.1.#.N.;A'....I...?..._......>j8*.q.p>.c...*.Y...m%..n...c*=Q.NIN..+9,rc}.i....dah..+.|....\.y.L..RJ..8n.|{(....|..zy..6`.).u.....bC.ED....3....<...Cv..=..`..U.k.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x637, components 3
                                                    Category:downloaded
                                                    Size (bytes):389148
                                                    Entropy (8bit):7.98098067197944
                                                    Encrypted:false
                                                    SSDEEP:6144:dDaquPUFF9FifF4sEPGRftG+vtp22XjzeMLO5Xik6JTkJ5PDE8eWpObpijygxWqB:IvGFfYF4sxttG+vtA2PeMLOiVwVC1ixV
                                                    MD5:D379E6CB34D26A5C808DBC791DE9C621
                                                    SHA1:A7E2F59A7E97F71E1C3BEC84793151B2A045CD59
                                                    SHA-256:942D5D98B357EE24DFE13E19957BA60705D5FC4BC46B375BE19CDD53533F2857
                                                    SHA-512:C4235608D04AAE026C5DDDC2E63E63D4018939490EB26EC73F2A87FD97698E60798382C86EAB91D4DD918B3DE8952EABA431E6D902810EDA0AB45460770FFA63
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20244/5E054B881DFAB683C91C869C73F1C0FB.jpg
                                                    Preview:......Exif..II*.................Ducky.......W.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:FCECA5DCFAF511EE87E8D1AEF537C88A" xmpMM:DocumentID="xmp.did:FCECA5DDFAF511EE87E8D1AEF537C88A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FCECA5DAFAF511EE87E8D1AEF537C88A" stRef:documentID="xmp.did:FCECA5DBFAF511EE87E8D1AEF537C88A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC (Windows), datetime=2024-03-12T10:20:56+08:00], baseline, precision 8, 1920x637, components 3
                                                    Category:dropped
                                                    Size (bytes):322250
                                                    Entropy (8bit):7.977856724790312
                                                    Encrypted:false
                                                    SSDEEP:6144:EXsOmVyiKz2P8nBjFCJMRJHIlt3EIOCKuoClM0lSsNWXplH3nV1Rj6n:tUiKyP8nBj0JMRJq+5UlMKtNWXplH33M
                                                    MD5:522136AA7E2EE857F1017C16A5B70DD3
                                                    SHA1:9422340F3516AE433FD83D32BD859C71F5925480
                                                    SHA-256:047F40516896574917110CF27CFB6D9AC02F45C2DDC24E6DC7239B6BCB905A26
                                                    SHA-512:62AF25AEA9C8CDBC3C7E3C233098C052D12C10150A0AB5A38A6D88AFE9DB31C73BB5F441C9A6FB7B5EB6E4864D4579E43737F506AC8FD5C312CDA90310F459CD
                                                    Malicious:false
                                                    Preview:......Exif..II*.......1.......2...2.......P...i.......j.......Adobe Photoshop CC (Windows)..2024-03-12T10:20:56+08:00...........0220........Q.......................}.......}.........Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmp:CreateDate="2024-03-12T10:05:24+08:00" xmp:ModifyDate="2024-03-12T10:20:56+08:00" xmp:MetadataDate="2024-03-12T10:20:56+08:00" dc:format="image/jpeg" xmpMM:InstanceID="xmp.iid:28C8F29AE01711EEB505B467F5263275" xmpMM:DocumentID="xmp.did:28C8F29BE01711EEB505B467F526327
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):506
                                                    Entropy (8bit):7.450764337315211
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iErL9jWI7Mp3T6Ux5sAQaz+7elxgkaxyQp0pglQZt8b8fa9:0nZMpmUvnta7cfaxyU+glE+9
                                                    MD5:61AEFFAED2A151B2D76F04EAEA74AC34
                                                    SHA1:93F9B461A594AE2775DAE30ADA9A596CC99AF6C9
                                                    SHA-256:BBDB7113C3313CE14B8CDA2CE59B9F512DB054AED5F1D5135A4D30AB2AF63FF8
                                                    SHA-512:EEE824ED441922633E2BC711BC4C860386ED9921A083AA1954CCC207391F1866F31EF46FBF31523242AE4A7A32E3A38DB9212A902E87BC071C62A9D6B105443A
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_02.png
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O..=.Ma...g|."....0H.Z4DE...T.bh$.TB..*.^#..H..... ..SL|...d.r].^.799...{...Z.>......L.o...8..X.su......_.~.m8..X......9...p..19.0..c5>.......n5...3...;...u."SZm].......]x..8.......i..........+..,....r1`.Z.g8....K....l..<.G..S..[..W..\./8Q`I.r.4..!.Z..t......9..,.c#..~q>+.v6...2fp.gJ.t.NL'..H....N,..<.5v..|..0_'..,.d..#.>l(.>`}.........a:.......!..we..2.7...L%wM.A.']d_r.}....1..q....,Z..N.fP...n.Y....' .O......iMQ.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):744
                                                    Entropy (8bit):5.01974530879063
                                                    Encrypted:false
                                                    SSDEEP:12:wQLFEjfBMmqOZPjGmaoMjGWao5jG05ao5jGSf/ao5jGfao5jGdBsmJdhy:Bg2OZPjhaoMj5ao5jZ5ao5jLnao5jiaG
                                                    MD5:3B9E4BCA8614A9818350345D488E44ED
                                                    SHA1:E136A113F24B042DD3259EEF244F03445B09E727
                                                    SHA-256:964642A8278901B61C9AB4F7F2F0621DCB2156AB4BAE7168B317BB8776454DD4
                                                    SHA-512:95B6D8F7466A8C6754B40F8EBFBE64A7529AF260864F0F25CB35EC5FC66E70B9DDD10C0D1F2F0C084702A3126FE660B583E74130AE0EAB1C7F392616C6309D3C
                                                    Malicious:false
                                                    URL:https://www.ccic.com/script/webgray_tPqA5TKtWJoafpeYHvX6a.js
                                                    Preview:$(function(){.var starttime= -1;.var endtime = -1;.var ontime = new Date();.var onTime = new Date(new Date(ontime).toLocaleDateString()).getTime();.if(onTime >= starttime && onTime < endtime){. $("html *:not(:has(#gh)):not(#gh)").css("filter","grayscale(1)");. $("html *:not(:has(#gh)):not(#gh)").css("-webkit-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-moz-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-ms-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("-o-filter","grayscale(100%)");. $("html *:not(:has(#gh)):not(#gh)").css("filter","progid:DXImageTransform.Microsoft.BasicImage(grayscale=1)");. $(".global-header-box-front").parents().css("filter", "");.}.}).
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:dropped
                                                    Size (bytes):197839
                                                    Entropy (8bit):7.981255688861366
                                                    Encrypted:false
                                                    SSDEEP:3072:xSmACuk34s5iONczMNV4m4EsUWSXCOpFhYGOXmzDN+RG+Lo:gFCuI/iONaMn4VEsUBCOpqmF+RLLo
                                                    MD5:85878413DF2D1091E2AD85C773033B09
                                                    SHA1:B49C34FA8EF240863AF1DD68A73B2F9EDF8AEA77
                                                    SHA-256:D326EAA3D454F043E8E4BD29B5CE25935C01AAB254840412CB7EC96C90ECB4F5
                                                    SHA-512:AD43071D14B410C5E6244CA6599892D55E6A6D27C7044BC4C77EABC2ADE5DA3F2D9DF96E9F768D39276134306DE087D4786DEADD1D8F9532D7192C9B62FE15EB
                                                    Malicious:false
                                                    Preview:......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................q...."...........................................g...........................!.1A.."Qa.q...#2.....$..%345B..6Rbrv....7stu.....&8DF.CUVw..')EGSx...Tc.....................................P.........................!1A.."Qaq......2.....#34Brs..5Rb..$t..Cu..%6Sc..&E...............?..?..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 8 x 31, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):102
                                                    Entropy (8bit):5.059914604930726
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPlv0rpVp8LtsfsgJ9FQ4EBEVJk+e7sup:6v/lhP3RU9CRB8JYsup
                                                    MD5:A7F387DA5B410CCF5F5007D0551F4F29
                                                    SHA1:DD359E36265B71409CEA1E46B3A1D630CD9EF4F7
                                                    SHA-256:1E7C61B206714886642C60E3765BA4715FA7CA3A45DD5BD266B4B5BA7F2E96F8
                                                    SHA-512:5DE7922231936FA72E67CEFA402DF4A7D4C25CD21BFBC82C5927BCAB324FF7427D2CDB5F2DE8DFFC348CCD4F41408566A7251F40A4B6CA43FC9D4800C006C6EB
                                                    Malicious:false
                                                    Preview:.PNG........IHDR....................sRGB........ IDAT8Ocd.^...`.U....p.$..p.N.....>..6.P....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):5.867260873571151
                                                    Encrypted:false
                                                    SSDEEP:6144:Veh1zg9TJYtbqXZds1QelG+347Dv9AkZqGGxYqKIOVizEO7V:cha9T+4d22DvakJiKIOoR7V
                                                    MD5:63D5E1FFC295ED0A109E96BF79CBC7DA
                                                    SHA1:080900FB5710F45ECA094A38D77CA1584E775BD8
                                                    SHA-256:EFB11CB182E11A3CF539EA0348423BA3FB435A63AC407013D923751E009CB010
                                                    SHA-512:92EF1FA42C5CAA692079C340EB7CC12933FCA02F27B806AEF2A4CCBA2A3E9384C86EEE7DCF068CFDD96CB32C450F5664B800D282CB89415BA90CA672349D12BB
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, Unicode text, UTF-8 text
                                                    Category:downloaded
                                                    Size (bytes):21686
                                                    Entropy (8bit):4.595652977134179
                                                    Encrypted:false
                                                    SSDEEP:192:233HgQY69X2Pgo5Y0BUf/Av0QCC6yuC512R3iVr8X:23xY62go5YEQ/FQCC6coX
                                                    MD5:57F3B1CF7E78AC3B79A9346A94F0D9F0
                                                    SHA1:EC2A94E016621A1B7A9DD4C0CB28F921C0814DDE
                                                    SHA-256:7FB8C79223A9A927C813213491925237054875FB10AAAD36A33075A1510A62A7
                                                    SHA-512:C3F1F566AF54E3D2792CFC990D5294A6EAD3954C20371D14156F5C7779F7079A27E2C69F926EAEC47FBBC85B5830DFD8393C9FE7AC813A2B74EEFCB8FADD77AB
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/viewer.html?file=/preview/20240402/W242401214-83991
                                                    Preview:<!DOCTYPE html>. .Copyright 2012 Mozilla Foundation..Licensed under the Apache License, Version 2.0 (the "License");.you may not use this file except in compliance with the License..You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0..Unless required by applicable law or agreed to in writing, software.distributed under the License is distributed on an "AS IS" BASIS,.WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied..See the License for the specific language governing permissions and.limitations under the License...Adobe CMap resources are covered by their own copyright but the same license:.. Copyright 1990-2015 Adobe Systems Incorporated...See https://github.com/adobe-type-tools/cmap-resources.-->.<html dir="ltr" mozdisallowselectionprint>. <head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">. <meta name="google" content="notranslate">. <meta ht
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.547060698698184
                                                    Encrypted:false
                                                    SSDEEP:12288:4ex6v3oiTEkN4MV+rNSjdVhrTZb32Culgp031vjzIjtVVsefA7IV3LqGEYfEzOWm:Xx6v3oiTEk6q+rNSjdVZz8gY1rz4fUun
                                                    MD5:B91978A4991F4584E156725EE588C33A
                                                    SHA1:B71B05CB9880684435A25A8297FEAAF982231969
                                                    SHA-256:F85C6733E86A28882AD0F94AB83149C1F16314A97A7C5B282BE1FF36F900AF8C
                                                    SHA-512:378EE601C5B92FA7A30AE9D0D1D96710FC46C548B91DC0B7055679C47577CD88263D2BE3B4C9DEFB4C3939DA8D371C02F8785133E00E7E1EBFB65E82602707BB
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S6dc790f1625c4fc1abb022414402784c-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.Wlm.\on.[lo.Ugn.Tfm.Vgn.Sfl.Rcj.Sel.Ugm.Sem.\nu.v...........................................................................................................................................................................................................................................................................................................................................~...}...y...w...w...p...gx..fy..o...............................................................................................................|...............................................................................................................................................................................................................................................................................................................................................................................p...m...m~..l|..j|..j|..j|..k~..m...o...u...t...v...v...w..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 356 x 200, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):64305
                                                    Entropy (8bit):7.990085399961072
                                                    Encrypted:true
                                                    SSDEEP:1536:+Te24Bd1NhWb4YkFpFcsxeohUmqcFDCg3qp+eFxS:+Mhnugeo5qcJCBjFY
                                                    MD5:D26EC3781A68BEF0DAADBAE3BC2EC77A
                                                    SHA1:47E8FFBF71995C20AF60C0E69A1EF1A2920F3A83
                                                    SHA-256:FEF38BD6CEAB80AF6C1768DF20A2C9A32A4010FD9C518675F0BA23253C9357DD
                                                    SHA-512:6E3A0A4940EBECF2A03C4EB56613376001638FCB2A53895D01A22C48291314C63F00A42E094E315BC4BFD698C152EC0182CDFC1C8DFE46430F11E6BB43A6B08D
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...d................sBIT....|.d... .IDATx^...]Gu7~.]i.z..U..m .`....SR...........%.....@H> 1..I..)..L.......&[.,.e.^v..v.Sg....[.@r..{..)g..3g.....C....1.......9.).v.8....e.k.....TKtUjk.....M..1....).T.7..R$...v..j.Gx>....-g.QI....mB..h.4.P..r.yZ...d.L~.Kd.....G. c.....3..m../5C0....d.g...X.....n...m.{.\...I....X=.....e[.*N.h...?.o/.BY..{C0D";4.....A.A.78.... ...G....}JG..l*.~.M..k:...i.z#eR6...N.....t...+.....Z9..!'u.+'.t.........9fd.....6]...f.>....0.Jp...>U.R<xP#.#..l...D.+...F+.\*...)S..E]c.nL....T.h...P..I...Y...rTeb.y..R.\.}.&.t......|.. .....HI..0..z36...Y.m.). ..@m.az...;../......A.....`,m3.y.Q=2@..7...1u.`...<..9q.....x4..` ..... ..,..J_......+&. .tt..|...."`. .iaZ.+..sS......28...J#..O..$3.I....be(..O.d...H.z......r.~Svf.S.:......%.S.\...;(.v..C.f.I.R.|...|Q*.Wx..)|#%7...X .n.@P...).].8.V.Y.....l.....+-....3..9.[.._j.J....\)..aVp...F.c..@..v$.r..X.W.:F"b.e<R..h[.3m..U.-J..G.G7...j...A.+.I+w..V...V.P...1.) 3.+.Z...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.598167631925766
                                                    Encrypted:false
                                                    SSDEEP:12288:+0rq/rDz4eIA1PYDI1Qdog7g3h1mhyJ34TuBuL+mg/HlhVeZPqaXWnKqxJTbbAUk:o/vz4eudXVXWnKqxhXAUceHhKOpd67l7
                                                    MD5:483A1B69E89C6B256B601DC1E3D73FE6
                                                    SHA1:0D3549EA3614495EDB638CD611743C004FBA30F8
                                                    SHA-256:748BAEFA34D802D410FB19EC343E5F9C5D932F6349869D706118E470279A3374
                                                    SHA-512:A9E84358EEC9F36DF5CAEE9170EB2AC1021C545C7241DEFA8B7DB0299B877E8E347A1D4BEC7D7FF38A25F4C23770588A902D0B433D3BFC2DB608B3C8C08AA10C
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S6a64d9d44ec84c4987a2fc81e8b9494c-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.ron.vvs.ssq.ttr.ttr.utr.rrp.qqo.ttr.qqo.rrp.pqp.opo.qqq.mmm.llj.jjh.mmk.gge.jji.fff.fff.kkj.fge.jjh.ggf.gge.cca.cca.hhf.efe.bbc.hhg.`a`.hif.bd`.ac`.\][.XZW.`b_.efc.dec._a^.]^[.]]Z.``].fgc.efb.]]Z.[]Z.PSS.GIM.AEF.@A@.PQN.UUS.WVT.UUS.RSR.WYV.XZW.XZX.STR.TTR.UUS.STR.OOM.STQ.TVS.NOL.MNK.KLJ.FEC.FEC.EEA.EE@.QRM.ceb.mom.rvu.qts.lnm.knl.fhd.oqn.oqp.wyx.uwv.wyx.x||.~...........wz|.y{{.vxw.wyv.wxu.xxv.~~|.{{y.{{y.......................~.......................................................qiZ.vn^.rk_.lh_.utn...~.............................................................neZ.kbT.f^P.gbY.|xr...z.......y.kcX.ph].leX.hcU.hcX.XQI.RLC.PKB.HF=.GB;.:6/.?;4.B>7.B?7.C?:.A=:.B?:.FC=.?<7.530.@?<.BA>.EC?.NKH.HEC.LIH.WUR.PPK.POL.ONK.TSP.ZZU.a`\.][X.SSN.YYT.XTP.\[W.[]W.TSM.^^Y.]]Y.[ZV.fgb.ee_.ggb.dd_.]\X.db].RPJ.]ZS._\U.YWQ.TSM.KHC.LGC.GC@.?=;.964.*" .'....%#.( !. .".9>D.-/6.$$%." .'$".(%".)%".)%".)#!.-%#.,%"..'$.+&".*%!.*%!.)$ .(# .*$!.9,).=/,.@20.:/.....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text
                                                    Category:dropped
                                                    Size (bytes):10916
                                                    Entropy (8bit):5.031274114704717
                                                    Encrypted:false
                                                    SSDEEP:192:kP7Hyt3vwdizh13zo2D21Slowp940tX7fx2jF0:kP2pvwdi/3k2+wowpa0l7fQjF0
                                                    MD5:91F2E97345938350ABEF4186F9F1DC44
                                                    SHA1:D70246F7127F8B9D93982CFDFC62216C8F3B33C1
                                                    SHA-256:77F4397DC9C1C6870F6B1CAE9EDDBC8B31A478CA93BFDBFEAE2CDD07316F2E1D
                                                    SHA-512:DCF95B62D3D8AA2F45A2498F0384D52FBDF23241355FCD64D1A60AEE45B233EF21CE17163C03BEF8FA6E3AA823D820904AA3BBC8CC6BCA85B95FB50FDD59101E
                                                    Malicious:false
                                                    Preview:# Copyright 2012 Mozilla Foundation.#.# Licensed under the Apache License, Version 2.0 (the "License");.# you may not use this file except in compliance with the License..# You may obtain a copy of the License at.#.# http://www.apache.org/licenses/LICENSE-2.0.#.# Unless required by applicable law or agreed to in writing, software.# distributed under the License is distributed on an "AS IS" BASIS,.# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied..# See the License for the specific language governing permissions and.# limitations under the License...# Main toolbar buttons (tooltips and alt text for images).previous.title=Previous Page.previous_label=Previous.next.title=Next Page.next_label=Next..# LOCALIZATION NOTE (page.title): The tooltip for the pageNumber input..page.title=Page.# LOCALIZATION NOTE (of_pages): "{{pagesCount}}" will be replaced by a number.# representing the total number of pages in the document..of_pages=of {{pagesCount}}.# LOCALIZATION NO
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):321
                                                    Entropy (8bit):6.815695264083707
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6key13YWkOLiR8Fr7KAAX0SsvPUs33/kNYwnDXM4zoEdp:6v/7Pkey1k6iR8hKAAkSsvPfkNjnDXr7
                                                    MD5:FB94CA39AEC07D85A29FDB62B0B03B24
                                                    SHA1:3D206E303F9663DCA95482DF9ABE55A08851C574
                                                    SHA-256:F386BFF1C7C4986544A70003BD5B6B730153F0788E4D12FFB1372B709D2468B9
                                                    SHA-512:674F36AA503C4B443208A91B42546967227B17871AB9E6688259150F1C735A187DEE737F51F3E01E443DC7247669486BA130C29ACB78B9D4842846836553B948
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7.....IDAT(Sc` .....:.H.L..}....2(..(]....(x.........m.D..}pi......;.Q.........<.......T.>....G:..=.....C<.T.2......iG..../...(.....V.4...I..y....a.....A......?.*}.............[.....z ~.....O......E......?.i..;.i......?..=.Qp...4#...t.D... .....wU..S.Q......&.........z:mI....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):592
                                                    Entropy (8bit):7.544907235672319
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iPFHyRsTvxBz7lFoordP8U1JIDSZgVulWptET19:NHYsT7NH0lGHaE59
                                                    MD5:F7DF70AE88DDE51DD85907B08BA57CC1
                                                    SHA1:409A0C813B660ACFE919DAFCAF2B1DA2F8678723
                                                    SHA-256:B30FC3CED84D2DBE2D5C4A6652B107FCF1979990C9FE227210582628711664E3
                                                    SHA-512:DFD33067DF1AE21ABB61B049E5DF778EFB048F0F53DEE626322F17CB59DEB25E39E6C8EFD865FAE0C237E8BEC95B3F53E2BB0A8A6115C8A3879DC2AABACCC612
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O..K..a...._B....D.Qn)#..2.;.H........1 .8..XB!#.e..I.r)......s.}...n.................U........2..t|G...$.ax..q~..8.....-v...CJ%?.].?a/:c..kp.D..`N...j.....Q..`l{../.p?._..g*....a.......X.#.=.0.g.....p..p...p...]-.....q....f...4M...Rv.h.....-@.&$..<l-.S.d7.[p.......:z.s1....G...q.{0.$...[..WUS.p.....p.......BL*.L.'.O.Z@.mt..JG.c.^...e"p..K.F...Gp..K7G...[..v,.5L(..?.|.r.n...=..1..0..J.u..%.\l...MJ....D.At..F.QCN...L..]..W1..|...P.#.>..n..j...m.e..,gR..s.d..S...E...v.....-....d.(S......,...T..V.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x269, components 3
                                                    Category:dropped
                                                    Size (bytes):17105
                                                    Entropy (8bit):7.970078822142352
                                                    Encrypted:false
                                                    SSDEEP:384:c0z4+Y8hWkmu38jBXZ4MvaYrLaXnY7VElH1YtUSAuL/crnN:9z4F8kQ38l6aLH7VY1YKruLQnN
                                                    MD5:A2EEE8B8F597E4D72E23182C3B491E33
                                                    SHA1:0E19767D25B5FD99F4A9C096137BDF5EF9A824A9
                                                    SHA-256:047AB81388B026DF6F5D3FF3F2784A5CFDEBB0A818A8C1C8BB1E2CF7A5A842AA
                                                    SHA-512:0FC6D975ECA2A40D38398B7858F232E9AD0C770F2C411FDF3EBCFC3C8ACD1A4DAF228B9772376E86B917ACF84BB4FFCBF7A59A39332FC09DC111027E6F30DF9C
                                                    Malicious:false
                                                    Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".......................................;........................!..1.AQ"a..2Bq...#R..$3.%Cb.drs.................................*.......................!.1.AQa."2.#Rq...............?..<.I....E.|!.bI:d.I....(.$.Ii.h...d4...#...t3.......]Q.......i.....=.c..p...A.f......I..`.>Q.....[.[F..e..'....t..ht.........!H..AH...>.A@...5.K.$|.@..$..:bc..."....}'...A:G..p.%..4..D.>.M.h.".O..N.6F.........z...}..XQ..$C..^..."I&...R..)...%.S.@".9.! .c..R...2-.8.C.?.|..WL..K..h,cw....[..|.a...Ndq......X...w.*......-..s.Bf....+h..N....3....7G.x.S......].qP..,w. ..c...i.......}.9.6\}i...p~....=hu6..V&W.._&g.....Q....8..n.W...d..<3M.......sQTlm...R.I.z.UF.W!Q. .:..H^?...V.].i..f.`<...9...L...f...Ng....c...N..V.o..G.....w.5....w.:l.iH....'dt..\c.....T.....>.ps.,os....#........7.. `..X...>....k..........=..|w~..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x182, components 3
                                                    Category:dropped
                                                    Size (bytes):121948
                                                    Entropy (8bit):7.978568468649709
                                                    Encrypted:false
                                                    SSDEEP:1536:Lu6lMuorEpbckpetgRfizQ0GjxQEtU0VPkfmJgLVcmf2Y92tA+CF5TpxqfLnH1Tk:6korEpa3GjxrlVgLVdfxcAN5TvqjnZ1C
                                                    MD5:8D7CCB8559F3DBD3CA72935A816C2FAE
                                                    SHA1:A07D908299C98FC4DB9E90ADE9C792638E00EFD7
                                                    SHA-256:5792BF8FC4BD3224AF895467089AB3204AD3D01A42EC0BC36FC9E1382C47CF7D
                                                    SHA-512:52DE05715F634D70E17811ED0A38A214BA0892F87A5E4E84E5157FF1084133131435ECD84BBEDB51490D7423655D67C984A6AFC926039CDE1B5754D14D49FEB4
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:3F41B4A7B4ED11EEB6A89B3AAE7A16EB" xmpMM:DocumentID="xmp.did:3F41B4A8B4ED11EEB6A89B3AAE7A16EB"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3F41B4A5B4ED11EEB6A89B3AAE7A16EB" stRef:documentID="xmp.did:3F41B4A6B4ED11EEB6A89B3AAE7A16EB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:dropped
                                                    Size (bytes):214740
                                                    Entropy (8bit):7.948761122595337
                                                    Encrypted:false
                                                    SSDEEP:3072:R/B7wKbd59VFp2RhDDaElLGxkfX2L1eBSKnMh4PITnrkznp6NsCHfrEiw+8IE03h:P7xb/PFpED0xkyOSO7yry6N7Hxka3h
                                                    MD5:8899A0C4D49593AC947438B5492FAE35
                                                    SHA1:6D01B7B93879886B1AD5D786307B1C53AD7F605E
                                                    SHA-256:254726489CEDF4D70DE144255C5898038FD542A9452AC97365FA6D29C706158D
                                                    SHA-512:DD81069134663766B9FF6FDDAACBBECFE448FF29D8BB188C08B6161F44A03E04E937F5F29C77827602E41B7E917E1E98DC5898266750E6CB5390E5CB8A19703B
                                                    Malicious:false
                                                    Preview:......JFIF.............(ICC_PROFILE...............mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.......................................................................q...."...........................................[..........................!..1.A.."Q2aq.#....3B...$...45Rrs...%bt..6u..78CTvw......&DS......................................L.......................!..1.A.."Q.aq.2.....#..3B.$Rr....4b..%5C...Ss...6..............?....z.4.v$.Y..Hw...-
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):178
                                                    Entropy (8bit):6.444808654141112
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPl9vtJK6PtcBxdk41ITtW3Ggq3C0MsvVUmNj3FUt+pZSqM76+L5w/+G:6v/lhPO6ykhYHh0M+b0AMtPCRdp
                                                    MD5:2D32348DB7B0ECA4195BF844551A5C58
                                                    SHA1:EC7AA605C063FAF6A951C2D64A8D98933B60F6A4
                                                    SHA-256:F4BF8E4B3DDD92EDAA4F3D39DA434AA55CA52F487964CFE139242A29CFB596BF
                                                    SHA-512:469D3AF1C820E25F62E5ADD0A5950FC2D84FC3E0E47555B4145C4178026026E2BB22D47ED072656E36632041338E9B06C5E5E0347B5DBA6F8181277E5FE1D9A0
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7....yIDATx...-..A.....c...0(.?..<........V..7......#O..)....5.|'@.c..2.;..|. q.c..L.wC..Gi^3.u[.x..'..\K.H..U...o..?|..U....}....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):1336
                                                    Entropy (8bit):7.776590258483341
                                                    Encrypted:false
                                                    SSDEEP:24:mfEfOsx9CKh3Z09W+8xuI+7xF99+vCIw0P4lb9X4vV+2RpaOaV0Q5PsiNUa:mfEmoC34wv93OPdXRAOa0ksmH
                                                    MD5:A7C379E8BD0146CB7CEBBBBA64EB67CF
                                                    SHA1:CE22A676898A4AAA8EA64C394A2F2D31A0DB4CD7
                                                    SHA-256:41C18B3DA2952843C470B0EA63C78BB76D419050B419E67AB3C083183A664934
                                                    SHA-512:DE1C69458ED2B697433C3D7C2BEB70A5945FE6F101CEB7910ADC435A5F6CC428A65612B2DD052B464E59737B2D820A543432716E81C84D282DD73F7AA40E6C14
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/9d773581746f4441b2a95ac0220dd674.png
                                                    Preview:.PNG........IHDR..............w=.....sRGB.........IDATHK..[LTg..g.9...*.......%.B....\/5`.P...P....b.. ...h...6>.&.....r].\.(6imX.TW.ZQ.n.=.ifY......7.o.3....h....[.sG.K......@V..i&)7).....".5...Tu....0n. ....r....4..Ou.m?...7g.....~.Q4h..V..,d$...r....5..jK.%.$a................z...?....5.^'.......). ,.(k..>....?.....Sg:..a.xTMk..A.....N...`.)j.A.....tn{z.".........,..mm.[SMP.:~..P.WQ..e....z.c{+..rZgN.)..X...+K...g..JD!....b.c..6K~.\.:..8T.8.u...........<%..uvg~d.D@......A.M...E...;...|...@X6*U...<....W..I..3.+.....G%.......V2.8 .= ...FD\.,.#K......R.....U...@G.J...)i...d../s.~.58R.{.D.M....J.-"...F.J.^..5.....Q...?Tx.K..~.."..M....{..R.)........wY..W....0.(N6.O%...#<.E...%.\C.v.........j.Y.-$.D......|...pa..w5....I.9...p&.I...n".b......f..GM...p...[.*+I.B.....o.^...].../.ppv....P^.7.of..A....e.H...,.w..............9w_........E.D.'.;.x2..../5..y."6..|.0....(.................G^.M7d..m9....n......1fV.vD.+.V=............v....).a7E..G..+..nAKIf
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.695080227437036
                                                    Encrypted:false
                                                    SSDEEP:6144:+dNiBGr6aHqgRJZbD5GKXwC3mwNtjyLBoNUZtWsxyke0kpTKiyRjjIMRFZ0pCoHo:hCrDGJQ6DTynKhRnIGf6Co042lo3e
                                                    MD5:44D32E8E7563DBDD23B84D9365402885
                                                    SHA1:BBABDFE6466F09800B81A9949F5FE170C7AAB064
                                                    SHA-256:FCFA9B72B4EB38AD457C9A4E0124528C6C9A4782B1A08E3F5A93F855BE23AA5C
                                                    SHA-512:7A9EBEED631DC9E893C96A370B67DB9AD9A0F3EC21E1B264D1B4CE0654651715E97095BFB33273D6EE258360D8883BAA0C43009EAFD9C14142E901AB977F5C5F
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.....................~...{...z...w...u...v...t...t...s...r...r...p...o...o...n...n...n...o...o...o...p...p...q...q...p...p...q...s...s...p...o...o...o...o...o...o...r...t...w...{...z...y...w...v...u...u...t...t...v...x...|...........................................................................................................~...{...{...y...w...u...v...w...y...z...y...x...x...x...x...z...{...........................................|...z...{...~...~...|...z...}...........................~...........................................................................................................z...w...v...v...u...w...x...z...}.......................................................................y...v...v...u...t...t...t...t...t...t...t...t...s...r...r...r...q...q...q...q...q...q...q...q...p...p...p...p...p...p...o...o...o...p...o...o...o...q...v...y...|...................|..................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC (Windows), datetime=2024-03-12T10:20:56+08:00], baseline, precision 8, 1920x637, components 3
                                                    Category:downloaded
                                                    Size (bytes):322250
                                                    Entropy (8bit):7.977856724790312
                                                    Encrypted:false
                                                    SSDEEP:6144:EXsOmVyiKz2P8nBjFCJMRJHIlt3EIOCKuoClM0lSsNWXplH3nV1Rj6n:tUiKyP8nBj0JMRJq+5UlMKtNWXplH33M
                                                    MD5:522136AA7E2EE857F1017C16A5B70DD3
                                                    SHA1:9422340F3516AE433FD83D32BD859C71F5925480
                                                    SHA-256:047F40516896574917110CF27CFB6D9AC02F45C2DDC24E6DC7239B6BCB905A26
                                                    SHA-512:62AF25AEA9C8CDBC3C7E3C233098C052D12C10150A0AB5A38A6D88AFE9DB31C73BB5F441C9A6FB7B5EB6E4864D4579E43737F506AC8FD5C312CDA90310F459CD
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20243/ff632d8d010b4f4aba8413ace7c8dd13.jpg
                                                    Preview:......Exif..II*.......1.......2...2.......P...i.......j.......Adobe Photoshop CC (Windows)..2024-03-12T10:20:56+08:00...........0220........Q.......................}.......}.........Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmp:CreateDate="2024-03-12T10:05:24+08:00" xmp:ModifyDate="2024-03-12T10:20:56+08:00" xmp:MetadataDate="2024-03-12T10:20:56+08:00" dc:format="image/jpeg" xmpMM:InstanceID="xmp.iid:28C8F29AE01711EEB505B467F5263275" xmpMM:DocumentID="xmp.did:28C8F29BE01711EEB505B467F526327
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, baseline, precision 8, 1920x637, components 3
                                                    Category:dropped
                                                    Size (bytes):346008
                                                    Entropy (8bit):7.97789422975208
                                                    Encrypted:false
                                                    SSDEEP:6144:nfF0zM0qkExKBK+Kd3P699+3VgU8hxzbDhkuL3qKG7kS+spAYu:fX/kvBK+Kdf6/M7mreuWrQ5nt
                                                    MD5:9414E8274140D7262098037489E926EA
                                                    SHA1:84C17F5486F7076A772CFDEA419A167D2D29EE77
                                                    SHA-256:90024099A2341DBC6A5FA448F3DD866454F8CF5E6B1FE8C835FFD8E39FF0C15D
                                                    SHA-512:F5A46E681A8DDABA0D60FE38F758D03C3DCCE65816E62216E3433F6B35A0E505DAE6200CDD39301C29844DE1023538022034521CEEB30A7781F499B699670B80
                                                    Malicious:false
                                                    Preview:..................................................................................................................................................Adobe.d...........}..............................................................................................!1.AQ.."aq.2...#....BR....$3br......%4CScs...&56DEVdt.......FTUu.e..........................!1.AQ...aq."2...B.....R..#3bSr...Cc....$5............?...Xf...d.,.[.a.-E.....I$k=k.p......dy.2II..''..$......b..}..._.#....'.'\:....[..f......".Iyd..L.u.m.?....5......+..HF.....i...h...xq...~....$7.......;G..C....-N^B...........v.....~.j~H.....k...?.v....a........8?..q.Y)..6.......$m.....+ .....-Y..b.c..S.,l.o...`.no;65...\..E......p..y..?.TiC.rxS.....h<.....-.z....?s..a...+..*.QI..gpw.n...V...R.;.xG.D.............0p......g..;..*.!j...pr...a.y.[...R....fpRD....[.B...eM...epQ.p....B...(..x'.. p...,...b..W.p.O....6?.U.........?.......b...*xC..........Q.......#......_cc..4..5\..0..0.....Q.x.c..p.?.......V..Z.A..!..{......
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.253305519033015
                                                    Encrypted:false
                                                    SSDEEP:12288:xt42Jq6T15XFbd1qdCa2NoLUZwEI3uNhikYS3evxelUtPB4EjB:ytLitICfYS3exeeL
                                                    MD5:ADA97F9128F0D4C4A0988681CA3594B0
                                                    SHA1:3375C09581D7E4E1AFBFDE4342D22214C14979C0
                                                    SHA-256:9BE0A06B7094DFB440346AE8FA82864E5D8F6DC3D91D8E6F5FF4C4A1D781ABC8
                                                    SHA-512:22597B0582E62FEE7B25B7D74637F69FC1205AC9402FE3851EE6127EE45DBDC3EE923278A18022ECDDC8AA274E9BC65DFA3E6660A2935D5A3FD3FE36A06D91A3
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.mnp.mnp.mnp.noq.noq.noq.opr.opr.opr.opr.opr.pqs.pqs.pqs.qrt.qrt.qrt.qrt.qrt.rsu.qrt.rsu.rsu.stv.rsu.rsu.tuw.tuw.stv.tuw.uvx.tuw.tuw.tuw.uvx.vwy.vwy.uvx.uvx.uvx.uvx.uvx.wxz.vwy.wxz.vwy.vwy.wxz.vwy.xy{.xy{.xy{.yz|.yz|.yz|.yz|.z{}.{{}.{{}.{{}.||~.||~.}}..}}..}}..}}..~~................................................................................................................................................................................................................................................................................................................................~~..{{}.zz|.xxz.wwx.wwx.www.vvw.vvx.vvx.uuw.ttv.ttu.uuu.uuu.ttt.ttt.sst.ssu.ssu.ssu.qqs.ppr.qqs.ppr.ooq.ooq.nnp.nnp.mmo.mmo.lln.lln.mmo.lln.mmo.mmo.mnp.mnp.nnp.nnp.nnp.mmo.lln.hhj.cce.\\^.VWX.YZZ._``.hii.pqq.sss.tut.www.{{{.~~|...}...}.yyw.ttr.nnl.iig.cca.\\Z.OOM.CCA.<<:.775.::8.<<:.>><.<<:.;;9.999.998.898.787.333.222.444.555.000.122.?A@.STT.__a.cdf.efg.ghj.jkm
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):3043
                                                    Entropy (8bit):4.523976179293748
                                                    Encrypted:false
                                                    SSDEEP:48:cPDdH5714u78JW4lJA+AQAMFCeiZ7CAsYCjECVet8b4pTmCwC5fHGGwCDR:Qd2LA5QAPeA9CIGeta3jG9DR
                                                    MD5:C930D60C3A81EFAF12BF713A0720935C
                                                    SHA1:9738D57A9DAD404FD334AD07D06907055BF1E634
                                                    SHA-256:16C7AF270F4D670E7A1E87423A39F6BBE1C45EFB7D00729B84A63A911ECEA37D
                                                    SHA-512:3ED482D822291D33243CE1C9420CC3F8FF2061331D2B94C18B139529AB90A24792EF360A741552F4C284DED59EF13A7579BEC1B9BF1224922A097FEB9B6ABA99
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/img/contact_me.svg
                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="48px" height="48px" viewBox="0 0 48 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>contact_me</title>. <g id="..-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="contact_me" fill-rule="nonzero">. <path d="M27.2,29.7 C26.6,30 25.8,30.3 24.9,30.6 L24.6,30.7 C24.2,30.8 23.1,31.2 20.2,28.5 C19.5,27.9 16.1,24.6 16.6,22.8 C16.8,22.2 17.7,19.9 17.9,19.5 C17.9,19.4 18,19.3 18,19.2 C17.6,18.4 16.9,17.3 16.1,16.1 L15.5,15.1 C15.4,15 15.1,15 14.9,15 C14.7,15 14.6,15 14.5,15.1 L14,15.4 C12.5,16.4 10.8,17.6 10.7,19.3 C10.4,22.1 12.8,24.9 16.5,29.1 L17.1,29.8 C21,34.3 25.3,37.1 28.1,37.1 C29.6,37.1 31.3,34.7 31.6,33.9 C31.8,33.5 31.7,33 31.6,32.9 C30.4,32 28.4,30.4 27.2,29.7 Z" id=".." fill="#0266B3"></path>. <path d="M24,0.5 C11,0.5 0.5,11 0.5,24 C0.5,37 11,47.5 24,47.5 C37,47.5 47.5,37 47.5,24 C47.5,11 37,0.5 24,0.5 Z M33.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 8 x 31, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):102
                                                    Entropy (8bit):5.059914604930726
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPlv0rpVp8LtsfsgJ9FQ4EBEVJk+e7sup:6v/lhP3RU9CRB8JYsup
                                                    MD5:A7F387DA5B410CCF5F5007D0551F4F29
                                                    SHA1:DD359E36265B71409CEA1E46B3A1D630CD9EF4F7
                                                    SHA-256:1E7C61B206714886642C60E3765BA4715FA7CA3A45DD5BD266B4B5BA7F2E96F8
                                                    SHA-512:5DE7922231936FA72E67CEFA402DF4A7D4C25CD21BFBC82C5927BCAB324FF7427D2CDB5F2DE8DFFC348CCD4F41408566A7251F40A4B6CA43FC9D4800C006C6EB
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/newsWrap02.png
                                                    Preview:.PNG........IHDR....................sRGB........ IDAT8Ocd.^...`.U....p.$..p.N.....>..6.P....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text
                                                    Category:downloaded
                                                    Size (bytes):1159
                                                    Entropy (8bit):5.202023838526686
                                                    Encrypted:false
                                                    SSDEEP:24:ZJgwzww2DdGVLu1oeZFGY7DEOJzn1nMeokXZHlJN:ZGF9DdcmzRMeo4XP
                                                    MD5:A05BBEA86033BD11CDE3ED0CF2776F0C
                                                    SHA1:169B7FD00B8CAD259EE8234AC29851A25BF90968
                                                    SHA-256:DBD0B1DCC856A58DEFEC98A51F722FC6848F6E53D1D945808B82350B953A9946
                                                    SHA-512:7CF3AA2B4F0525FF6F34B8A43BBF2FE307C61D95CC60719F332D43A8E5D0B9F77C6BABDC50A9E0318903810AF2BBBC501D0F0518A2363F4B968DDB93ABA2DA0F
                                                    Malicious:false
                                                    URL:https://www.ccic.com/plugins/libs/video/video.js
                                                    Preview:define(function (require, factory) {. return {. handler: function () {. $('.edui-upload-video').each(function (index) {. var width = $(this).attr('width');. var height = $(this).attr('height');. var src = $(this).attr('src');. var tmpAutoPlay = 0. if (!(typeof(cmsAutoPlay) == "undefined")){. tmpAutoPlay = cmsAutoPlay. }. var autoplay = tmpAutoPlay == 0 ? false : true;. var poster = $(this).attr('_poster') || $(this).attr('poster');. $(this).before('<div id="h-ckplayer-contain' + index + '" style="display: inline-block;width:' + width + 'px; height: ' + height + 'px"></div>');. $(this).remove();. var videoObject = {. container: '#h-ckplayer-contain' + index, //.#......ID............class. autoplay: autoplay, // ....... poster: poster, // ... variable: 'player', //..............ne
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.575151486168995
                                                    Encrypted:false
                                                    SSDEEP:12288:fzKUOV297nNWOIN0mnsLrM2uSFcO4DXS9sC+WGIXr5TY/4UN:uDV297AOINznsLrM2JN4DKNl95A4e
                                                    MD5:FA72621291CD96C3DF06FD15EF77A79B
                                                    SHA1:FF1B75B292092FD65738D0E3662A532ECAC8B5FE
                                                    SHA-256:0402DDA2709669049FF444CCDD3692A934A635EF4956313EEEFBFB65F069377A
                                                    SHA-512:A394CC97FF78F8BFCE93F208F912902A8843724623D41138F831089557594AD395B59B18C9F76C186D8B9C1322C1FC0521E99B777A481331F858712A4B2DD890
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/S5a6b73bc8b3a4ce39469e8715c5f57a5-400.png
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|...3."16.%49.&5:.&59.$36.#25.#35.#33.!22..--..,/..-0..*...$).. &...%...#...!...!...!...!...!...!...............................".."&..%(. (+..#&..&)..$'. %(. %(..&)..&)..&)..$+..$,..$,..$,..$,..%-..&...'...&-..'...&-..&-..%,..$+..$*..&,..',..%)..&).................................................................%)).$+,..~x...u...w.......~..}r.uoh.?<9...................... #.TW^.................................................r...[eo.KR[.9:B...3."$%....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):136
                                                    Entropy (8bit):5.969719433977018
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPl9vtJK6PtqshE5k+eFUaqYallaEJx8+f6x3SnjTp:6v/lhPO6fZTUoalrJxVf6xojTp
                                                    MD5:1EC009B6C54709AFA73D99DB10C57039
                                                    SHA1:838ADBE15D84DACEEC25CFD4D8D6AC1580B4F693
                                                    SHA-256:1F18129857BA039238716C12D5DAB4E23E30FF73E3E4D217CF7B65BC058FB22C
                                                    SHA-512:A715EDE13848A77DF5EF2110DFE10B83C76F9C545C83E7272FB16A926983C8F2578B9411C09FF437163F1B0B3E67687D88A89C6003E086B0422733B32FA8FF27
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-zoomIn.png
                                                    Preview:.PNG........IHDR...............7....OIDATx.c.;......!..T...........j.c(....@..&....l...<./..."|.<..h......28.!.....+#. ......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (334), with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):334
                                                    Entropy (8bit):5.143383590772558
                                                    Encrypted:false
                                                    SSDEEP:6:qHrpu8mgO9lVhn5nXm+PLE9XGipLYmHWDJilzJTDoW7xC7JbDRWPWG3+Y+TMe:ijuHnJXmcE1y6WDslZb41DRWZ3w
                                                    MD5:F67D71DB24C8CABD02BBBC28800200F5
                                                    SHA1:A12BE0EB83EDC9ED193901CFC13FDE1D41EE69E3
                                                    SHA-256:5D93DF4316DE900800DBF8C797B6E3A2CC51329E3990DB056E6C5EEEEC24014D
                                                    SHA-512:085E0831A189DAF01E1BC37033CF689B18533FF4000E23EB735D43E9179A42A75FE715121959EBA9B125AB95AC22E0B8EB66D0EEE7631DB52028E0000BB81F7F
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/script/juba/jubascript.js?v=4.5.5.2
                                                    Preview:var juba_uuid = "";(function(){ var juba = document.createElement("script");juba.type = "text/javascript";juba.async = true;juba.src = "https://www.ccic.com/api-gateway/jpaas-juba-front-server/sync/detailcollect.do?webid=M2WWuvCTV3aRDeIw4TUa2";var s = document.getElementsByTagName("script")[0];s.parentNode.insertBefore(juba,s);})();
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 668x287, components 3
                                                    Category:dropped
                                                    Size (bytes):100452
                                                    Entropy (8bit):7.9631200664054465
                                                    Encrypted:false
                                                    SSDEEP:3072:iOIj5llUTSWeFW3SDriqzPEpWPR/kD38sk/mvM5x:XS6eFYSDrXzPlPa38sRvMr
                                                    MD5:131E21D21B254C916AF998711FD8CE4B
                                                    SHA1:2465367665B02DDE445D08362B7657861AC8B43D
                                                    SHA-256:DE1290462A8861805FAD492613D71D2C16CDA3EEDCCE35DEC12032628ED058A5
                                                    SHA-512:664404F94231A03AE90B728A725549C52BB247A38E9DDAF8B526F05F2C7BEF1EE04FABDDE4E466D410A8C3320EC54CD407EB33694C2BCF9DD0717C9BA26B470F
                                                    Malicious:false
                                                    Preview:......Exif..II*.................Ducky.......d...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:1DC734096E8A11EF91499AD71D973B4D" xmpMM:DocumentID="xmp.did:1DC7340A6E8A11EF91499AD71D973B4D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1DC734076E8A11EF91499AD71D973B4D" stRef:documentID="xmp.did:1DC734086E8A11EF91499AD71D973B4D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):934
                                                    Entropy (8bit):7.755879539691994
                                                    Encrypted:false
                                                    SSDEEP:24:SSMgruT3yP7VH5VQq22pIK3JjHMb2Z5gslp/E9:8KCCQq22pIKZjSe5tM9
                                                    MD5:4B188F90A4272426B90D6BD2F4DA744A
                                                    SHA1:45F35D94214389D2AF5EA9C97781A5E0EBCDEC20
                                                    SHA-256:CCDE27B9EC1B1F95472446A0FDCF431322DB9FE0C418FB0BA246CD8592051565
                                                    SHA-512:0117163E13D8C55FE2EC35C286D72B697A1636B54779366D615AB8B70C707AD7CBD4BC402748E22344499A269FE54C4B42A9CC2BA37042B9DBF0422BAA78BA9C
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_on_01.png
                                                    Preview:.PNG........IHDR.....................sRGB........`IDAT8O.Kh.e....4.........Rl)V.#`......P...*-.(....4.....T.$w..\.;.B.E1..*.h].".....h{_.y.%....f.......c.ES.Q..E3..n@.Y.DO....4.2t.....Ca6K..N.i...nM...#..^.Tz..~E.&.;G...<.?...al...)......t.4..e..k.l.....9..^,.....D.r:..n....6i.{....9.9m+.#+2.&Uu...........U....:..*.Y...7.aa6E..-..ur...D....4....`o\...s[[......P .>..C+..q.'..q..kQ..ObKm..m.......i.x..F....>.4a#..?..W......Lc..(..!..Y...U`U.X..)&..k@...l=.._..7.........j.F.z.L....".1.IK.0b....%.f..'FE.40n.=E..lv..?p....G..>.......].x...R}.gvM.... .....^=.....eB..4q..D.....U....qq...N.@+^>....c>..1[.<,.......M.T.m3..*."c..G..#......-.......xo..Eu.U..3....G../..l.....}ii4~[$t...f.wF:m9.A'......N...&....-..@e.|.....[zA.#.?.......NuR...nq. g..[...}.StD$...Wt2.(....[.h.mV9E0....M.i..=.......Uy6.0..-.#V....RWh..dR9.....n.%.z....v...E_V.@\.t...._...%..h]E......+.|m.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (10375)
                                                    Category:downloaded
                                                    Size (bytes):266519
                                                    Entropy (8bit):5.8414467801797
                                                    Encrypted:false
                                                    SSDEEP:3072:kOnCuQiHY3YPxfeRsPDprvJL+bYUk0xT8/ipPe72XdbkSs7IdN8F29sgY7OH:43yxttkFpGYdbkSII
                                                    MD5:5F380B54EFC2FD09AB947D87F05ED7C9
                                                    SHA1:7C1BC541B437A40E0619A672886461884BA57D50
                                                    SHA-256:33759EC253BA4ACE69550EDE47CF43C74A2B5FAACC35CE34CBD1FD773575AFB3
                                                    SHA-512:AEF1EE9A77DDCF731D495C2EC4956CB40CABB231F98D8A709E2E3B972A59C05CB3B8D04B35ECFE01F4B42FB96665D5E67A2BB1D30E4284A6B3D16A2C7DD1F82B
                                                    Malicious:false
                                                    URL:https://www.ccic.com/plugins/libs/video/ckplayer/ckplayer.js
                                                    Preview:/*.......ckplayer.......X1.......niandeng.........--------------------------------------------------------------------------------------------------------------------...................javascript(js).actionscript3.0(as3.0)(as3.0....flashplayer.............)................HTML5-VIDEO(..)..FlashPlayer..--------------------------------------------------------------------------------------------------------------------.............1.flashls-..=====================================================================================================================.*/.function ckplayerConfig() {..return {...flashvars: {},//....flashvars.......languagePath: '',//..........stylePath: '',//..........config: {....fullInteractive: true,//............delay: 30,//.........
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x720, components 3
                                                    Category:dropped
                                                    Size (bytes):116683
                                                    Entropy (8bit):7.979129833121965
                                                    Encrypted:false
                                                    SSDEEP:3072:8539yEhsRv77BmOZfOOsFcuW0i62MFsXO83W4s:8F98UOZGkxJe83js
                                                    MD5:9588E190161C2E7D1C14B3AABC7AA122
                                                    SHA1:C6DA402B5533D9F2F3F018EB0233DF6285F269A4
                                                    SHA-256:5CD474B7EDD5FC8EB457F2B20BB2ECE7F276D3441EE86C149AC4103526C1C579
                                                    SHA-512:93D781390BF7C0D822354D91626C092DE1EB0D19D8309E16C56DD6A79BC6AB31FC41FA3792230A8707FDE6FE43905D9A896F0230EC9D501C3EF6A5A8B1A8D63C
                                                    Malicious:false
                                                    Preview:......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((........8..".........................................^...........................!1A"2Qaq..3..#B...Rr....$4Sb...CTs.......%&5DUt...'6Ecd..FV.7....................................>.......................!..1A."Q.2aq..#3BR......4....$C5DSbr.............?...i.#.S....0..gt....Y..p|2.Ip$g>.......e..g.i...j.,8.....V.O,.j..YS..<.~.%n..Jz)..M....7+h..z.6.....X...w..~..<N
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):1322
                                                    Entropy (8bit):4.87070943220819
                                                    Encrypted:false
                                                    SSDEEP:24:qkaE+5wE+QIEPMErPKKdNZhcLKi4QnePv+AOP4tP6x4ZRY0eQfCY0w:q4AX+QfPLrrljH2AKyGGRqQfCc
                                                    MD5:66849903ED6FF8C0D66E1FCE2FADE298
                                                    SHA1:21333139ABBCC1D08C0E5A95ABED761D4AD35FDE
                                                    SHA-256:D49CFAAE43BF15C99EAA396B7C2438041495C81E4B7A2F87E809E40D71742FB8
                                                    SHA-512:819864137B5936178BA2168960591D098A211D51EBBA096B952C8E2E70AFDAD18C67266C791DB8A6E9A7C5C30436B4C8FFE2DDCB47DDA5A8E58E2D5C1D880F5E
                                                    Malicious:false
                                                    Preview:require.config({. paths:{. "adv": '/plugins/advertise/js/adv',. "advEjectWindow":'/plugins/advertise/js/adv/ejectWindow',. "advBayWindow": '/plugins/advertise/js/adv/bayWindow',. "advCouplets": '/plugins/advertise/js/adv/couplets',. "EasyReader": '/plugins/accessiblereading/js/EasyReader.min',. "jplayer": '/plugins/accessiblereading/js/jquery.jplayer.min',. "jqueryMd5": '/plugins/accessiblereading/js/jquery.md5.min',. "jsbrowser": '/plugins/accessiblereading/js/jsbrowser',. "barrierfree": '/plugins/accessiblereading/js/barrierfree',. "articlePaginationLoad": '/plugins/libs/articlePagination/articlePaginationLoad',. "articlePagenation": '/plugins/libs/articlePagination/articlePagination',. "videoLoad": '/plugins/libs/video/videoLoad',. "video": '/plugins/libs/video/video',. "ckplayer": '/plugins/libs/video/ckplayer/ckplayer',. "articleSlider": '/plugins/libs/articleSlider/articleSlider',. "articleSliderLoad": '/plugins/libs/articleSlider/
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (361)
                                                    Category:downloaded
                                                    Size (bytes):342928
                                                    Entropy (8bit):4.958904119284503
                                                    Encrypted:false
                                                    SSDEEP:6144:i1TfZaaXWDJCFk8BlaF/ogFt2SuI+OxfyV0dyrgnZTu/6z5cKeSbtVR7ZMmzTCDZ:iOPfyZXcBpo
                                                    MD5:3C3E5300FC366A3B6C0CE79741395A30
                                                    SHA1:CA1B0F4C211BFC7DC94FF7B335AA372B6ADADA1A
                                                    SHA-256:54EDB2285C2A22B797D140C6C6C77C6B0457866A1FED28136DF7CD56D97D9B0D
                                                    SHA-512:342FAF0986A8BE5EAC782888DFC3E70C61F6CD9F8A8408CF302FEFC9E2A9B074BB04599B0104BB873D6306E298CA43301E149F6BF2045B63BD0BAEE614E8500A
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/viewer.js
                                                    Preview:/**. * @licstart The following is the entire license notice for the. * Javascript code in this page. *. * Copyright 2020 Mozilla Foundation. *. * Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. *. * http://www.apache.org/licenses/LICENSE-2.0. *. * Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. *. * @licend The above is the entire license notice for the. * Javascript code in this page. */../******/ (function(modules) { // webpackBootstrap./******/ .// The module cache./******/ .var installedModules = {};./******/./******/ .// The require function./******/ .function __webpack_require__(modul
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 380 x 159, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):77938
                                                    Entropy (8bit):7.993835553037984
                                                    Encrypted:true
                                                    SSDEEP:1536:bPSABKuSrKuIuJ9vbwFUCHWvsSjA0yojNaghpECQysdBxXawXa/AU:LSjuSZ39Tw9AsSjgoBaKpExxXaZ/T
                                                    MD5:5FE98884FAC02836E28F48B366F815A4
                                                    SHA1:1837C80DD0E6D5BE23C82253BE923A0CC3E06BB7
                                                    SHA-256:8CEABEFAE0A3F9B89DBFB58EB30DA2F5F3351AA49EA3F7815B52D36259CED4BF
                                                    SHA-512:07AC98D242833C100765029BB33C94AA23ABA0D4EF6A4B9937D39078472889500370128E0C6A21CA8B10D212250A263A0D6357D245A713CC4C8ADC1B328AEEF6
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...|..........@bR....sBIT....|.d... .IDATx^.Y.m.U.vn.[R.C6j.. ) .. 8c ...`...(.$ ...............N...?.d......[AL...F=H..z.J..uoe}.s.s.[....T......k...s..>......>..k...=|zx..A..w....j|..x.5..7.........V.<....k......e.t.....^C...^...Ht........=..YT.._[Rh~.._.D.c:.I.u..'.?.. ..B....U..w1.....3N......>.\@....A+.c.$|..J6...f;..!..}]'.K...a~~hur.R...X8w}.B.c8.?....A.&.".C...(..x.....#Y..A......_.c|DK..;.]....z..._._"\.......:.,.....3..^.f9I,.s.E..@.J....n...Y...A.....Q...jf..-.g..y.|h..n.k.....5....h@.r....v.z...v.?......-..s..h.cl...u"6..a/......4.9.l..B..o.......&.B.];..6m+4~t]xCFG.!..e...wa.uta[r..kK3.5F../....Ko....M.w..d.&.E...[w......w.....z.X.U............?@;.8.,-.. ..zb0.........c.......*.M..v8&.l..#Mt..T...>..y].......l.$..7...Z.p.E...M..C.0....o....ha..s...! ,..Z...3`,U..M.g.%.K.X..L...\.....f#.q..!p.0..aG..x...7b.....1[#2../>... ?..B`........].`U...y.,.........bL.c..jH>.V.Sx.....f.C0&..o.....C.t.y.dI.Y.k..C......x..I.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):243
                                                    Entropy (8bit):6.564897028272429
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO6FsyTSmn8afeaT6KC2kHtj5HUBO8d3N1npC4gBs0aghoVp:6v/7PFsVm8afeY6gUtjEO8dNvCt3q
                                                    MD5:7AF7E96CF59FEA4B789DB1C5D4636D08
                                                    SHA1:6CEDBEDDAC0D6191AFE09CABED7B6D517F7C7B21
                                                    SHA-256:C41DD1F67D354720DF07F64ACAA46716D50AC22E10EFE15E92FE6033DEA8FF68
                                                    SHA-512:72352C3E9A1120A2B6EC41BE1A5DD82CE4E56B183FAF75C196FBD8C88F45A7F1261300A3377136C1D871D93ED45B3E6AC1FB46DBC0526732FFF485CF5C355FED
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-secondaryToolbarToggle.png
                                                    Preview:.PNG........IHDR...............7.....IDATx.c...?..; ...?...AH....O.?...?32...Bh.Y......7.gEfC..)............l......._......(..p.|..K./}.~X.0...0.............X..0...?.....f.L.l.t.....>Y.e....I7.?......@i$6"(....P..ME.....$8......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x637, components 3
                                                    Category:downloaded
                                                    Size (bytes):358575
                                                    Entropy (8bit):7.97337616019685
                                                    Encrypted:false
                                                    SSDEEP:6144:basLz3U5e3HHMF6nSKyIugim+Lfaog++MjriU1X6Wuz0MxiZLQtEI1x4CCfEML:basc5e3HHMF+FugimqfjF1XMTXx4xfEQ
                                                    MD5:4A1F645B9DF61CBD0322C7C4FB423A29
                                                    SHA1:EBD2983265120094BD1684677BFF3D5748A5D476
                                                    SHA-256:05E65BD5869035485DC06A7E0A0B4747E56244D25CF5F1E2C56494E48BDC8597
                                                    SHA-512:7331876C71AD79A905D9D9D8472E0F1E855E7F7B13A3D11077C1F7B21E40D0E6A0B44F0F80E6D8A7169F1F79DB306521EA9338847CAD69311E705D2E741AAE21
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20244/A8707F418188EE439772412EAE033514.jpg
                                                    Preview:......Exif..II*.................Ducky.......Q.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:18302280FAF611EE9240D4747675B714" xmpMM:DocumentID="xmp.did:18302281FAF611EE9240D4747675B714"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1830227EFAF611EE9240D4747675B714" stRef:documentID="xmp.did:1830227FFAF611EE9240D4747675B714"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (65152)
                                                    Category:dropped
                                                    Size (bytes):281689
                                                    Entropy (8bit):5.38067767072227
                                                    Encrypted:false
                                                    SSDEEP:6144:M+lP9ufSF0Mz036TfMf56QdQzsG7YLN3mkLuES:T8wMAQdQzsGvkL2
                                                    MD5:DBD110E4C35CC863BEC923F9975314EF
                                                    SHA1:2A4687ACF4A59CF44F0091493815F22257C00B54
                                                    SHA-256:B7D54C02E1404DC0F7352C1B9A6D63AD571D392B650E73D2E332F519958798DE
                                                    SHA-512:5A18CAB00670B77256EFFBC94B815DB1A63B9281782593BA09F1197B6E36D9C46B53C08511263E0A9C42BD66F8A7C2072743D2A557147F565E8A1237A3BEF25A
                                                    Malicious:false
                                                    Preview:/** layui-v2.5.4 MIT License By */. ;!function(e){"use strict";var t=document,o={modules:{},status:{},timeout:10,event:{}},n=function(){this.v="2.5.4"},r=function(){var e=t.currentScript?t.currentScript.src:function(){for(var e,o=t.scripts,n=o.length-1,r=n;r>0;r--)if("interactive"===o[r].readyState){e=o[r].src;break}return e||o[n].src}();return e.substring(0,e.lastIndexOf("/")+1)}(),i=function(t){e.console&&console.error&&console.error("Layui hint: "+t)},a="undefined"!=typeof opera&&"[object Opera]"===opera.toString(),u={layer:"modules/layer",laydate:"modules/laydate",laypage:"modules/laypage",laytpl:"modules/laytpl",layim:"modules/layim",layedit:"modules/layedit",form:"modules/form",upload:"modules/upload",transfer:"modules/transfer",tree:"modules/tree",table:"modules/table",element:"modules/element",rate:"modules/rate",colorpicker:"modules/colorpicker",slider:"modules/slider",carousel:"modules/carousel",flow:"modules/flow",util:"modules/util",code:"modules/code",jquery:"modules/jque
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 414x391, components 3
                                                    Category:downloaded
                                                    Size (bytes):104912
                                                    Entropy (8bit):7.962395053617
                                                    Encrypted:false
                                                    SSDEEP:1536:l3OpWfJ2YAVXjMF9hxeoik4yFTndH6Nlbs/aX8RO1t7o6hhMO/AuOJav2BndRmyV:zB2zCJxeR9edH6NpBM67oSbCnmyV
                                                    MD5:F454F5483B5F6C954E818177A5B3AF18
                                                    SHA1:ACD35C59A3877D42B9352CA4DACAFD410188C4BC
                                                    SHA-256:C02DC4FA2081FEF649D5BBAA44E1D116E53BF7785B5BAC8EBE28172856CB5E64
                                                    SHA-512:0E2A05B0C4566A2DFE062E8718FD1DF4A639DDDA3632D2F746F4E1690C5A49FFCF26467C5C17BB56A5256309CDA288042D69864170BBAEEC798F38F6045BF309
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20241/09ab001c4bb34b54b52db09743ebc48d.jpg
                                                    Preview:......JFIF.............C....................................................................C............................................................................"...........................................i..........................!.1..A.."Qaq....#2.....BR..$3.%Cb...'467FUV......&5DSTdfr....8EGsu..ct.........................................Z......................!...1..AQ"a..2q...#...3BR.....$%4S.5Cb..&6crstuv......7DT..EUdf...............?...........b.....X....V+.......G.|....;J....V..Os.O........;N....V..E..............h...'..w\}..R...."...%.....?g...b.......9.Y.>..>...?..0..'........X..$.#~......j..........XH .....eI>....~..)......=\(...:E..=.c,k.A.3.GXV.W.G...t=q.9I.z.s..........$..q.J....q.....:..J8.;}.=..r~\c.!.j.....s....[..8RA.#.=..9.............o....G..=..j.o.......Kd..q..1.{g..>:..g.O8.....m....''.m...88>...z.R.....#..W.. `.=9.@......bA...G..f....q.........6..g.$.G.../....}.8....%.`.}..=e.R"..D^..8....P'...z..Y.s...z......9A...........
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 17, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):7402
                                                    Entropy (8bit):7.814101531066309
                                                    Encrypted:false
                                                    SSDEEP:192:/gMdViSpBlff9mawyoufnvZjF7REZhpp3MtQQ:/DViSpzfDVff+ZhHMuQ
                                                    MD5:9244A600A36F650764A9512791792EC8
                                                    SHA1:C1ABF9B89AF7392824F2228312785A899DF224A0
                                                    SHA-256:826D7D78FC6FB07D0546261D93F82E109225AB81BA612B7EEEFEC942DA66F7E9
                                                    SHA-512:E1679FF6081ACEB386D0D719F9FFA89251F2438882308DFFC646E6C531558057BCEDF9946CE85EEB2F2F0B069BA4C03669F861EEE503F72BDE3B88D204CFEE54
                                                    Malicious:false
                                                    Preview:.PNG........IHDR..............,.....acTL........L.-.....fcTL.....................d....3.G....,IDATx.RM..a......D.-I..:x.6..bKK.D...mK.....A..=...N.7..!..@0.....(......3A..w@..z^...K{..}.y...}.q0.[.G.....{.w....8..e..26.ag'6(..kH.j....S.u...Ok....L..s.....tt:...?..r..~.4.._Qq.P...s.,/>.tFEy0..f..A.m*.Z@x....].|~=...ej...Ml.L&2...1.....K|.".A.S.V..XU.@4.}@.<..r.|..v.B..0.^..J2.\s8.7...:......;.^.9m....*...;B..A.&6.....T*...~e.]0.j..t...>B..;9......>..Z....@......+^..#6zB...`..a#.RIN$....4.d........Zc$.y(..*..v..Z.6G.D........I.V....u.3..66..p......'.b.|.\..0.\.e.5.(.}.G.k...b~4..r.K....x..I.X.J{{.....&O....1+~.O...@.P....fcTL.....................d..........+fdAT....x.RAh.A.].EXP....%.A..VD....*.Hl.=X..f%xj.$..P.`..rH.RP...=..CA6.[.!d.b.6.nh.Iv..q..c..?...g...1.<............[ ..w>......8.V.o..z.&.k.m.a=......N....z...W..v{.Tj4......._.V.....h.3....(....3<.0....W...l......t:}..qB........T*..n.P.....L&.=..[...f....( .....7(.,%.H.Q...........
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):1251
                                                    Entropy (8bit):5.663913442543068
                                                    Encrypted:false
                                                    SSDEEP:24:jiv7RWi03mRKdgd3kG7RWY6mRt6oIdzlwWkgPvm647ugPFjA:O7wOQdcR7wY+5dz2WkomP7umc
                                                    MD5:259A36A3D602B0B17148C6BD708923C2
                                                    SHA1:E4B93D6141F612C8FC59D99D6ED7F65FC9ABF080
                                                    SHA-256:B99C95EA55E7D03E23B7EB991E8915E55F832AACC95B7E8BCFC79E1750B8D5D1
                                                    SHA-512:6029B1ED6A34CEB26968631F25055C6A82E1A1CF4318F31E4621A73C710AB4F1E5E0162C417228D2933EACBC574E2537DABD3E12E94BD60E285AC3F302F7F626
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/getRem.js
                                                    Preview://window.onload = function(){.. // getRem(750,100)..//};..//window.onresize = function(){.. // getRem(750,100)..//};..//function getRem(pwidth,prem){.. // var html = document.getElementsByTagName("html")[0];.. // var oWidth = document.body.clientWidth || document.documentElement.clientWidth;.. // html.style.fontSize = oWidth/pwidth*prem + "px";..//}......function sm(){.. //..html.... var psd = 750;.. var html = document.getElementsByTagName('html')[0]; .. //............. var w = document.documentElement.clientWidth || document.body.clientWidth;.. //750................................... html.style.fontSize = w / psd * 100+ "px";..}.. ../*.....*/..if(navigator.userAgent.match(/(iPhone|iPod|Android|ios)/i)) {.. //.... sm();.. $(window).resize(function(){.. sm();.. })..} else {.. //.... $("html").css("fontSize","");..}
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 87 x 87, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):11583
                                                    Entropy (8bit):7.971472047466238
                                                    Encrypted:false
                                                    SSDEEP:192:Cl7c7aIAtapldd6S6hpb27K+vojzaQ8inlHbe1Qjy9xjTIF5GMZEtEh4FlyPN4Cq:Cl7+aIPpldF6hAuQoH18OhrjGRqYIuIM
                                                    MD5:3AB315A038E564907751DAA6F2884839
                                                    SHA1:151793565D8D75076F6D6B87367FD7CFC07C14E6
                                                    SHA-256:32A72011B430961381EAFE4E25284702CB9B63987BE3A40544A13367C1FF8347
                                                    SHA-512:E6B868F61703832AB0DE1F6E93EE9101702753A5D18AD611D11DD517B769EA8ABEFEC1320B4061CA128A2769C8FABCEA3D3F8EB1D84545E7B500331B22B8A565
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...W...W.....q..l....sRGB....... .IDATx^....eU....4..&.s.Q.$ (.b@A..P..1..D.....(bVTD....H...0.03=...]..4.3...zu.{7.S.k.:...............'..o..z..g9v.[....:....y?...~o.1....~..r...?..~{.>.o...o...:.2........k..,.H...'0.......z...Y..yo.=3>.c.S\...{dN..8.l.kI.m;/c4.6....e..:.kOrL.>......1....&.:&....\&F./*r..s~...>..3.j........5....3'.r..........vx,.T2.6..........z.:...sL...8#F.2.P.hG...Dh!c.{.....PBn<Qo...F.X^...X$<......".....s...6.O.4.1.h.Z\..U....g..;......z..........G../.|-.......O<1B....g.2.,Ss....~.VXa.Zn..F8>.t..?.\.5..........5m.Zv.e.q.@.D.`..f,...1}.......z......F.cP...G.f....................~....!....>..z..^V_.......sM.:u.[!...}...<.....}.{k..._$yq./~.:.j.w..~...q.q.....~.._..nX....k...zB...K...~.....>8.h.l..V.y..u.u..g>.?.~-..R#.a.P...t.A....=..c[.,..d..n..>........m>[R.|...w...^{.o....f..'.xb3...:.N=..:.....n.....N:..l..._..W..s.Fv.g?...n..qB...5.......|.#u.]w-2....Eu.9..../.......Y.2.....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):6.547060698698184
                                                    Encrypted:false
                                                    SSDEEP:12288:4ex6v3oiTEkN4MV+rNSjdVhrTZb32Culgp031vjzIjtVVsefA7IV3LqGEYfEzOWm:Xx6v3oiTEk6q+rNSjdVZz8gY1rz4fUun
                                                    MD5:B91978A4991F4584E156725EE588C33A
                                                    SHA1:B71B05CB9880684435A25A8297FEAAF982231969
                                                    SHA-256:F85C6733E86A28882AD0F94AB83149C1F16314A97A7C5B282BE1FF36F900AF8C
                                                    SHA-512:378EE601C5B92FA7A30AE9D0D1D96710FC46C548B91DC0B7055679C47577CD88263D2BE3B4C9DEFB4C3939DA8D371C02F8785133E00E7E1EBFB65E82602707BB
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|.Wlm.\on.[lo.Ugn.Tfm.Vgn.Sfl.Rcj.Sel.Ugm.Sem.\nu.v...........................................................................................................................................................................................................................................................................................................................................~...}...y...w...w...p...gx..fy..o...............................................................................................................|...............................................................................................................................................................................................................................................................................................................................................................................p...m...m~..l|..j|..j|..j|..k~..m...o...u...t...v...v...w..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):934
                                                    Entropy (8bit):7.755879539691994
                                                    Encrypted:false
                                                    SSDEEP:24:SSMgruT3yP7VH5VQq22pIK3JjHMb2Z5gslp/E9:8KCCQq22pIKZjSe5tM9
                                                    MD5:4B188F90A4272426B90D6BD2F4DA744A
                                                    SHA1:45F35D94214389D2AF5EA9C97781A5E0EBCDEC20
                                                    SHA-256:CCDE27B9EC1B1F95472446A0FDCF431322DB9FE0C418FB0BA246CD8592051565
                                                    SHA-512:0117163E13D8C55FE2EC35C286D72B697A1636B54779366D615AB8B70C707AD7CBD4BC402748E22344499A269FE54C4B42A9CC2BA37042B9DBF0422BAA78BA9C
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB........`IDAT8O.Kh.e....4.........Rl)V.#`......P...*-.(....4.....T.$w..\.;.B.E1..*.h].".....h{_.y.%....f.......c.ES.Q..E3..n@.Y.DO....4.2t.....Ca6K..N.i...nM...#..^.Tz..~E.&.;G...<.?...al...)......t.4..e..k.l.....9..^,.....D.r:..n....6i.{....9.9m+.#+2.&Uu...........U....:..*.Y...7.aa6E..-..ur...D....4....`o\...s[[......P .>..C+..q.'..q..kQ..ObKm..m.......i.x..F....>.4a#..?..W......Lc..(..!..Y...U`U.X..)&..k@...l=.._..7.........j.F.z.L....".1.IK.0b....%.f..'FE.40n.=E..lv..?p....G..>.......].x...R}.gvM.... .....^=.....eB..4q..D.....U....qq...N.@+^>....c>..1[.<,.......M.T.m3..*."c..G..#......-.......xo..Eu.U..3....G../..l.....}ii4~[$t...f.wF:m9.A'......N...&....-..@e.|.....[zA.#.?.......NuR...nq. g..[...}.StD$...Wt2.(....[.h.mV9E0....M.i..=.......Uy6.0..-.#V....RWh..dR9.....n.%.z....v...E_V.@\.t...._...%..h]E......+.|m.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):95
                                                    Entropy (8bit):4.480992332034815
                                                    Encrypted:false
                                                    SSDEEP:3:qxAEBmHs0RkQRuCFVe49CJeTEZMiHo:qTks0RkQRuCetGEZMSo
                                                    MD5:57D6A4A452D23C56C76F94E5F2D528BA
                                                    SHA1:65C16978D4AEFC4333133F65C1CF0AF1246E5B02
                                                    SHA-256:16A0D8DD1A63F8B62B6956A67D0BDFFF15EA7267F45F7D38366684BAD6616D29
                                                    SHA-512:4DC72BBA488A06BC506D9C744F53E32801CCC421B7BD69C263997EDE8F67EE06C31E9C82AC626B7F2A43E3C0A866875386B324E8EE1A5DF6C012BB109B0EFDC1
                                                    Malicious:false
                                                    Preview:var isRead = 1;var beComment = 1;var cmsAutoPlay = 0;var beCommonCss = 1;var webLoginType = '';
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):684
                                                    Entropy (8bit):7.589795647084021
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7i2yu8ih59cxtQa76fYlg0AucuKMGiuJbjbTVrGbaANJZeiY:pu8oMT6TJuKMGiuJbPBGdrjY
                                                    MD5:555682944AF2ACFD820654E5FB93035C
                                                    SHA1:BCF8DE7C12BC7F253FFA6CA256EEEB33BE4069D2
                                                    SHA-256:E5F26673A66C87FBBC7DF8E597D2CE67AA903F80CCA7146ABB00CAF819F0D813
                                                    SHA-512:8352E25D2F92083414DE5DEDF46A0D9933340EBF04DB4AB67ADEB69EEE51E0E0F93B7968CFC725F03916CE492D1457EBFFAE4E69C5FCB097013971C6250FA822
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_07.png
                                                    Preview:.PNG........IHDR.....................sRGB........fIDAT8O}.M.i......FV>fh..4.....Y.....4.VY.....k1.P(,|d...|%.$.(a.....1..8...]x....s_.:............:..F...............=.#..[1..c.......^V...1..|.iX...}.]~R...t.^.4....'A...e|..p..p./:R.....~..7.71;.../6a__.C.$@y.i~o.*..{.u.|..8[Z. ..i...5.GI..?..&v....u..g..%....^.,,.z.S..b.+.Y.u.s..1....k....n...]..Q....T........+`w].Q...?^-.....0...a..Ge.4%.:.D&#S...Za.C%kS.j..<!:..)y=Nt.E.d.......5)2..4.at.Fjm......2_/.a.@.m.w.$...r...d...}XL.dO.....x.nc.N.-..\..g.MA.Z\wb...>.....6.f......}r.MM.i.S."L...i%7...T.......fy..T.p.i..l.L.y<..>..i.....l.^...l.0..j7...*++.g..fiT....A.o.o.2-..`...$I....{....a.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):174
                                                    Entropy (8bit):6.328073168725834
                                                    Encrypted:false
                                                    SSDEEP:3:yionv//thPl9vtJK6PtQAmlFDamqtQVZXhVZmUReBY6y5TqtoN1uQD4CKEloeQkw:6v/lhPO6RmlFGNObVZJRbBNqtoNVNQkw
                                                    MD5:97676EBB2225309AD15BA193F23F7FA8
                                                    SHA1:0193CEBC494FACB8BA8733A1A8F50457E7189F56
                                                    SHA-256:0A281D912535DFD0A663182D7E9DB5E6BCD9CA699AAEFB489CE0E313F990D666
                                                    SHA-512:537C09DC06FF1865D2002DFE8140553FEB97CC2C76A78BF89EADDFEAFFDED2BB8606D1B2E651F49D9B994607413C54305EC589AD72788808DED6C6D80C547DC1
                                                    Malicious:false
                                                    Preview:.PNG........IHDR...............7....uIDATx.cb .....C.....c0|C..&0.C.d(...1..A.t0.\+...t......L3.v.8v...?h1..&.M....b..c.........oY.9v....2.......M.g=.....y.......IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):3043
                                                    Entropy (8bit):4.523976179293748
                                                    Encrypted:false
                                                    SSDEEP:48:cPDdH5714u78JW4lJA+AQAMFCeiZ7CAsYCjECVet8b4pTmCwC5fHGGwCDR:Qd2LA5QAPeA9CIGeta3jG9DR
                                                    MD5:C930D60C3A81EFAF12BF713A0720935C
                                                    SHA1:9738D57A9DAD404FD334AD07D06907055BF1E634
                                                    SHA-256:16C7AF270F4D670E7A1E87423A39F6BBE1C45EFB7D00729B84A63A911ECEA37D
                                                    SHA-512:3ED482D822291D33243CE1C9420CC3F8FF2061331D2B94C18B139529AB90A24792EF360A741552F4C284DED59EF13A7579BEC1B9BF1224922A097FEB9B6ABA99
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="48px" height="48px" viewBox="0 0 48 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>contact_me</title>. <g id="..-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="contact_me" fill-rule="nonzero">. <path d="M27.2,29.7 C26.6,30 25.8,30.3 24.9,30.6 L24.6,30.7 C24.2,30.8 23.1,31.2 20.2,28.5 C19.5,27.9 16.1,24.6 16.6,22.8 C16.8,22.2 17.7,19.9 17.9,19.5 C17.9,19.4 18,19.3 18,19.2 C17.6,18.4 16.9,17.3 16.1,16.1 L15.5,15.1 C15.4,15 15.1,15 14.9,15 C14.7,15 14.6,15 14.5,15.1 L14,15.4 C12.5,16.4 10.8,17.6 10.7,19.3 C10.4,22.1 12.8,24.9 16.5,29.1 L17.1,29.8 C21,34.3 25.3,37.1 28.1,37.1 C29.6,37.1 31.3,34.7 31.6,33.9 C31.8,33.5 31.7,33 31.6,32.9 C30.4,32 28.4,30.4 27.2,29.7 Z" id=".." fill="#0266B3"></path>. <path d="M24,0.5 C11,0.5 0.5,11 0.5,24 C0.5,37 11,47.5 24,47.5 C37,47.5 47.5,37 47.5,24 C47.5,11 37,0.5 24,0.5 Z M33.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 668x287, components 3
                                                    Category:downloaded
                                                    Size (bytes):106263
                                                    Entropy (8bit):7.985058786228339
                                                    Encrypted:false
                                                    SSDEEP:3072:7tpWzWsmVBhyZD0TZd4+Q7UpTmnmMaqAafM:5kOtyNsdXLEnmtqnU
                                                    MD5:027C5FA8070C9DA676FBD6EA176C19C0
                                                    SHA1:E654FA391B0D90F1A65DBCF05AD1C72BE471EAD2
                                                    SHA-256:F0CB67DDB69E35F2B7CF36DF35869188DD89E5FB3827257422AFE8947CC9536E
                                                    SHA-512:8862DA1EA53A8AECA8311316CB0E4E85669E2BF07279BCF21F17987631E4EF5618E6855C06C83F4BFC4845FB3099BF996CD913FE0EFF341F291C1CFA0CC79505
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/20241/00f860c4cb1f450ba73b3fd1199eb732.jpg
                                                    Preview:......Exif..II*.................Ducky.......d.....*http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:9180D1DDB4ED11EEAE09B5479DCA5EC4" xmpMM:DocumentID="xmp.did:9180D1DEB4ED11EEAE09B5479DCA5EC4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9180D1DBB4ED11EEAE09B5479DCA5EC4" stRef:documentID="xmp.did:9180D1DCB4ED11EEAE09B5479DCA5EC4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1251
                                                    Entropy (8bit):5.663913442543068
                                                    Encrypted:false
                                                    SSDEEP:24:jiv7RWi03mRKdgd3kG7RWY6mRt6oIdzlwWkgPvm647ugPFjA:O7wOQdcR7wY+5dz2WkomP7umc
                                                    MD5:259A36A3D602B0B17148C6BD708923C2
                                                    SHA1:E4B93D6141F612C8FC59D99D6ED7F65FC9ABF080
                                                    SHA-256:B99C95EA55E7D03E23B7EB991E8915E55F832AACC95B7E8BCFC79E1750B8D5D1
                                                    SHA-512:6029B1ED6A34CEB26968631F25055C6A82E1A1CF4318F31E4621A73C710AB4F1E5E0162C417228D2933EACBC574E2537DABD3E12E94BD60E285AC3F302F7F626
                                                    Malicious:false
                                                    Preview://window.onload = function(){.. // getRem(750,100)..//};..//window.onresize = function(){.. // getRem(750,100)..//};..//function getRem(pwidth,prem){.. // var html = document.getElementsByTagName("html")[0];.. // var oWidth = document.body.clientWidth || document.documentElement.clientWidth;.. // html.style.fontSize = oWidth/pwidth*prem + "px";..//}......function sm(){.. //..html.... var psd = 750;.. var html = document.getElementsByTagName('html')[0]; .. //............. var w = document.documentElement.clientWidth || document.body.clientWidth;.. //750................................... html.style.fontSize = w / psd * 100+ "px";..}.. ../*.....*/..if(navigator.userAgent.match(/(iPhone|iPod|Android|ios)/i)) {.. //.... sm();.. $(window).resize(function(){.. sm();.. })..} else {.. //.... $("html").css("fontSize","");..}
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 750x369, components 3
                                                    Category:dropped
                                                    Size (bytes):178408
                                                    Entropy (8bit):7.932182929230914
                                                    Encrypted:false
                                                    SSDEEP:3072:m/AOtbG8fi00u44OOLX9FU8npWt8t6q8xQsX4IPaLz5E9PY2j:KAOtbGwis44OOLNFbn4t3jxQsX4jFX2j
                                                    MD5:DA3C6244239A7E7B04B85F474ADE6745
                                                    SHA1:89E7E99B7577267FEADC1FA5C4226AD4D27FD046
                                                    SHA-256:5C23897AADD37EB771CFE49A9328A53CA0903E58F82DD33F2F42E752986014A1
                                                    SHA-512:B1AA3B7E0FFFB28FDFBAB6555E18E7FAB9C73BDCCE8AD2AC4FC34F75DB4DEED9C638A2E83AA719C66C61CA5C53FE3ED357B56D3A782EE79A0518A6BA085F12FE
                                                    Malicious:false
                                                    Preview:......JFIF.............C....................................................................C.......................................................................q...."...........................................].......................!..1...."AQ.a.2q.#B..3R...$r..%456bt.....78CDsuvw....&'....(ST....9...................................M.....................!1...A.Qa.."q..2....B...#r....34R.$bs.CSt.....%6c.5DT.............?...V... ..L..9.......M#n..J`..h.#.8...1$q.EIaT.%.dBA.C.........zP.XH.h.%EGh..g.fq....H...W.mk....{.L~|.....R.. ..%<r..B.$.T@0`...N..I.g.q&.2~.. ....K.....).&$."'...GG..%..t..8 .....H...t....jr..i^vv.Yq........H.=.)....y...A..d..& .>fq.......c.6.>.9..g$...v.g...b=...<...'.=.iZDLL...;.u.6..}.. ....g.B9.$.p5...s..2DG....{..j..#.H.......&3#.`kv...a..H..~.H.x..."+@..D....a.L..T..z..7...EEA...G.|.1..&bb:...3$.A..$..3....J........Ds.A.x.. dj,...H..c.&&=.....M*I#H...P...9.06.v..K. ...8J!.....'.s.....?.@k..y$.$..1...3....d..`80>r...B...r.d.z.4..D....zN`
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):506
                                                    Entropy (8bit):7.450764337315211
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iErL9jWI7Mp3T6Ux5sAQaz+7elxgkaxyQp0pglQZt8b8fa9:0nZMpmUvnta7cfaxyU+glE+9
                                                    MD5:61AEFFAED2A151B2D76F04EAEA74AC34
                                                    SHA1:93F9B461A594AE2775DAE30ADA9A596CC99AF6C9
                                                    SHA-256:BBDB7113C3313CE14B8CDA2CE59B9F512DB054AED5F1D5135A4D30AB2AF63FF8
                                                    SHA-512:EEE824ED441922633E2BC711BC4C860386ED9921A083AA1954CCC207391F1866F31EF46FBF31523242AE4A7A32E3A38DB9212A902E87BC071C62A9D6B105443A
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.....................sRGB.........IDAT8O..=.Ma...g|."....0H.Z4DE...T.bh$.TB..*.^#..H..... ..SL|...d.r].^.799...{...Z.>......L.o...8..X.su......_.~.m8..X......9...p..19.0..c5>.......n5...3...;...u."SZm].......]x..8.......i..........+..,....r1`.Z.g8....K....l..<.G..S..[..W..\./8Q`I.r.4..!.Z..t......9..,.c#..~q>+.v6...2fp.gJ.t.NL'..H....N,..<.5v..|..0_'..,.d..#.>l(.>`}.........a:.......!..we..2.7...L%wM.A.']d_r.}....1..q....,Z..N.fP...n.Y....' .O......iMQ.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (10375)
                                                    Category:dropped
                                                    Size (bytes):266519
                                                    Entropy (8bit):5.8414467801797
                                                    Encrypted:false
                                                    SSDEEP:3072:kOnCuQiHY3YPxfeRsPDprvJL+bYUk0xT8/ipPe72XdbkSs7IdN8F29sgY7OH:43yxttkFpGYdbkSII
                                                    MD5:5F380B54EFC2FD09AB947D87F05ED7C9
                                                    SHA1:7C1BC541B437A40E0619A672886461884BA57D50
                                                    SHA-256:33759EC253BA4ACE69550EDE47CF43C74A2B5FAACC35CE34CBD1FD773575AFB3
                                                    SHA-512:AEF1EE9A77DDCF731D495C2EC4956CB40CABB231F98D8A709E2E3B972A59C05CB3B8D04B35ECFE01F4B42FB96665D5E67A2BB1D30E4284A6B3D16A2C7DD1F82B
                                                    Malicious:false
                                                    Preview:/*.......ckplayer.......X1.......niandeng.........--------------------------------------------------------------------------------------------------------------------...................javascript(js).actionscript3.0(as3.0)(as3.0....flashplayer.............)................HTML5-VIDEO(..)..FlashPlayer..--------------------------------------------------------------------------------------------------------------------.............1.flashls-..=====================================================================================================================.*/.function ckplayerConfig() {..return {...flashvars: {},//....flashvars.......languagePath: '',//..........stylePath: '',//..........config: {....fullInteractive: true,//............delay: 30,//.........
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, baseline, precision 8, 1920x637, components 3
                                                    Category:downloaded
                                                    Size (bytes):401943
                                                    Entropy (8bit):7.978043142625089
                                                    Encrypted:false
                                                    SSDEEP:12288:HiY4nBcf32AzJ0HNCq4JHP44HpgZeVOoGi:HVlHWCJHP4dZe/
                                                    MD5:9EF8ECB66E8948058E98620FD5E5FB64
                                                    SHA1:57FE3FF6B93D23B65E80AF749F60DD060DFE9EF8
                                                    SHA-256:106992B7AD0395A9D637F6D1E09784DA69C6A123B41E401C045F7ED890CF0FFB
                                                    SHA-512:DE3A2906B28BB393578FE73FD854AA9EAAFCD4308960008ADCEDF45FA4169863355DD2CC5C2C40081C3B05B7CDD0C9B0750B1F9F81F96CBDAE9BA8DA6EE624D2
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/filemanager/1182833234/picture/202312/06ed63a369a5407f9c57fbba9369a9a2.jpg
                                                    Preview:..................................................................................................................................................Adobe.d...........}............................................................................................!...1.AQ.."aq2......B....#..$R.3br..%C...45STf....6DFdu.......&EUVst.......Gceg..'W.........................!1..AQ..aq......"....2r..34BRbc...#S...$CD..d.T..%.............?.WCAB..%...-l4T...$..H.y......Xzm.n1...^..b1.UY%'...E_.............._..7....~E?i...{..Pr...e..L..=F...o.P..*...5../{4r..'.4..........~......W..i...{.AC...S....z[.y........*.._.}.....f}.....;.4...S...?Wa..C..........F....J...6..;.........U...j..n^.k.n_..L..X.-...~.....W./.......|..&wH..I<.........*.._...W.r.._.r......}...|?\......U...j..n^.o.n_?..............7....~B.M_........F....6.......o.P..*..............T...M....]p~......W./......P...T....o.i........U...j..n^.g.(?.*}..H./.F...o.P..*...5../{3..?..>..i..F..../....~A............o..9.....v..T
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 400 x 408, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):653599
                                                    Entropy (8bit):3.6009469680309523
                                                    Encrypted:false
                                                    SSDEEP:6144:SvGk1Ns+VOiiU18GOgSEbFXe0qNu1Jqmk6pcpMc9sWxC/UTCCO+EMCUNXCCVCbWW:ohNsIBCGOgSEdxqNwI2WV/Mz
                                                    MD5:EB8FF96E4A7508DD9E9542A12CCF7A55
                                                    SHA1:634946BFF455EFB9C030D58C1E464AE667126EE8
                                                    SHA-256:A26D361B2DC9A87FAE4E9E47D6EBA9F84436F164D3F7E9DF3322B44F40E31E77
                                                    SHA-512:0E3C820B5FBA1AEB7D81CBA6CA72A861F672A6174BAE2D5129DCF1D54012A84DF3D40BF723230BB9D3F3EB92324506107BD94253291FE5FA7A069206B6E3289A
                                                    Malicious:false
                                                    Preview:.PNG........IHDR.............l.....IDATx..U..|........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):2300
                                                    Entropy (8bit):4.68357507948936
                                                    Encrypted:false
                                                    SSDEEP:48:cPDEBlFBWhKS+zJN/v+oKIZHBwFdlSBbm/EFHVR:QEBPBYKxzJNnEIJBsbSBbmAR
                                                    MD5:09003B99A664EEF6A1513C4EB35BD352
                                                    SHA1:5541953023981FB3A0BB072C2CEA0F2FA9A70237
                                                    SHA-256:C89AE452EC3CD4E3A6843C26ECCC2FAFE1380DD8352F810E21E6C0EDCBA4F28C
                                                    SHA-512:BA20BB8DD163248BC1B4671E486CCDD48369822BE7BC299FED897DE32B1D773A020C89686BBDE21294AFFA604D4F77EFAC6B9783248D780E17DFA731F0D7776D
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg width="48px" height="48px" viewBox="0 0 48 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>share_friend</title>. <g id="..-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="share_friend" fill-rule="nonzero">. <circle id="..." fill="#0266B3" cx="29.2" cy="13.4" r="1.9"></circle>. <circle id="..." fill="#0266B3" cx="29.2" cy="31.5" r="4.1"></circle>. <path d="M24,0.5 C11,0.5 0.5,11 0.5,24 C0.5,37 11,47.5 24,47.5 C37,47.5 47.5,37 47.5,24 C47.5,11 37,0.5 24,0.5 Z M29.2,37.5 C25.8,37.5 23.1,34.8 23.1,31.4 C23.1,30.6 23.3,29.8 23.6,29 L19,25.4 C18.3,25.9 17.4,26.2 16.4,26.2 C13.9,26.2 11.8,24.1 11.8,21.6 C11.8,19.1 13.9,17 16.4,17 C17.7,17 18.9,17.5 19.7,18.4 L25.4,14.4 C25.3,14.1 25.2,13.7 25.2,13.4 C25.2,11.2 27,9.5 29.1,9.5 C31.2,9.5 33,11.3 33,13.4 C33,15.6 31.2,17.3 29.1,17.3 C28,17.3 27.1,16.9 26.4,16
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):643
                                                    Entropy (8bit):7.588902211909661
                                                    Encrypted:false
                                                    SSDEEP:12:6v/7iPF0ETODcT2xF6+1ey5hSjkiebnioueozxhGZ5BY9cHukXjMn5sWoc:/L0cTMFhQy54wieW3V8hBHu3n5sWoc
                                                    MD5:F56221BD644BFFE7F232DB474683A052
                                                    SHA1:4A2DD6DFC429967D6EE8BA89AF840972E801D89E
                                                    SHA-256:08755A87899DE8AB92B401C77F00D0FE34CAB4349012939CDEB45DC49EA6DD10
                                                    SHA-512:B0B8B8DBAF177EA66C22256D214E28947EB64B0E14FB46F0E1CA156B19BF9D6A87E9B77B20446D49584EE351ECCC7EFCAEF3AA2AD85B4B580B2669E43C934C00
                                                    Malicious:false
                                                    URL:https://www.ccic.com/cms_files/webzhongjian/tplobject/defaultSet/NuDBPcwEPqt7G2RJ51Rsz/images/zjyw_icon_09.png
                                                    Preview:.PNG........IHDR.....................sRGB........=IDAT8O..K..i....g..r6J..&.Y.;.#.1. ..Y....d..lHLYLSfaG..M3.iV...2.F,....0.......<.............xY....=...+5.}...?&a.>....[h1o....f9}6.c....)...................2.c.~....#M..`.7..~..X....G...3X..UQ._v3...6...p.Fm..b.Sw...ftj]...x..u@7..b=....u=..`L%......w+$..o>>.b..o...;....i.&.y.+~>6...(.az...E.k.".`,..0....&c...;....] {.....C$.O......sX.....Na......K}....L.`.p ..0.`a.~.'.e.Z0'....O.k.n.V'....z........q..Gb..a#~h........Q{P..p..$.......@.-.Vr...\..#.d.3n........9.-.L.....-....W...}SA.&kP.......%.g.4.6.{...0..b..d.b.^......t3..o.SQ...t.^...3,o\..........X....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit gray+alpha, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):246
                                                    Entropy (8bit):6.752080850050576
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPO65Q0UHaS0c0hn6mjjEFNvGFRjr6Zo6JRy3EvtRSabhup:6v/7PrU62kbjj4Qv67RNvtRSabhc
                                                    MD5:C270B41D7A0FF9892BA9AC67D789A841
                                                    SHA1:B1EAE4614FB964B6D0483F114F3DD2B49EC1B64A
                                                    SHA-256:8722C44457C51F5090545306B32627B6907ACE334E615BB5EBA264E7AEBA1B18
                                                    SHA-512:C95C2D441112D6CE18C021962897F7ADA7E0CC66A3C536AB5D668DEB22BA643A607FFA6BFFB83BCC9614D80765D30A5DD519A340AD6DE8A14825311FA2311881
                                                    Malicious:false
                                                    URL:http://baogao.ccicshanghai.com/static/pdf/web/images/toolbarButton-pageUp.png
                                                    Preview:.PNG........IHDR...............7.....IDATx...1..@...i,,s..`a..-,-..x.[.[....FTP...!..$...$M...K\..f.?...?.Hl.[..E...R....%..J...........qM._...W../"...p1.._..g.}...t....-..R.h.9.Z1)....l.U....B...5+......T....?iIC...!........IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):129
                                                    Entropy (8bit):4.4409356272066605
                                                    Encrypted:false
                                                    SSDEEP:3:wLGXatBekQKJKoucMmFFoUsZwEkkpWzAXNMv/F3Qp:wLGkcZ57mF6VZFAAA/Rg
                                                    MD5:116037773031FE0EAF2A70D836C8FE7F
                                                    SHA1:1B95F580E192529A22C8E83123AB11C07921C305
                                                    SHA-256:264FD3849E351FADBD060418AB6F84E0900DAFBC338B53C1C23424DA746F4689
                                                    SHA-512:132C01404882795C25505A4E5AE9309C0ABCF24D41F08C9C05F25A9B5850F3A5E5B2486CE33CC09E67B0B33C555D711D259380176413039C962CA864C0D2F649
                                                    Malicious:false
                                                    URL:https://www.ccic.com/plugins/libs/video/videoLoad.js
                                                    Preview:$(function () {. if ($('.edui-upload-video')) {. require(['video', 'ckplayer'], function(e) {. e.handler(). }). }.})
                                                    File type:Microsoft Word 2007+
                                                    Entropy (8bit):7.984841246762619
                                                    TrID:
                                                    • Word Microsoft Office Open XML Format document (49504/1) 58.23%
                                                    • Word Microsoft Office Open XML Format document (27504/1) 32.35%
                                                    • ZIP compressed archive (8000/1) 9.41%
                                                    File name:020240418124331.docx.doc
                                                    File size:498'193 bytes
                                                    MD5:790bcad57557fe17f34bcc35a3701cc4
                                                    SHA1:926880f65af3f68e4188caf678bfed146fea21c2
                                                    SHA256:e260ae45ce1f11f1af67bb14546ac89f3a69b13242d0817c4c685130eb6f26d8
                                                    SHA512:d25e39219fa030ab798e3d32bf832e7f922faf979cff7b66d5485f435974e406ed59326b39de9306b955a675fecc15c8e5f21cf01900ea4d366ac9017c1d36b1
                                                    SSDEEP:12288:QFiOYjXLD1I6az0NEXbny/YVnSbT77gH4UCbG:QFiOM7hfazXrnFnSbTYd
                                                    TLSH:38B423279833E959D729D23D85208E885B13060859A73B3F9CB132CEBBD8C6F2B6455D
                                                    File Content Preview:PK..........!..._.............[Content_Types].xml ...(.........................................................................................................................................................................................................
                                                    Icon Hash:35e1cc889a8a8599
                                                    Document Type:OpenXML
                                                    Number of OLE Files:1
                                                    Has Summary Info:
                                                    Application Name:
                                                    Encrypted Document:False
                                                    Contains Word Document Stream:True
                                                    Contains Workbook/Book Stream:False
                                                    Contains PowerPoint Document Stream:False
                                                    Contains Visio Document Stream:False
                                                    Contains ObjectPool Stream:False
                                                    Flash Objects Count:0
                                                    Contains VBA Macros:False
                                                    Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                    Click to jump to process

                                                    Click to jump to process

                                                    Click to dive into process behavior distribution

                                                    Click to jump to process

                                                    Target ID:0
                                                    Start time:03:33:00
                                                    Start date:20/11/2024
                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
                                                    Imagebase:0x70000
                                                    File size:1'620'872 bytes
                                                    MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Target ID:5
                                                    Start time:03:33:08
                                                    Start date:20/11/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://baogao.ccicshanghai.com/view/20240402/W242401214-83991
                                                    Imagebase:0x7ff76e190000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Target ID:6
                                                    Start time:03:33:08
                                                    Start date:20/11/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2016,i,16910823210293738924,5174204799576153986,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                    Imagebase:0x7ff76e190000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Target ID:10
                                                    Start time:03:33:35
                                                    Start date:20/11/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                    Imagebase:0x7ff76e190000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    Target ID:11
                                                    Start time:03:33:35
                                                    Start date:20/11/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2096,i,8937526910356783107,11550219263511758725,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                    Imagebase:0x7ff76e190000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    Target ID:12
                                                    Start time:03:33:37
                                                    Start date:20/11/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.ccic.com/"
                                                    Imagebase:0x7ff76e190000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Target ID:15
                                                    Start time:03:36:04
                                                    Start date:20/11/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://weixin.qq.com/r/kxEjO1vEOwZErR9Y90SB
                                                    Imagebase:0x7ff76e190000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Target ID:16
                                                    Start time:03:36:04
                                                    Start date:20/11/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://weixin.qq.com/r/wz_MlHnERSQ6rT3392rR
                                                    Imagebase:0x7ff76e190000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Target ID:17
                                                    Start time:03:36:04
                                                    Start date:20/11/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1984,i,14876504007188476738,5328115991739676396,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                    Imagebase:0x7ff76e190000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Target ID:18
                                                    Start time:03:36:04
                                                    Start date:20/11/2024
                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1892,i,11478893464120772669,5133136583976172787,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                    Imagebase:0x7ff76e190000
                                                    File size:3'242'272 bytes
                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    No disassembly